"you may not have the appropriate permission to access

help plz, i cant use the malwarebytes anti mayware software This msg keeps popping up "...you may not have the appropriate permission to access the item" I need to use this to get rid of fake anit virus software that i got any help will be greatly appreciated Thank you

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:33 on 02/09/2009 by Family (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [04:49 22/09/2008] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [07:56 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [01:51 22/06/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [04:49 22/09/2008] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [07:56 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [01:51 22/06/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [04:50 22/09/2008] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [07:56 04/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 62464 bytes [01:49 22/06/2008] [00:11 14/04/2008] (Unable to calculate MD5)

-=End Of File=-

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 5.1.2600 Service Pack 3

9/2/2009 5:40:02 PM
mbam-log-2009-09-02 (17-40-02).txt

Scan type: Quick Scan
Objects scanned: 113684
Time elapsed: 19 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 20
Registry Values Infected: 19
Registry Data Items Infected: 17
Folders Infected: 7
Files Infected: 168

Memory Processes Infected:
C:\WINDOWS\system32\desote.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\zorotahi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\dezifamu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gayujoje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Ertfor) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee470f56-8c22-49e4-bf9b-a3e97167d51f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ee470f56-8c22-49e4-bf9b-a3e97167d51f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ee470f56-8c22-49e4-bf9b-a3e97167d51f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ee54c8c-bc2c-4760-b510-9a7e53f50672} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Security2009 (Rogue.PCSecurity2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vuzewomime (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bomuwonaw (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12758124 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{7ee54c8c-bc2c-4760-b510-9a7e53f50672} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nusigewor (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpyware Service (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc security 2009 (Rogue.PCSecurity2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\desote.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dezifamu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dezifamu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gayujoje.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gayujoje.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gayujoje.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\12758124 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\17314684 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Start Menu\Programs\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\midevebi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dezifamu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zorotahi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\12758124\12758124 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12758124\12758124.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12758124\pc12758124ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gayujoje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\desote.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dddesot.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\blyuwrjl.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\ciuge.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\clynbqef.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\egtau.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\fyblb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\icigerrb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\qbuf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\tujfbtrj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rusejafe.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\mdm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\zjhufhdfe.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\services.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\~TM20C.tmp (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\ibwu3zqxr.exe (Rogue.AntiVirusBEST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\winamp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\f.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\login.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\UACdc82.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\118456886.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\1235052090.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\1367395840.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\1587152372.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\159.tmp (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\231247576.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\2813558622.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\289216326.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\3241004108.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\3245222858.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\3283816608.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\3756785358.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\db.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\debug.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\notepad.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\4145066608.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\62988136.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\721087372.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\spoolsv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\taskmgr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1896 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1940 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1952 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1976 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1980 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1996 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_208 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_2324 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_268 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_356 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_444 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_492 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_536 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1104 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1312 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1600 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\derx3_1604 (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\1AS2M7FB\clzqdervli[1].htm (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\1AS2M7FB\qjxkoptg[1].htm (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\1AS2M7FB\zwjkbb[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\1AS2M7FB\xdqrivm[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\2OTMCOPL\ekyymmqe[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\AH1NUBWB\zwjkbb[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CG8Z32SX\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\D8OPQ8FK\bbsuper2[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\EUVCZSZ3\fb.61[1].exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\F2SP5V0O\ekyymmqe[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\I3I7QTYW\clzqdervli[1].htm (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\V6R1K9ZO\bbsuper3[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy55.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy57.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\17314684\17314684 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcm80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcp80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcr80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\windows Police Pro.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\dbsinit.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\wispex.html (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\i1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\i2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\i3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\j1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\j2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\j3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\jj1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\jj2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\jj3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\l1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\l2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\l3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\pix.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\t1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\t2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\up1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\up2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w11.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w3.jpg (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\wt1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\wt2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\wt3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Desktop\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.uio (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\th823567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\lkrpk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wejuwava.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146120114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464853.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464953.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\01011201014650120.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465053.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465153.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465253.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465353.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465453.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465553.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465653.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy56.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy58.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\kf7fczf2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msnmngs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr4 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr5 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr6 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr7 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr8 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\tmpwr9 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

thanks man so far so good everything is working properly WOW your a savior!

DDS (Ver_09-09-29.01) - NTFSx86
Run by Family at 17:04:23.21 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
mSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [fsm]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
mRun: []
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nForce Tray Options] sstray.exe /r
mRun: [CHotkey] zHotkey.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252122446250
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {ffb3a759-98b1-446f-bda9-909c6eb18cc7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
AppInit_DLLs: c:\windows\system32\majubilu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\majubilu.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-08 02:41 --dsh--- C:\$RECYCLE.BIN
2009-09-08 02:00 8,192 a--shr-- C:\BOOTSECT.BAK
2009-09-08 01:59 383,562 a--shr-- C:\bootmgr
2009-09-08 01:59 --dsh--- C:\Boot
2009-09-08 01:43 1,890 a------- c:\windows\diagwrn.xml
2009-09-08 01:43 1,890 a------- c:\windows\diagerr.xml
2009-09-07 21:30 --d----- c:\docume~1\family\applic~1\Canneverbe_Limited
2009-09-07 21:30 --d----- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2009-09-05 19:18 268,435,456 a--sh--- C:\eboostr.dat
2009-09-04 23:21 --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-09-04 23:21 --d----- c:\program files\PCPitstop
2009-09-04 21:43 --d----- c:\docume~1\alluse~1\applic~1\eboostr
2009-09-04 21:43 --d----- c:\program files\eBoostr
2009-09-04 20:18 --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-04 20:05 --d----- c:\windows\system32\XPSViewer
2009-09-04 20:04 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-04 20:04 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-04 20:04 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-04 20:04 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-04 20:04 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-04 20:04 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-04 20:04 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-03 22:14 --d----- c:\docume~1\family\applic~1\uniblue
2009-09-03 22:06 -cd-h--- c:\docume~1\alluse~1\applic~1\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-09-03 21:58 --d-hr-- C:\AHCache
2009-09-03 20:01 --d----- c:\docume~1\family\applic~1\Mazaika
2009-09-03 20:01 --d----- c:\program files\Mazaika
2009-09-02 19:03 --d----- c:\program files\ACW
2009-09-02 18:32 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-02 18:32 --d----- c:\program files\Avira
2009-09-02 18:32 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-02 17:09 a-d----- c:\windows\system32\images
2009-09-02 17:04 135,168 a------- C:\zip.exe
2009-09-02 17:04 19,286 a------- C:\cleanup.exe
2009-09-02 17:04 574 a------- C:\cleanup.bat
2009-09-02 17:01 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 16:35 163,840 a------- c:\windows\svchasts.exe
2009-09-02 12:51 82,688 a------- c:\windows\system32\drivers\3b7341c5.sys
2009-09-02 11:06 --d----- c:\docume~1\family\applic~1\Malwarebytes
2009-09-02 11:06 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 11:06 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-02 11:06 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-08-13 18:19 47,407,104 a------- C:\firmware.bin
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-10 18:35 17,003 a------- c:\windows\gyhysovy.dat
2009-07-10 18:35 15,009 a------- c:\program files\common files\cezaqadifu.bin
2009-07-10 18:35 14,694 a------- c:\docume~1\alluse~1\applic~1\bumejaka.sys
2009-07-10 18:35 14,372 a------- c:\program files\common files\efohywo.sys
2009-07-10 18:35 14,352 a------- c:\program files\common files\ixopezukyg.dll
2009-07-10 18:35 13,215 a------- c:\docume~1\family\applic~1\xinigiti.reg
2009-07-10 18:35 12,423 a------- c:\docume~1\family\applic~1\parywu.pif
2009-07-10 18:35 12,064 a------- c:\docume~1\family\applic~1\ilitihuvo.bat

============= FINISH: 17:05:06.15 ===============

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\gyhysovy.dat
  c:\program files\common files\cezaqadifu.bin
  c:\docume~1\alluse~1\applic~1\bumejaka.sys
  c:\program files\common files\efohywo.sys
  c:\program files\common files\ixopezukyg.dll
  c:\docume~1\family\applic~1\xinigiti.reg
  c:\docume~1\family\applic~1\parywu.pif
  c:\docume~1\family\applic~1\ilitihuvo.bat
  
  :reg
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLs"=-
  "AppInit_DLLs"=""
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.