Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware sending hotmail email


  • This topic is locked This topic is locked
50 replies to this topic

#1 Edio Ilha

Edio Ilha

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 22 April 2011 - 12:58 PM

Hi Guys,

This is my first post, so I dont want to be wrong.
I have read the firts steps and I think Im doing right.
First of all,I dont Speak much English. sorry about that.

I have some Prague, It is sending emails as it was me.
Also I cant change my Home Page.


This is the logs that I have.

DDS
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Glenio at 9:32:29.36 on Fri 04/22/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1646 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\igfxsrvc.exe
C:\PROGRA~2\Bandoo\Bandoo.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k HPService
C:\windows\System32\alg.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\igfxext.exe
C:\PROGRA~2\Bandoo\BndCore.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Glenio\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [cdloader] "C:\Users\Glenio\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
StartupFolder: C:\Users\Glenio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
AppInit_DLLs: c:\progra~2\wia6eb~1\datamngr\datamngr.dll c:\progra~2\wia6eb~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] "C:\windows\system32\igfxtray.exe"
mRun-x64: [HotKeysCmds] "C:\windows\system32\hkcmd.exe"
mRun-x64: [Persistence] "C:\windows\system32\igfxpers.exe"
mRun-x64: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
AppInit_DLLs-X64: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-11 55280]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-1-11 482384]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-5-8 229376]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-2-16 57120]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-1-11 9216]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-2-25 76288]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-1-11 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-11 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-1-11 943616]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-18 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-2-11 359040]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-2-11 62976]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-6-8 124224]
S3 cm_net;C-motech USB Network Adapter Drivers;C:\Windows\System32\drivers\cm_net.sys [2010-3-18 133120]
S3 cm_ser;C-motech USB Data Modem Driver;C:\Windows\System32\drivers\cm_ser.sys [2010-3-18 118272]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-2-25 114560]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2011-2-25 79360]
S3 NUMARK_NC06;Numark MixDeck USB driver;C:\Windows\System32\drivers\nc06_usb.sys [2010-12-9 389696]
S3 NUMARK_NC06_MIDI;Numark MixDeck WDM MIDI Device;C:\Windows\System32\drivers\nc06midi.sys [2010-12-9 31296]
S3 NUMARK_NC06_WDM;Numark MixDeck WDM;C:\Windows\System32\drivers\nc06_wdm.sys [2010-12-9 49728]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-6-8 43032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-11 222208]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-1-11 51512]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-04-22 15:49:41 -------- d-----w- C:\Users\Glenio\AppData\Local\{9B916BF5-3C7F-41DC-A8DA-516F4FC79394}
2011-04-21 22:56:18 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{5A76F64B-65BC-426D-8942-45FFD92CA0EC}\mpengine.dll
2011-04-21 22:32:18 -------- d-----w- C:\Users\Glenio\AppData\Local\{FDCEE329-2D49-465A-A57E-8769A33C835C}
2011-04-21 22:32:03 -------- d-----w- C:\Users\Glenio\AppData\Local\{0D70AEE3-033D-4788-965F-1A96996CA22D}
2011-04-20 17:31:03 -------- d-----w- C:\Users\Glenio\AppData\Local\{4F50E4DE-00C7-4AF0-B26A-D413C330E38F}
2011-04-20 17:30:49 -------- d-----w- C:\Users\Glenio\AppData\Local\{1DEE3317-84DE-4727-A2BB-0714796CB709}
2011-04-19 19:01:33 -------- d-----w- C:\Users\Glenio\AppData\Local\{50DDC6E0-F372-41AE-BB59-F54E34BF3787}
2011-04-19 19:01:03 -------- d-----w- C:\Users\Glenio\AppData\Local\{3DC8FEE1-F8B8-4612-9919-62E90F48BAC7}
2011-04-18 15:52:15 -------- d-----w- C:\Users\Glenio\AppData\Local\{41B6AC0D-129C-4C4A-B54C-EA0199D2681B}
2011-04-18 15:48:18 -------- d-----w- C:\Users\Glenio\AppData\Local\{7025759D-9AA7-4C3C-9365-CB9A320B2281}
2011-04-18 02:06:56 -------- d-----w- C:\Users\Glenio\AppData\Roaming\Malwarebytes
2011-04-18 02:06:51 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-18 02:06:50 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-18 02:06:47 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-04-18 02:06:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-18 02:03:12 -------- d-----w- C:\LinhaDefensiva
2011-04-18 02:00:00 -------- d-----w- C:\HijackThis
2011-04-18 01:59:24 -------- d-----w- C:\Users\Glenio\AppData\Local\{1511E95F-08AF-40BF-BC24-91F12B982D86}
2011-04-18 01:59:07 -------- d-----w- C:\Users\Glenio\AppData\Local\{AA8CD840-9969-47B8-B374-EAE3D2A81AC7}
2011-04-16 17:55:39 -------- d-----w- C:\Users\Glenio\AppData\Local\{B4CE7DC4-3A0F-4E47-B3A8-58791CCFA8E7}
2011-04-16 17:55:23 -------- d-----w- C:\Users\Glenio\AppData\Local\{265EE5D1-AE08-4807-9F80-C59A2C45D51F}
2011-04-16 17:48:56 -------- d-----w- C:\Users\Glenio\AppData\Local\{26E430E6-5463-4693-9769-005A4FCE5EB6}
2011-04-15 15:11:49 -------- d-----w- C:\Users\Glenio\AppData\Local\{1BA0D757-F874-43D5-8094-60588E67D928}
2011-04-15 15:07:59 -------- d-----w- C:\Users\Glenio\AppData\Local\{71C1A154-360F-4804-B0CA-2C9D46EA547A}
2011-04-14 14:57:01 -------- d-----w- C:\Users\Glenio\AppData\Local\{7B5C0DAE-9B47-478F-BF1F-FB6CCEC7A4BA}
2011-04-14 14:56:50 -------- d-----w- C:\Users\Glenio\AppData\Local\{CEDCFCB9-8F3A-4ED3-9F9D-C37E94D0F0CE}
2011-04-14 14:56:38 -------- d-----w- C:\Users\Glenio\AppData\Local\{FE2B5591-E197-4D9D-9CED-D68FD244DC5F}
2011-04-14 02:55:42 -------- d-----w- C:\Users\Glenio\AppData\Local\{69F8BEBC-FCDE-469D-BAF3-E5A3DE512A6A}
2011-04-14 02:55:30 -------- d-----w- C:\Users\Glenio\AppData\Local\{C16E8D26-00C5-4E86-9323-957BEA469CCC}
2011-04-14 02:55:18 -------- d-----w- C:\Users\Glenio\AppData\Local\{69C08C5D-C610-4986-807C-04FE8DE19FE8}
2011-04-14 02:28:18 182272 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-04-14 02:28:17 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-04-14 02:28:16 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-04-14 02:26:20 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-04-14 02:26:19 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-04-14 02:26:06 603976 ----a-w- C:\windows\System32\winload.exe
2011-04-14 02:26:05 640896 ----a-w- C:\windows\System32\winload.efi
2011-04-14 02:26:05 518160 ----a-w- C:\windows\System32\winresume.exe
2011-04-14 02:26:05 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-04-14 02:26:04 556928 ----a-w- C:\windows\System32\winresume.efi
2011-04-14 02:26:04 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-04-14 02:26:04 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-04-14 02:25:11 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-04-14 02:25:00 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-04-14 02:25:00 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-04-14 02:25:00 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-04-14 02:25:00 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-04-13 17:05:35 159080 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-13 14:54:32 -------- d-----w- C:\Users\Glenio\AppData\Local\{A004CDB6-2FA9-4D23-9BEE-D1E4868EF017}
2011-04-12 23:08:40 -------- d-----w- C:\Users\Glenio\AppData\Local\{F58E1CDE-D61A-4936-B94E-DAACF8C89859}
2011-04-12 23:08:24 -------- d-----w- C:\Users\Glenio\AppData\Local\{F5A8A810-F8F3-4734-BC65-70968254B996}
2011-04-11 15:40:07 -------- d-----w- C:\Users\Glenio\AppData\Local\{52884D05-C07D-4400-A142-4CDBB2029AA2}
2011-04-11 15:39:54 -------- d-----w- C:\Users\Glenio\AppData\Local\{6750F584-5AE1-4B29-900A-37624C9DC2B3}
2011-04-09 15:06:58 -------- d-----w- C:\Users\Glenio\AppData\Local\{2725E59C-636C-4C96-AD31-538514505D87}
2011-04-09 15:06:43 -------- d-----w- C:\Users\Glenio\AppData\Local\{D206DA1A-6E95-4C0F-A705-D58FDC878CAA}
2011-04-09 01:46:15 -------- d-----w- C:\Users\Glenio\AppData\Local\{5CD3E014-43D3-4617-A7FB-ED1FF2B316E6}
2011-04-09 01:45:44 -------- d-----w- C:\Users\Glenio\AppData\Local\{9CEC2A73-5E74-4622-B4EE-88ABF0A94A25}
2011-04-08 03:50:12 -------- d-----w- C:\Users\Glenio\AppData\Local\{6317CD4E-D9D7-4586-8A20-16BF38D72766}
2011-04-08 03:50:00 -------- d-----w- C:\Users\Glenio\AppData\Local\{1707A496-AE1F-4809-A4C1-8E7CBF966B32}
2011-04-07 15:49:23 -------- d-----w- C:\Users\Glenio\AppData\Local\{EC41D2D3-80CD-49C2-A2E5-231B45E749CD}
2011-04-06 15:26:46 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{2E6C1663-78A7-4FD1-8082-6DD8008E0EC6}\gapaengine.dll
2011-04-06 15:19:29 -------- d-----w- C:\Program Files (x86)\Windows Searchqu Toolbar
2011-04-06 15:18:58 1524112 ----a-w- C:\windows\SysWow64\bandoolmx.dll
2011-04-06 15:11:42 -------- d-----w- C:\Users\Glenio\AppData\Local\{E01F86D5-D246-4466-B4A4-409337D3EB76}
2011-04-06 15:11:15 -------- d-----w- C:\Users\Glenio\AppData\Local\{D4DBB297-E2A0-475C-B903-CAF8B2634E65}
2011-04-05 15:29:00 -------- d-----w- C:\Users\Glenio\AppData\Local\{B25B8595-DA29-4CF5-89EB-232D7E3808B5}
2011-04-05 15:28:28 -------- d-----w- C:\Users\Glenio\AppData\Local\{07C33D27-898D-4047-B51C-B659AC1A019F}
2011-04-04 23:19:31 -------- d-----w- C:\Users\Glenio\AppData\Local\{8938288C-7856-4BDE-AC36-B72C849C42CB}
2011-04-04 23:19:16 -------- d-----w- C:\Users\Glenio\AppData\Local\{5405BB46-26A9-4AFB-8734-3BF074AA328C}
2011-04-02 16:05:50 -------- d-----w- C:\Users\Glenio\AppData\Local\{A704802F-C75E-4B6F-B8DB-942E6ECEE73F}
2011-04-02 16:05:38 -------- d-----w- C:\Users\Glenio\AppData\Local\{B9DDEB4C-880A-494F-B440-6E9D13D979DF}
2011-04-01 22:45:39 -------- d-----w- C:\Users\Glenio\AppData\Local\{994504F1-46EC-4846-8F5A-A52F74AC16A5}
2011-04-01 22:45:12 -------- d-----w- C:\Users\Glenio\AppData\Local\{2DAFAC37-A5C6-4F16-9A2B-C6E347B96DCE}
2011-03-25 13:27:07 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
==================== Find3M ====================
.
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-03 03:58:32 3133440 ----a-w- C:\windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-02-03 05:40:23 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
.
============= FINISH: 9:33:09.25 ===============


Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/16/2010 8:06:29 PM
System Uptime: 4/22/2011 9:09:00 AM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 175.566 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP233: 4/1/2011 3:55:22 PM - Windows Update
RP234: 4/2/2011 5:35:23 PM - Windows Update
RP235: 4/4/2011 4:30:02 PM - Windows Update
RP236: 4/6/2011 8:25:56 AM - Windows Update
RP237: 4/7/2011 9:01:04 AM - Windows Update
RP238: 4/8/2011 7:00:05 PM - Windows Update
RP239: 4/11/2011 8:50:23 AM - Windows Update
RP240: 4/12/2011 4:19:33 PM - Windows Update
RP241: 4/13/2011 10:28:11 PM - Windows Update
RP242: 4/14/2011 7:10:23 AM - Windows Update
RP243: 4/15/2011 8:18:43 AM - Windows Update
RP244: 4/16/2011 12:13:30 PM - Windows Update
RP245: 4/17/2011 7:09:35 PM - Windows Update
RP246: 4/19/2011 12:12:36 PM - Windows Update
RP247: 4/20/2011 11:48:57 AM - Windows Update
RP248: 4/20/2011 2:22:11 PM - Windows Update
RP249: 4/21/2011 3:55:45 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
6500_E709_eDocs
6500_E709_Help
6500_E709n
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Software Update
Ask.com Toolbar
Bandoo
Best Buy Software Installer
Bing Bar
BlackBerry Desktop Software 6.0
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Compatibility Pack for the 2007 Office system
Conduit Engine
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
Fax
Foxit Reader
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hotfix for Office (KB975927)
HP Update
HPProductAssistant
HPSSupply
InstaForm Invoices & Estimates Pro
J2SE Runtime Environment 5.0 Update 12
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
magicJack
Malwarebytes' Anti-Malware
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor
ProductContext
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Socrates Media Product Browser
SolutionCenter
SPECTRUM OneClick Console
Status
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TrayApp
Unknown Device Identifier 7.00
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VIVO INTERNET
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Searchqu Toolbar
WorldUnlock Codes Calculator
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/22/2011 8:49:12 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0

bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an

internal error.
4/21/2011 3:31:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for

the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
4/20/2011 6:26:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for

the NIHardwareService service to connect.
4/20/2011 6:26:07 PM, Error: Service Control Manager [7000] - The NIHardwareService service failed to start due to the

following error: The service did not respond to the start or control request in a timely fashion.
4/20/2011 2:10:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for

the Windows Live ID Sign-in Assistant service to connect.
4/20/2011 2:10:49 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to

start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/17/2011 7:05:38 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done

this 2 time(s).
4/17/2011 7:05:36 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done

this 1 time(s).
4/17/2011 7:05:36 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated

unexpectedly. It has done this 1 time(s).
4/17/2011 7:05:35 PM, Error: Service Control Manager [7034] - The DCService.exe service terminated unexpectedly. It has

done this 1 time(s).
4/15/2011 5:25:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do

not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F}

and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Glenio-PC\Glenio SID (S-1-5-21-3526633145-1563201368-

1473507783-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services

administrative tool.
4/15/2011 5:25:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do

not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF}

and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Glenio-PC\Glenio SID (S-1-5-21-3526633145-1563201368-

1473507783-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services

administrative tool.
.
==== End Of File ===========================

Ark

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-22 10:48:36
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows Live\Companion\guga_ilha99@hotmail.com@3b9ffce3801be45544d5b86ac78667e5\r\n 0x7E 0xBC 0xA5 0x79 ...

---- EOF - GMER 1.0.15 ----

Tnx for now.

EdioIlha

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:13 PM

Posted 01 May 2011 - 04:19 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 01 May 2011 - 06:06 PM

Hi Elise,

Thank you for helping me.

My computer is slow, and sending emails to my contacts, also I cant change the default IE new tab. it is http://www.searchqu.com/ now and I cant change it.

Thank you for helping me. I really need your help. I apreciate it.


DDS.txt

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Glenio at 15:55:52.91 on Sun 05/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1407 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\windows\system32\SearchIndexer.exe
C:\PROGRA~2\Bandoo\Bandoo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\taskhost.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\Bandoo\BndCore.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Glenio\Downloads\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo0.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin1.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo0.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo0.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [cdloader] "C:\Users\Glenio\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
StartupFolder: C:\Users\Glenio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
AppInit_DLLs: c:\progra~2\wia6eb~1\datamngr\datamngr.dll c:\progra~2\wia6eb~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] "C:\windows\system32\igfxtray.exe"
mRun-x64: [HotKeysCmds] "C:\windows\system32\hkcmd.exe"
mRun-x64: [Persistence] "C:\windows\system32\igfxpers.exe"
mRun-x64: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
AppInit_DLLs-X64: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-11 55280]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-1-11 482384]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-5-8 229376]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-2-16 57120]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-1-11 9216]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-2-25 76288]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-1-11 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-11 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-1-11 943616]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-18 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-2-11 359040]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-2-11 62976]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-6-8 124224]
S3 cm_net;C-motech USB Network Adapter Drivers;C:\Windows\System32\drivers\cm_net.sys [2010-3-18 133120]
S3 cm_ser;C-motech USB Data Modem Driver;C:\Windows\System32\drivers\cm_ser.sys [2010-3-18 118272]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-2-25 114560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-18 135664]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2011-2-25 79360]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 NUMARK_NC06;Numark MixDeck USB driver;C:\Windows\System32\drivers\nc06_usb.sys [2010-12-9 389696]
S3 NUMARK_NC06_MIDI;Numark MixDeck WDM MIDI Device;C:\Windows\System32\drivers\nc06midi.sys [2010-12-9 31296]
S3 NUMARK_NC06_WDM;Numark MixDeck WDM;C:\Windows\System32\drivers\nc06_wdm.sys [2010-12-9 49728]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-6-8 43032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-11 222208]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-1-11 51512]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-27 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-01 16:57:42 -------- d-----w- C:\LFS
2011-05-01 16:46:20 -------- d-----w- C:\Users\Glenio\AppData\Local\{0D403032-7BE5-4B9F-B08D-8DF773D7400D}
2011-05-01 16:46:09 -------- d-----w- C:\Users\Glenio\AppData\Local\{ADAFD69C-149A-4BE0-B338-7105E8ECB47F}
2011-05-01 05:05:47 -------- d-----w- C:\LFS2_0.5_Z28_Keygen
2011-05-01 02:52:23 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{3AFBDC55-4552-462D-8F52-AD11BDB6BB1A}\mpengine.dll
2011-05-01 02:26:51 -------- d-----w- C:\Users\Glenio\AppData\Local\{D88E2C18-F31A-42A5-9F17-95AD20CEFC44}
2011-05-01 02:26:38 -------- d-----w- C:\Users\Glenio\AppData\Local\{5F3A241A-7936-45C9-9218-168A62C27004}
2011-04-30 14:25:51 -------- d-----w- C:\Users\Glenio\AppData\Local\{47871898-988C-442A-A359-1D0117205D5D}
2011-04-30 14:25:35 -------- d-----w- C:\Users\Glenio\AppData\Local\{9A15EE77-316E-4061-82FC-2E77AE6451BB}
2011-04-29 15:30:24 -------- d-----w- C:\Users\Glenio\AppData\Local\{2F627C7B-DF14-48E1-9914-C83E2A5917AD}
2011-04-29 15:30:13 -------- d-----w- C:\Users\Glenio\AppData\Local\{3564D4C8-1292-478F-B32D-935049D07576}
2011-04-29 03:29:25 -------- d-----w- C:\Users\Glenio\AppData\Local\{7C3E498B-DF07-42C9-86C8-06D72AFBEF13}
2011-04-29 03:29:14 -------- d-----w- C:\Users\Glenio\AppData\Local\{CCB7546E-3DBF-47D4-B131-E5E37BAA04C6}
2011-04-29 03:29:02 -------- d-----w- C:\Users\Glenio\AppData\Local\{8CB288E4-E8FD-4133-8700-82252F3D8128}
2011-04-28 15:28:12 -------- d-----w- C:\Users\Glenio\AppData\Local\{30EC45F3-CA0A-4665-983F-A59757D82482}
2011-04-28 15:27:57 -------- d-----w- C:\Users\Glenio\AppData\Local\{056A0170-C083-4CCC-8385-8EE73F2A3DFD}
2011-04-27 17:42:09 2870272 ----a-w- C:\windows\explorer.exe
2011-04-27 17:42:08 2614784 ----a-w- C:\windows\SysWow64\explorer.exe
2011-04-27 17:42:06 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-04-27 17:42:06 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-04-27 17:41:28 2566144 ----a-w- C:\windows\System32\esent.dll
2011-04-27 17:41:28 1657216 ----a-w- C:\windows\System32\drivers\ntfs.sys
2011-04-27 17:41:27 1686016 ----a-w- C:\windows\SysWow64\esent.dll
2011-04-27 17:41:27 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2011-04-27 17:41:27 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2011-04-27 17:41:27 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2011-04-27 17:41:26 96768 ----a-w- C:\windows\System32\fsutil.exe
2011-04-27 17:41:26 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2011-04-27 17:41:26 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2011-04-27 17:41:26 187264 ----a-w- C:\windows\System32\drivers\storport.sys
2011-04-27 17:41:25 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2011-04-27 17:40:50 31232 ----a-w- C:\windows\SysWow64\prevhost.exe
2011-04-27 17:40:50 31232 ----a-w- C:\windows\System32\prevhost.exe
2011-04-27 17:21:21 -------- d-----w- C:\Users\Glenio\AppData\Local\{5903F826-9FF7-45FC-AD3E-AC912E1CF629}
2011-04-27 17:21:06 -------- d-----w- C:\Users\Glenio\AppData\Local\{F4928AE4-8BA2-4C7E-AC51-00903CF3A3DC}
2011-04-27 17:20:44 -------- d-----w- C:\Users\Glenio\AppData\Local\{43DA63BE-5192-46B0-A20A-93266BE6BD55}
2011-04-26 15:40:45 -------- d-----w- C:\Users\Glenio\AppData\Local\{28C9E17F-DFE5-46FB-B6C8-B5DC17180747}
2011-04-26 15:40:22 -------- d-----w- C:\Users\Glenio\AppData\Local\{AB419F16-0926-4E35-8C49-216D41075616}
2011-04-25 17:23:26 -------- d-----w- C:\Users\Glenio\AppData\Local\{8D18699A-E0D9-42BD-AFB6-74396801F062}
2011-04-25 17:22:54 -------- d-----w- C:\Users\Glenio\AppData\Local\{8BF0CD4B-4BB5-4F60-9460-027A769B1448}
2011-04-25 14:29:31 -------- d-----w- C:\Users\Glenio\AppData\Local\{855C3BA7-D4AA-4E7D-B2A8-FEE4E5CD6B3C}
2011-04-25 14:25:56 -------- d-----w- C:\Users\Glenio\AppData\Local\{528BD2C3-2E17-41FD-9BC2-EDC3FEA8EE9A}
2011-04-24 19:17:51 -------- d-----w- C:\Users\Glenio\AppData\Local\{860B5A81-3785-42AE-B818-990FBD6A0D45}
2011-04-24 19:17:31 -------- d-----w- C:\Users\Glenio\AppData\Local\{7CB29642-F1EB-4E70-AE96-9447649D4447}
2011-04-23 03:50:44 -------- d-----w- C:\Users\Glenio\AppData\Local\{F0F2A754-C724-45CB-AF50-94179466CE16}
2011-04-23 03:50:32 -------- d-----w- C:\Users\Glenio\AppData\Local\{12858AC2-77FC-464A-9E2C-EE01E62D1A82}
2011-04-22 20:03:12 -------- d-----w- C:\Users\Glenio\AppData\Local\NFS Underground 2
2011-04-22 19:58:37 -------- d-----w- C:\Program Files (x86)\EA GAMES
2011-04-22 18:27:59 469264 ----a-w- C:\windows\System32\d3dx10.dll
2011-04-22 18:26:14 103736 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2011-04-22 18:26:10 66872 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2011-04-22 18:20:51 -------- d-----w- C:\Program Files (x86)\Activision
2011-04-22 18:14:38 91568 ----a-w- C:\windows\System32\drivers\scdemu.sys
2011-04-22 18:14:38 -------- d-----w- C:\Program Files (x86)\PowerISO
2011-04-22 15:49:41 -------- d-----w- C:\Users\Glenio\AppData\Local\{9B916BF5-3C7F-41DC-A8DA-516F4FC79394}
2011-04-21 22:32:18 -------- d-----w- C:\Users\Glenio\AppData\Local\{FDCEE329-2D49-465A-A57E-8769A33C835C}
2011-04-21 22:32:03 -------- d-----w- C:\Users\Glenio\AppData\Local\{0D70AEE3-033D-4788-965F-1A96996CA22D}
2011-04-20 17:31:03 -------- d-----w- C:\Users\Glenio\AppData\Local\{4F50E4DE-00C7-4AF0-B26A-D413C330E38F}
2011-04-20 17:30:49 -------- d-----w- C:\Users\Glenio\AppData\Local\{1DEE3317-84DE-4727-A2BB-0714796CB709}
2011-04-19 19:01:33 -------- d-----w- C:\Users\Glenio\AppData\Local\{50DDC6E0-F372-41AE-BB59-F54E34BF3787}
2011-04-19 19:01:03 -------- d-----w- C:\Users\Glenio\AppData\Local\{3DC8FEE1-F8B8-4612-9919-62E90F48BAC7}
2011-04-18 15:52:15 -------- d-----w- C:\Users\Glenio\AppData\Local\{41B6AC0D-129C-4C4A-B54C-EA0199D2681B}
2011-04-18 15:48:18 -------- d-----w- C:\Users\Glenio\AppData\Local\{7025759D-9AA7-4C3C-9365-CB9A320B2281}
2011-04-18 02:06:56 -------- d-----w- C:\Users\Glenio\AppData\Roaming\Malwarebytes
2011-04-18 02:06:51 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-18 02:06:50 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-18 02:06:47 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-04-18 02:06:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-18 02:03:12 -------- d-----w- C:\LinhaDefensiva
2011-04-18 02:00:00 -------- d-----w- C:\HijackThis
2011-04-18 01:59:24 -------- d-----w- C:\Users\Glenio\AppData\Local\{1511E95F-08AF-40BF-BC24-91F12B982D86}
2011-04-18 01:59:07 -------- d-----w- C:\Users\Glenio\AppData\Local\{AA8CD840-9969-47B8-B374-EAE3D2A81AC7}
2011-04-16 17:55:39 -------- d-----w- C:\Users\Glenio\AppData\Local\{B4CE7DC4-3A0F-4E47-B3A8-58791CCFA8E7}
2011-04-16 17:55:23 -------- d-----w- C:\Users\Glenio\AppData\Local\{265EE5D1-AE08-4807-9F80-C59A2C45D51F}
2011-04-16 17:48:56 -------- d-----w- C:\Users\Glenio\AppData\Local\{26E430E6-5463-4693-9769-005A4FCE5EB6}
2011-04-15 15:11:49 -------- d-----w- C:\Users\Glenio\AppData\Local\{1BA0D757-F874-43D5-8094-60588E67D928}
2011-04-15 15:07:59 -------- d-----w- C:\Users\Glenio\AppData\Local\{71C1A154-360F-4804-B0CA-2C9D46EA547A}
2011-04-14 14:57:01 -------- d-----w- C:\Users\Glenio\AppData\Local\{7B5C0DAE-9B47-478F-BF1F-FB6CCEC7A4BA}
2011-04-14 14:56:50 -------- d-----w- C:\Users\Glenio\AppData\Local\{CEDCFCB9-8F3A-4ED3-9F9D-C37E94D0F0CE}
2011-04-14 14:56:38 -------- d-----w- C:\Users\Glenio\AppData\Local\{FE2B5591-E197-4D9D-9CED-D68FD244DC5F}
2011-04-14 02:55:42 -------- d-----w- C:\Users\Glenio\AppData\Local\{69F8BEBC-FCDE-469D-BAF3-E5A3DE512A6A}
2011-04-14 02:55:30 -------- d-----w- C:\Users\Glenio\AppData\Local\{C16E8D26-00C5-4E86-9323-957BEA469CCC}
2011-04-14 02:55:18 -------- d-----w- C:\Users\Glenio\AppData\Local\{69C08C5D-C610-4986-807C-04FE8DE19FE8}
2011-04-14 02:28:18 182272 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-04-14 02:28:17 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-04-14 02:28:16 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-04-14 02:26:20 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-04-14 02:26:19 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-04-14 02:26:06 603976 ----a-w- C:\windows\System32\winload.exe
2011-04-14 02:26:05 640896 ----a-w- C:\windows\System32\winload.efi
2011-04-14 02:26:05 518160 ----a-w- C:\windows\System32\winresume.exe
2011-04-14 02:26:05 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-04-14 02:26:04 556928 ----a-w- C:\windows\System32\winresume.efi
2011-04-14 02:26:04 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-04-14 02:26:04 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-04-14 02:25:11 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-04-14 02:25:00 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-04-14 02:25:00 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-04-14 02:25:00 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-04-14 02:25:00 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-04-13 17:05:35 159080 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-13 14:54:32 -------- d-----w- C:\Users\Glenio\AppData\Local\{A004CDB6-2FA9-4D23-9BEE-D1E4868EF017}
2011-04-12 23:08:40 -------- d-----w- C:\Users\Glenio\AppData\Local\{F58E1CDE-D61A-4936-B94E-DAACF8C89859}
2011-04-12 23:08:24 -------- d-----w- C:\Users\Glenio\AppData\Local\{F5A8A810-F8F3-4734-BC65-70968254B996}
2011-04-11 15:40:07 -------- d-----w- C:\Users\Glenio\AppData\Local\{52884D05-C07D-4400-A142-4CDBB2029AA2}
2011-04-11 15:39:54 -------- d-----w- C:\Users\Glenio\AppData\Local\{6750F584-5AE1-4B29-900A-37624C9DC2B3}
2011-04-09 15:06:58 -------- d-----w- C:\Users\Glenio\AppData\Local\{2725E59C-636C-4C96-AD31-538514505D87}
2011-04-09 15:06:43 -------- d-----w- C:\Users\Glenio\AppData\Local\{D206DA1A-6E95-4C0F-A705-D58FDC878CAA}
2011-04-09 01:46:15 -------- d-----w- C:\Users\Glenio\AppData\Local\{5CD3E014-43D3-4617-A7FB-ED1FF2B316E6}
2011-04-09 01:45:44 -------- d-----w- C:\Users\Glenio\AppData\Local\{9CEC2A73-5E74-4622-B4EE-88ABF0A94A25}
2011-04-08 03:50:12 -------- d-----w- C:\Users\Glenio\AppData\Local\{6317CD4E-D9D7-4586-8A20-16BF38D72766}
2011-04-08 03:50:00 -------- d-----w- C:\Users\Glenio\AppData\Local\{1707A496-AE1F-4809-A4C1-8E7CBF966B32}
2011-04-07 15:49:23 -------- d-----w- C:\Users\Glenio\AppData\Local\{EC41D2D3-80CD-49C2-A2E5-231B45E749CD}
2011-04-06 15:26:46 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{2E6C1663-78A7-4FD1-8082-6DD8008E0EC6}\gapaengine.dll
2011-04-06 15:19:29 -------- d-----w- C:\Program Files (x86)\Windows Searchqu Toolbar
2011-04-06 15:18:58 1524112 ----a-w- C:\windows\SysWow64\bandoolmx.dll
2011-04-06 15:11:42 -------- d-----w- C:\Users\Glenio\AppData\Local\{E01F86D5-D246-4466-B4A4-409337D3EB76}
2011-04-06 15:11:15 -------- d-----w- C:\Users\Glenio\AppData\Local\{D4DBB297-E2A0-475C-B903-CAF8B2634E65}
2011-04-05 15:29:00 -------- d-----w- C:\Users\Glenio\AppData\Local\{B25B8595-DA29-4CF5-89EB-232D7E3808B5}
2011-04-05 15:28:28 -------- d-----w- C:\Users\Glenio\AppData\Local\{07C33D27-898D-4047-B51C-B659AC1A019F}
2011-04-04 23:19:31 -------- d-----w- C:\Users\Glenio\AppData\Local\{8938288C-7856-4BDE-AC36-B72C849C42CB}
2011-04-04 23:19:16 -------- d-----w- C:\Users\Glenio\AppData\Local\{5405BB46-26A9-4AFB-8734-3BF074AA328C}
2011-04-02 16:05:50 -------- d-----w- C:\Users\Glenio\AppData\Local\{A704802F-C75E-4B6F-B8DB-942E6ECEE73F}
2011-04-02 16:05:38 -------- d-----w- C:\Users\Glenio\AppData\Local\{B9DDEB4C-880A-494F-B440-6E9D13D979DF}
.
==================== Find3M ====================
.
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-04 06:17:25 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 03:58:32 3133440 ----a-w- C:\windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-02-03 05:40:23 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
.
============= FINISH: 15:57:24.38 ===============


attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/16/2010 8:06:29 PM
System Uptime: 5/1/2011 1:50:01 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 164.379 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP244: 4/16/2011 12:13:30 PM - Windows Update
RP245: 4/17/2011 7:09:35 PM - Windows Update
RP246: 4/19/2011 12:12:36 PM - Windows Update
RP247: 4/20/2011 11:48:57 AM - Windows Update
RP248: 4/20/2011 2:22:11 PM - Windows Update
RP249: 4/21/2011 3:55:45 PM - Windows Update
RP250: 4/22/2011 11:19:07 AM - Installed Call of Duty® 4 - Modern Warfare™
RP251: 4/22/2011 6:46:55 PM - Windows Update
RP252: 4/23/2011 7:10:09 PM - Windows Update
RP253: 4/24/2011 2:12:22 PM - Installed HP Product Detection.
RP254: 4/24/2011 6:58:59 PM - Windows Update
RP255: 4/26/2011 8:51:58 AM - Windows Update
RP256: 4/27/2011 10:39:26 AM - Windows Update
RP257: 4/27/2011 4:42:54 PM - Windows Update
RP258: 4/28/2011 8:16:41 AM - Windows Modules Installer
RP259: 4/28/2011 8:17:08 AM - Windows Modules Installer
RP260: 4/28/2011 5:50:13 PM - Windows Update
RP261: 4/28/2011 6:06:54 PM - Windows Update
RP262: 4/29/2011 5:43:45 AM - Windows Update
RP263: 4/29/2011 7:15:36 PM - Windows Update
RP264: 4/30/2011 7:52:01 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
6500_E709_eDocs
6500_E709_Help
6500_E709n
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Software Update
Ask.com Toolbar
Bandoo
Best Buy Software Installer
Bing Bar
BlackBerry Desktop Software 6.0
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Call of Duty® 4 - Modern Warfare™
Compatibility Pack for the 2007 Office system
Conduit Engine
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
Fax
Foxit Reader
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hotfix for Office (KB975927)
HP Product Detection
HP Update
HPProductAssistant
HPSSupply
InstaForm Invoices & Estimates Pro
J2SE Runtime Environment 5.0 Update 12
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
magicJack
Malwarebytes' Anti-Malware
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor
Need for Speed Underground 2
PowerISO
ProductContext
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Socrates Media Product Browser
SolutionCenter
SPECTRUM OneClick Console
Status
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TrayApp
Unknown Device Identifier 7.00
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VIVO INTERNET
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Searchqu Toolbar
WorldUnlock Codes Calculator
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/30/2011 9:53:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect.
4/30/2011 9:53:57 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/30/2011 9:53:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
4/30/2011 9:53:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/30/2011 7:38:43 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/30/2011 5:38:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
4/30/2011 5:38:05 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2011 5:39:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
4/29/2011 5:39:14 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/28/2011 6:09:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB982018).
4/28/2011 6:01:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2522422).
4/28/2011 6:01:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2515325).
4/28/2011 6:01:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2492386).
4/28/2011 5:49:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
4/25/2011 7:34:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.366.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/24/2011 2:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user Glenio-PC\Glenio SID (S-1-5-21-3526633145-1563201368-1473507783-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/24/2011 1:24:05 PM, Error: NetBT [4321] - The name "ILHA :1d" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

Thx

EdioIlha

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:13 PM

Posted 02 May 2011 - 12:01 AM

Hi, first of all, did you change your hotmail password? If not, do so ASAP! Let me know if the spamming stopped after changing the password.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 May 2011 - 08:04 AM

Hi Elise,

Sorry about the delay,

The spaming stoped after changing hotmail's password. Thx a lot.

This is the Log file for combofix.

ComboFix 11-05-03.04 - Glenio 05/04/2011 5:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1526 [GMT -7:00]
Running from: c:\users\Glenio\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 204 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\hijackthis\HijackThis.exe
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\as_guid.dat
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.jsw
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\dtUser.exe
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\searchquband.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\searchqudtx.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 12:39 . 2011-05-04 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 12:22 . 2011-05-04 12:23 -------- d-----w- c:\users\Glenio\AppData\Local\{8DAD32F8-F7D4-43A2-9BD6-53809C7D5383}
2011-05-04 12:22 . 2011-05-04 12:22 -------- d-----w- c:\users\Glenio\AppData\Local\{3EB373F0-4247-4327-9F70-394750C12C6D}
2011-05-03 13:30 . 2011-05-03 13:30 -------- d-----w- c:\users\Glenio\AppData\Local\{EDAAC08D-B81C-4B16-B99E-C65E22EC2D75}
2011-05-03 13:30 . 2011-05-03 13:30 -------- d-----w- c:\users\Glenio\AppData\Local\{C8715BE9-616E-47C2-9452-48D4D9FDD4D7}
2011-05-03 13:29 . 2011-05-03 13:30 -------- d-----w- c:\users\Glenio\AppData\Local\{64FECEA4-03B2-46C9-A149-FD4ED81EE75D}
2011-05-03 01:39 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{528E3736-3BC7-43FD-B951-B1E4ADD6626A}\mpengine.dll
2011-05-03 01:29 . 2011-05-03 01:29 -------- d-----w- c:\users\Glenio\AppData\Local\{D71FEE1B-1C36-4B07-AE61-2FD14EBCDC0E}
2011-05-03 01:28 . 2011-05-03 01:29 -------- d-----w- c:\users\Glenio\AppData\Local\{AA738AD0-E61B-4ED3-B799-47DF76C51577}
2011-05-01 16:57 . 2011-05-01 17:33 -------- d-----w- C:\LFS
2011-05-01 16:46 . 2011-05-01 16:46 -------- d-----w- c:\users\Glenio\AppData\Local\{0D403032-7BE5-4B9F-B08D-8DF773D7400D}
2011-05-01 16:46 . 2011-05-01 16:46 -------- d-----w- c:\users\Glenio\AppData\Local\{ADAFD69C-149A-4BE0-B338-7105E8ECB47F}
2011-05-01 02:26 . 2011-05-01 02:27 -------- d-----w- c:\users\Glenio\AppData\Local\{D88E2C18-F31A-42A5-9F17-95AD20CEFC44}
2011-05-01 02:26 . 2011-05-01 02:26 -------- d-----w- c:\users\Glenio\AppData\Local\{5F3A241A-7936-45C9-9218-168A62C27004}
2011-04-30 14:25 . 2011-04-30 14:26 -------- d-----w- c:\users\Glenio\AppData\Local\{47871898-988C-442A-A359-1D0117205D5D}
2011-04-30 14:25 . 2011-04-30 14:25 -------- d-----w- c:\users\Glenio\AppData\Local\{9A15EE77-316E-4061-82FC-2E77AE6451BB}
2011-04-29 15:30 . 2011-04-29 15:30 -------- d-----w- c:\users\Glenio\AppData\Local\{2F627C7B-DF14-48E1-9914-C83E2A5917AD}
2011-04-29 15:30 . 2011-04-29 15:30 -------- d-----w- c:\users\Glenio\AppData\Local\{3564D4C8-1292-478F-B32D-935049D07576}
2011-04-29 03:29 . 2011-04-29 03:29 -------- d-----w- c:\users\Glenio\AppData\Local\{7C3E498B-DF07-42C9-86C8-06D72AFBEF13}
2011-04-29 03:29 . 2011-04-29 03:29 -------- d-----w- c:\users\Glenio\AppData\Local\{CCB7546E-3DBF-47D4-B131-E5E37BAA04C6}
2011-04-29 03:29 . 2011-04-29 03:29 -------- d-----w- c:\users\Glenio\AppData\Local\{8CB288E4-E8FD-4133-8700-82252F3D8128}
2011-04-28 15:28 . 2011-04-28 15:28 -------- d-----w- c:\users\Glenio\AppData\Local\{30EC45F3-CA0A-4665-983F-A59757D82482}
2011-04-28 15:27 . 2011-04-28 15:28 -------- d-----w- c:\users\Glenio\AppData\Local\{056A0170-C083-4CCC-8385-8EE73F2A3DFD}
2011-04-27 17:42 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-27 17:42 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-27 17:42 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 17:42 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 17:41 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:41 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-04-27 17:41 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:41 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:41 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:41 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-04-27 17:41 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 17:41 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:41 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:41 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 17:41 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-04-27 17:40 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 17:40 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-27 17:21 . 2011-04-27 17:21 -------- d-----w- c:\users\Glenio\AppData\Local\{5903F826-9FF7-45FC-AD3E-AC912E1CF629}
2011-04-27 17:21 . 2011-04-27 17:21 -------- d-----w- c:\users\Glenio\AppData\Local\{F4928AE4-8BA2-4C7E-AC51-00903CF3A3DC}
2011-04-27 17:20 . 2011-04-27 17:21 -------- d-----w- c:\users\Glenio\AppData\Local\{43DA63BE-5192-46B0-A20A-93266BE6BD55}
2011-04-26 15:40 . 2011-04-26 15:40 -------- d-----w- c:\users\Glenio\AppData\Local\{28C9E17F-DFE5-46FB-B6C8-B5DC17180747}
2011-04-26 15:40 . 2011-04-26 15:40 -------- d-----w- c:\users\Glenio\AppData\Local\{AB419F16-0926-4E35-8C49-216D41075616}
2011-04-25 17:23 . 2011-04-25 17:23 -------- d-----w- c:\users\Glenio\AppData\Local\{8D18699A-E0D9-42BD-AFB6-74396801F062}
2011-04-25 17:22 . 2011-04-25 17:23 -------- d-----w- c:\users\Glenio\AppData\Local\{8BF0CD4B-4BB5-4F60-9460-027A769B1448}
2011-04-25 14:29 . 2011-04-25 14:29 -------- d-----w- c:\users\Glenio\AppData\Local\{855C3BA7-D4AA-4E7D-B2A8-FEE4E5CD6B3C}
2011-04-25 14:25 . 2011-04-25 14:25 -------- d-----w- c:\users\Glenio\AppData\Local\{528BD2C3-2E17-41FD-9BC2-EDC3FEA8EE9A}
2011-04-24 19:17 . 2011-04-24 19:18 -------- d-----w- c:\users\Glenio\AppData\Local\{860B5A81-3785-42AE-B818-990FBD6A0D45}
2011-04-24 19:17 . 2011-04-24 19:17 -------- d-----w- c:\users\Glenio\AppData\Local\{7CB29642-F1EB-4E70-AE96-9447649D4447}
2011-04-23 03:50 . 2011-04-23 16:09 -------- d-----w- c:\users\Glenio\AppData\Local\{F0F2A754-C724-45CB-AF50-94179466CE16}
2011-04-23 03:50 . 2011-04-23 03:50 -------- d-----w- c:\users\Glenio\AppData\Local\{12858AC2-77FC-464A-9E2C-EE01E62D1A82}
2011-04-22 20:03 . 2011-04-22 20:06 -------- d-----w- c:\users\Glenio\AppData\Local\NFS Underground 2
2011-04-22 19:58 . 2011-04-22 19:58 -------- d-----w- c:\program files (x86)\EA GAMES
2011-04-22 18:27 . 2006-11-29 20:06 469264 ----a-w- c:\windows\system32\d3dx10.dll
2011-04-22 18:26 . 2011-04-24 22:40 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-22 18:26 . 2011-04-22 18:34 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-22 18:20 . 2011-04-22 22:47 -------- d-----w- c:\program files (x86)\Activision
2011-04-22 18:14 . 2011-04-22 18:14 -------- d-----w- c:\program files (x86)\PowerISO
2011-04-22 18:14 . 2009-11-09 03:28 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-04-22 15:49 . 2011-04-22 15:49 -------- d-----w- c:\users\Glenio\AppData\Local\{9B916BF5-3C7F-41DC-A8DA-516F4FC79394}
2011-04-21 22:32 . 2011-04-21 22:32 -------- d-----w- c:\users\Glenio\AppData\Local\{FDCEE329-2D49-465A-A57E-8769A33C835C}
2011-04-21 22:32 . 2011-04-22 15:49 -------- d-----w- c:\users\Glenio\AppData\Local\{0D70AEE3-033D-4788-965F-1A96996CA22D}
2011-04-20 17:31 . 2011-04-20 17:31 -------- d-----w- c:\users\Glenio\AppData\Local\{4F50E4DE-00C7-4AF0-B26A-D413C330E38F}
2011-04-20 17:30 . 2011-04-20 17:31 -------- d-----w- c:\users\Glenio\AppData\Local\{1DEE3317-84DE-4727-A2BB-0714796CB709}
2011-04-19 19:01 . 2011-04-19 19:01 -------- d-----w- c:\users\Glenio\AppData\Local\{50DDC6E0-F372-41AE-BB59-F54E34BF3787}
2011-04-19 19:01 . 2011-04-19 19:01 -------- d-----w- c:\users\Glenio\AppData\Local\{3DC8FEE1-F8B8-4612-9919-62E90F48BAC7}
2011-04-18 15:52 . 2011-04-18 15:52 -------- d-----w- c:\users\Glenio\AppData\Local\{41B6AC0D-129C-4C4A-B54C-EA0199D2681B}
2011-04-18 15:48 . 2011-04-18 15:48 -------- d-----w- c:\users\Glenio\AppData\Local\{7025759D-9AA7-4C3C-9365-CB9A320B2281}
2011-04-18 02:06 . 2011-04-18 02:06 -------- d-----w- c:\users\Glenio\AppData\Roaming\Malwarebytes
2011-04-18 02:06 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-18 02:06 . 2011-04-18 02:06 -------- d-----w- c:\programdata\Malwarebytes
2011-04-18 02:06 . 2011-04-18 02:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-18 02:06 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 02:03 . 2011-04-18 02:04 -------- d-----w- C:\LinhaDefensiva
2011-04-18 02:00 . 2011-05-04 12:37 -------- d-----w- C:\HijackThis
2011-04-18 01:59 . 2011-04-18 01:59 -------- d-----w- c:\users\Glenio\AppData\Local\{1511E95F-08AF-40BF-BC24-91F12B982D86}
2011-04-18 01:59 . 2011-04-18 01:59 -------- d-----w- c:\users\Glenio\AppData\Local\{AA8CD840-9969-47B8-B374-EAE3D2A81AC7}
2011-04-16 17:55 . 2011-04-16 17:55 -------- d-----w- c:\users\Glenio\AppData\Local\{B4CE7DC4-3A0F-4E47-B3A8-58791CCFA8E7}
2011-04-16 17:55 . 2011-04-16 17:55 -------- d-----w- c:\users\Glenio\AppData\Local\{265EE5D1-AE08-4807-9F80-C59A2C45D51F}
2011-04-16 17:48 . 2011-04-16 17:48 -------- d-----w- c:\users\Glenio\AppData\Local\{26E430E6-5463-4693-9769-005A4FCE5EB6}
2011-04-15 15:11 . 2011-04-15 15:12 -------- d-----w- c:\users\Glenio\AppData\Local\{1BA0D757-F874-43D5-8094-60588E67D928}
2011-04-15 15:07 . 2011-04-15 15:11 -------- d-----w- c:\users\Glenio\AppData\Local\{71C1A154-360F-4804-B0CA-2C9D46EA547A}
2011-04-14 14:57 . 2011-04-14 14:57 -------- d-----w- c:\users\Glenio\AppData\Local\{7B5C0DAE-9B47-478F-BF1F-FB6CCEC7A4BA}
2011-04-14 14:56 . 2011-04-14 14:57 -------- d-----w- c:\users\Glenio\AppData\Local\{CEDCFCB9-8F3A-4ED3-9F9D-C37E94D0F0CE}
2011-04-14 14:56 . 2011-04-14 14:56 -------- d-----w- c:\users\Glenio\AppData\Local\{FE2B5591-E197-4D9D-9CED-D68FD244DC5F}
2011-04-14 02:55 . 2011-04-14 02:55 -------- d-----w- c:\users\Glenio\AppData\Local\{69F8BEBC-FCDE-469D-BAF3-E5A3DE512A6A}
2011-04-14 02:55 . 2011-04-14 02:55 -------- d-----w- c:\users\Glenio\AppData\Local\{C16E8D26-00C5-4E86-9323-957BEA469CCC}
2011-04-14 02:55 . 2011-04-14 02:55 -------- d-----w- c:\users\Glenio\AppData\Local\{69C08C5D-C610-4986-807C-04FE8DE19FE8}
2011-04-14 02:28 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 02:28 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 02:28 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-14 02:26 . 2011-03-08 06:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 02:26 . 2011-03-08 05:38 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-14 02:26 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2011-04-14 02:26 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2011-04-14 02:26 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-04-14 02:26 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2011-04-14 02:26 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2011-04-14 02:26 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-04-14 02:26 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-04-14 02:25 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 02:25 . 2011-02-23 05:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 02:25 . 2011-02-23 05:15 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 02:25 . 2011-02-23 05:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 02:25 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 17:05 . 2011-04-13 17:05 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-13 14:54 . 2011-04-13 14:54 -------- d-----w- c:\users\Glenio\AppData\Local\{A004CDB6-2FA9-4D23-9BEE-D1E4868EF017}
2011-04-12 23:08 . 2011-04-12 23:08 -------- d-----w- c:\users\Glenio\AppData\Local\{F58E1CDE-D61A-4936-B94E-DAACF8C89859}
2011-04-12 23:08 . 2011-04-12 23:08 -------- d-----w- c:\users\Glenio\AppData\Local\{F5A8A810-F8F3-4734-BC65-70968254B996}
2011-04-11 15:40 . 2011-04-11 15:40 -------- d-----w- c:\users\Glenio\AppData\Local\{52884D05-C07D-4400-A142-4CDBB2029AA2}
2011-04-11 15:39 . 2011-04-11 15:40 -------- d-----w- c:\users\Glenio\AppData\Local\{6750F584-5AE1-4B29-900A-37624C9DC2B3}
2011-04-09 15:06 . 2011-04-09 15:07 -------- d-----w- c:\users\Glenio\AppData\Local\{2725E59C-636C-4C96-AD31-538514505D87}
2011-04-09 15:06 . 2011-04-09 15:06 -------- d-----w- c:\users\Glenio\AppData\Local\{D206DA1A-6E95-4C0F-A705-D58FDC878CAA}
2011-04-09 01:46 . 2011-04-09 01:46 -------- d-----w- c:\users\Glenio\AppData\Local\{5CD3E014-43D3-4617-A7FB-ED1FF2B316E6}
2011-04-09 01:45 . 2011-04-09 01:46 -------- d-----w- c:\users\Glenio\AppData\Local\{9CEC2A73-5E74-4622-B4EE-88ABF0A94A25}
2011-04-08 03:50 . 2011-04-08 03:50 -------- d-----w- c:\users\Glenio\AppData\Local\{6317CD4E-D9D7-4586-8A20-16BF38D72766}
2011-04-08 03:50 . 2011-04-08 03:50 -------- d-----w- c:\users\Glenio\AppData\Local\{1707A496-AE1F-4809-A4C1-8E7CBF966B32}
2011-04-07 15:49 . 2011-04-07 15:49 -------- d-----w- c:\users\Glenio\AppData\Local\{EC41D2D3-80CD-49C2-A2E5-231B45E749CD}
2011-04-06 15:26 . 2011-01-29 17:00 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E6C1663-78A7-4FD1-8082-6DD8008E0EC6}\gapaengine.dll
2011-04-06 15:18 . 2011-03-14 11:25 1524112 ----a-w- c:\windows\SysWow64\bandoolmx.dll
2011-04-06 15:11 . 2011-04-06 15:11 -------- d-----w- c:\users\Glenio\AppData\Local\{E01F86D5-D246-4466-B4A4-409337D3EB76}
2011-04-06 15:11 . 2011-04-06 15:11 -------- d-----w- c:\users\Glenio\AppData\Local\{D4DBB297-E2A0-475C-B903-CAF8B2634E65}
2011-04-05 15:29 . 2011-04-05 15:29 -------- d-----w- c:\users\Glenio\AppData\Local\{B25B8595-DA29-4CF5-89EB-232D7E3808B5}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 08:21 . 2010-08-15 12:08 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-09 22:12 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:17 . 2011-04-27 17:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 17:41 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 22:18 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 22:18 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 22:18 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 22:18 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 22:18 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-08 18:37 . 2010-08-12 15:16 47008 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTo0.dll" [2011-04-30 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-04-30 15:18 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-04-30 15:18 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTo0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 22:06 764296 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTo0.dll" [2011-04-30 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin1.dll" [2011-04-30 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"cdloader"="c:\users\Glenio\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-03 399736]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2010-06-09 75072]
"RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2010-06-08 316736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
.
c:\users\Glenio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-02-08 18:34 354592 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-06-08 124224]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Data Modem Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 135664]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NUMARK_NC06;Numark MixDeck USB driver;c:\windows\system32\Drivers\nc06_usb.sys [x]
R3 NUMARK_NC06_MIDI;Numark MixDeck WDM MIDI Device;c:\windows\system32\drivers\nc06midi.sys [x]
R3 NUMARK_NC06_WDM;Numark MixDeck WDM;c:\windows\system32\drivers\nc06_wdm.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-02-08 57120]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 17:36]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 17:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Searchqu 101 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
AddRemove-SPECTRUM OneClick Console - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3526633145-1563201368-1473507783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3526633145-1563201368-1473507783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-04 05:44:26
ComboFix-quarantined-files.txt 2011-05-04 12:44
.
Pre-Run: 178,770,771,968 bytes free
Post-Run: 181,762,707,456 bytes free
.
- - End Of File - - 92CFDEA9227F6DC82EE68DCB77B5BC59


The IE new tab is already fixed(edited after combofix). Thx again
EdioIlha

Edited by Edio Ilha, 04 May 2011 - 08:06 AM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:13 PM

Posted 04 May 2011 - 08:08 AM

Hi again, do you have any problem left?

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 06 May 2011 - 06:46 AM

Hi,

This is the log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6514

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/5/2011 10:00:45 AM
mbam-log-2011-05-05 (10-00-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 319313
Time elapsed: 49 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you so much!

EdioIlha

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:13 PM

Posted 06 May 2011 - 07:38 AM

Any problem left? Lets do a last scan for leftovers.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 07 May 2011 - 01:08 PM

Hi,

I think there is no problem any more.

The ESET log:

C:\Program Files (x86)\Bandoo\InstallerHelper.dll probably a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Bandoo\Plugins\AIM\AIMPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Users\Glenio\Downloads\CuteWriter.exe Win32/OpenCandy application deleted - quarantined

CuteWriter is a PDF Virtual Printer. Is it a virus?

Thx again.

EdioIlha

#10 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 May 2011 - 07:49 PM

Hi there!

I dont know if it is done or not.
But I think it is not. Now it is very slow to logon.
e-mail password is blocked.
Also now I cant logon windows
Thx

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:13 PM

Posted 18 May 2011 - 01:56 AM

Hi, do you remember anything particular that happened before the login problem?
Have you tried Safe Mode? Can you log in there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 18 May 2011 - 10:23 AM

I will try it right now

#13 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 18 May 2011 - 11:02 AM

I was just login my hotmail email, and it asked for a fone number to verify my accont, due to abusive use of my email.
And I was trying to do that but I couldnt. The system went too slow and finally stoped.

Nop I cant run it in safe mode.


I got just blanc screen

I Tought it could be a HD fail, but I went in BIOS setup and the HD is there.

If it is usefull it is a TOSHIBA L505-ES5018

I dont have cds or dvds for this, it was my brother's computer and he doesnt know nothing about the computer accessories, and trow away the box with averithing inside it, and He doesnt know if it came with recovery dvds or not.

I have a full windows 7 ultimate dvd. If needed.

Thx for while

In the meaning time when I was writing here, I got this message about BOOT. See attached pictue.

THX

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:13 PM

Posted 18 May 2011 - 11:17 AM

Please tap F8 when starting your computer. Does the Advanced Boot Options menu come up and do you see the Repair Windows option? If so, select that and let me know if it loads the Recovery Environment.

Are you sure the mail you opened was really from Hotmail?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Edio Ilha

Edio Ilha
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 18 May 2011 - 11:35 AM

Yes Im sure that is the hotmail.com

I finally unlocked the email from this other pc that Im now.
Changed the password.

F8 dont work, when I try it nothing happens, just a black sreen but after some 10min or so, the screen comes up saying the boot error.

I will try to use my win 7 dvd to repair the boot, what do you think?

Thx

Edited by Edio Ilha, 18 May 2011 - 11:36 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users