Cant run Malwarebytes HELP!!!

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Cant run Malwarebytes HELP!!!16th December 2009, 10:01 pm

ok for the past 4-6 months i have been trying to run malewarbytes and when i install its fine but when i run a scan is when i auto closes then gives me a message when i try to run it again

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item and it did this to me in safe mode and normal im running
windows vista 32bit please help

Re: Cant run Malwarebytes HELP!!!16th December 2009, 10:07 pm

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind scecli.dll netlogon.dll eventlog.dll cngaudit.dll
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Cant run Malwarebytes HELP!!! DXwU4

Re: Cant run Malwarebytes HELP!!!16th December 2009, 10:26 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 14:16 on 16/12/2009 by palma (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 177152 bytes [06:16 11/09/2008] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [06:16 11/09/2008] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 592384 bytes [06:18 11/09/2008] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [06:18 11/09/2008] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F

Searching for "eventlog.dll"
No files found.

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 61952 bytes [08:43 02/11/2006] [09:46 02/11/2006] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-=End Of File=-

Re: Cant run Malwarebytes HELP!!!17th December 2009, 1:01 am

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.

Re: Cant run Malwarebytes HELP!!!17th December 2009, 4:27 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\cngaudit.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Cant run Malwarebytes HELP!!!17th December 2009, 5:59 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Cant run Malwarebytes HELP!!!17th December 2009, 9:13 pm

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18813

12/17/2009 11:59:47 AM
mbam-log-2009-12-17 (11-59-47).txt

Scan type: Quick Scan
Objects scanned: 117987
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 37
Registry Values Infected: 4
Registry Data Items Infected: 9
Folders Infected: 4
Files Infected: 68

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{338bfb9a-ea66-7554-fb44-df75ba3936ac} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1cac32c4-1d91-9430-9efd-947861eb3b39} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1 (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{512e801e-2f02-4ade-acaa-58f08a22b2f8} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\QWProtect.dll (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SaveDefense (Rogue.SaveDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ESQULSERV.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows MSI (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46245b5b-9fde-4f66-b0f4-e686c8637d62} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46245b5b-9fde-4f66-b0f4-e686c8637d62} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ikapjwdj (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ikcqlcbs (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hktddpwh (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.73,85.255.112.7 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31c3cca6-3c57-4a40-9f67-8013ba11de5e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.73,85.255.112.7 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Roaming\84372872az.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\ESQULsmprxiocgioxitjdxqlqkfveetrbogon.dll (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Windows\System32\qpyhw5ce.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\89359291.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\89359291.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\92.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\i83e7jcj.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\qpyhw5ce.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\0.8483716340539201.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsa26CF.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsa26CF.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsdB328.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsdB328.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsf7D3A.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsf7D3A.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsg6BCD.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsg6BCD.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsh47F8.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsh47F8.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsh91E0.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsh91E0.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsj4A36.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsj4A36.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsk387B.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsk387B.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsk8F73.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsk8F73.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsl5A30.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsl5A30.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsn7F98.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsn7F98.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsnC5CE.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsnC5CE.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsp7DD6.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsp7DD6.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsrA38C.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsrA38C.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nssC4A5.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nssC4A5.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nst4AD2.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nst4AD2.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nst6DFC.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nst6DFC.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nstA17C.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nstA17C.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsw4865.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsw4865.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsx8034.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsx8034.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsy5C5F.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsy5C5F.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsoA0FF.tmp\exdll.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\nsoA0FF.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Windows\System32\msihost.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\nxiyyh\bopasysguard.exe (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\kqxkye\bnwlsysguard.exe (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\staimy\bvlesysguard.exe (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\palma\AppData\Local\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Re: Cant run Malwarebytes HELP!!!17th December 2009, 9:49 pm

Hello.

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste BOTH LOGS back here, use more than one post if needed.

Re: Cant run Malwarebytes HELP!!!17th December 2009, 10:06 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by palma at 12:59:50.20 on Thu 12/17/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_07
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.1.1033.18.3069.1783 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\LEXPPS.EXE
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Public\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\dlcqcoms.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Users\Public\steam\Steam.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\lxbccoms.exe
C:\Windows\system32\lxdjcoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Public\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Users\palma\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.ask.com?o=15153&l=dis
uWindow Title = Internet Explorer provided by Dell
uDefault_Search_URL = hxxp://kingkongsearch.com/
uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070405
mStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60446
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} -
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} -
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Mirar: {46245b5a-9fde-4f66-b0f4-e686c8637d62} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [Xbox Generator.exe] c:\users\palma\appdata\local\microsoft\windows\explorer\Xbox Generator.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [Steam] "c:\users\public\steam\steam.exe" -silent
mRun: [DLCQCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCQtime.dll,_RunDLLEntry@16
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\users\public\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
StartupFolder: c:\users\palma\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicdisc.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Crawler Search - tbr:iemenu
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Hosts: 208.43.47.212 reviews.riverstreams.co.uk
Hosts: 208.43.47.212 d1.reviews.cnet.com
Hosts: 208.43.47.212 review.2009softwarereviews.com
Hosts: 208.43.47.212 reviews.download.com
Hosts: 208.43.47.212 reviews.pcadvisor.co.uk

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\palma\appdata\roaming\mozilla\firefox\profiles\900xdqll.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-17 114768]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-3-4 3026]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-15 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-17 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-17 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-17 138680]
R2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2008-6-23 65536]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-11 47640]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 MBAMService;MBAMService;c:\users\public\malwarebytes' anti-malware\mbamservice.exe [2009-12-16 276816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-17 352920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-16 19160]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-4-21 9344]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 Seekeen Service;Seekeen Service; [x]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2100-01-01 05:38:48 0 d-----w- c:\users\palma\appdata\roaming\MAGIX
2100-01-01 05:35:51 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2100-01-01 05:35:37 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2100-01-01 05:35:37 6211 ----a-w- c:\windows\mgxoschk.ini
2100-01-01 05:35:37 0 d-----w- c:\windows\system32\MAGIX
2009-12-22 18:02:51 17339 ----a-w- c:\windows\system32\1cd5addwarez905.cpl
2009-12-20 07:10:46 5537 ----a-w- c:\windows\system32\5bf9vir98z35.ocx
2009-12-19 12:51:23 5164 ----a-w- c:\windows\system32\32039zackt5ol4ed.bin
2009-12-18 19:37:25 7894 ----a-w- c:\windows\system32\71f6do9nlzader2576.dll
2009-12-17 20:23:07 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-17 12:52:28 13794 ----a-w- c:\windows\system32\15fasza9se2583.ocx
2009-12-16 21:49:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-16 21:49:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 21:49:00 0 d-----w- c:\programdata\Malwarebytes
2009-12-16 05:16:19 0 d-----w- c:\program files\Rockstar Games
2009-12-16 02:11:29 0 d-----w- c:\program files\Magic Translator
2009-12-15 03:23:06 15981 ----a-w- c:\windows\22045hre9z8237.dll
2009-12-15 03:23:06 12302 ----a-w- c:\windows\120349pzm5ot4c5.ocx
2009-12-15 03:23:06 11730 ----a-w- c:\windows\3z95s9eal1256.bin
2009-12-14 03:33:25 4020 ----a-w- c:\windows\system32\9005h9cktool51az.bin
2009-12-14 03:08:43 24 ----a-w- c:\windows\cdplayer.ini
2009-12-14 03:08:06 0 d-----w- c:\program files\common files\xing shared
2009-12-14 03:07:54 0 d-----w- c:\programdata\Real
2009-12-14 03:07:54 0 d-----w- c:\program files\common files\Real
2009-12-14 01:29:34 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-14 01:28:16 0 d-----w- c:\users\palma\appdata\roaming\AVG8
2009-12-13 18:26:16 0 d-----w- c:\program files\Gravity
2009-12-13 01:17:13 0 d-----w- c:\users\palma\appdata\roaming\Acoustica
2009-12-13 01:17:10 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-12-13 01:17:09 0 d-----w- c:\program files\Acoustica Shared Effects
2009-12-13 01:17:03 0 d-----w- c:\programdata\Acoustica
2009-12-12 07:02:09 15490 ----a-w- c:\windows\system32\2bb9zackdoor15535.bin
2009-12-10 18:04:05 12084 ----a-w- c:\windows\758dzhr9at2486.exe
2009-12-10 04:00:25 6302 ----a-w- c:\windows\3015zha95tool299.dll
2009-12-07 20:46:17 5680 ----a-w- c:\windows\1zf6a5d9are2031.exe
2009-12-07 15:00:42 15974 ----a-w- c:\windows\25147worm4z69.dll
2009-12-07 03:41:25 7999 ----a-w- c:\windows\system32\1z92sp5rse3152.exe
2009-12-06 06:07:13 15103 ----a-w- c:\windows\295z2wo9m2ab5.exe
2009-12-06 04:22:51 3478 ----a-w- c:\windows\10z2bac95oor68.cpl
2009-12-06 03:14:12 76197 ----a-w- c:\windows\War3Unin.dat
2009-12-06 03:14:12 2829 ----a-w- c:\windows\War3Unin.pif
2009-12-06 03:14:12 139264 ----a-w- c:\windows\War3Unin.exe
2009-12-05 20:56:25 13859 ----a-w- c:\windows\16190ha5ktozl4f0.ocx
2009-12-05 00:14:31 3271 ----a-w- c:\windows\1579addw9re2847z.ocx
2009-12-03 13:24:54 3930 ----a-w- c:\windows\28c9teal3135z.exe
2009-12-02 20:52:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-12-02 13:39:10 7190 ----a-w- c:\windows\system32\347fvz91753.cpl
2009-12-01 00:42:10 22 ----a-w- c:\users\palma\Pictures.zip
2009-11-30 19:33:46 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-29 19:53:28 0 d-----w- c:\program files\Rapid Express
2009-11-29 19:37:50 0 d-----w- c:\program files\Technitium
2009-11-27 13:20:06 3295 ----a-w- c:\windows\system32\1932no5za-virus7b8.exe
2009-11-27 12:31:33 7821 ----a-w- c:\windows\system32\1cec9ir2z50.ocx
2009-11-27 01:04:09 6527 ----a-w- c:\windows\124579zrus346.cpl
2009-11-26 19:47:20 13809 ----a-w- c:\windows\32eca5dwar9208z.bin
2009-11-26 19:30:40 3143 ----a-w- c:\windows\3170bzckdoor20905.dll
2009-11-26 02:47:13 0 d-----w- c:\programdata\LogMeIn
2009-11-26 00:54:34 8412 ----a-w- c:\windows\system32\9465spam9zt7e5.cpl
2009-11-24 00:26:54 5744 ----a-w- c:\windows\system32\30z00t59j445.cpl
2009-11-22 06:31:06 11970 ----a-w- c:\windows\9084spamzot75c5.ocx
2009-11-21 08:46:32 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-21 01:52:28 2769658 ----a-w- c:\windows\system32\GameMon.des
2009-11-21 01:39:18 0 d-----w- c:\program files\NCSoft
2009-11-20 03:08:28 4643 ----a-w- c:\windows\system32\24603hack5oolzc69.ocx
2009-11-19 10:46:39 6004 ----a-w- c:\windows\2167spzm59t620.dll
2009-11-19 00:20:17 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-11-19 00:20:17 0 d-----w- c:\program files\MagicDisc
2009-11-19 00:19:19 0 d-----w- c:\program files\MagicISO
2009-11-18 22:35:40 6494 ----a-w- c:\windows\58acspa5ze9703.exe
2009-11-18 03:32:22 0 d-----w- c:\programdata\NFS Underground

==================== Find3M ====================

2009-11-29 04:45:42 16544 ----a-w- c:\windows\fonts\Twilight_Zephyr_Font_by_runswithvamps.ttf
2009-11-17 04:59:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-16 01:50:21 15037 ----a-w- c:\windows\system32\1c67d9wnloadzr2555.bin
2009-11-15 06:05:07 4880 ----a-w- c:\windows\system32\271thie59748z.exe
2009-11-14 12:04:17 2784 ----a-w- c:\windows\21z679p5163.bin
2009-11-12 22:48:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-10 03:27:46 7554 ----a-w- c:\windows\16321spam9ot5az.dll
2009-11-03 01:15:25 6887 ----a-w- c:\windows\system32\2a8s5ezl749.bin
2009-11-01 23:34:25 12155 ----a-w- c:\windows\6c2at95zf1155.bin
2009-10-27 14:59:14 3301 ----a-w- c:\windows\system32\258bth9zat28367.dll
2009-10-26 05:05:00 15875 ----a-w- c:\windows\system32\15z09tro93ad.bin
2009-10-25 17:13:58 15933 ----a-w- c:\windows\system32\62d095eaz628.exe
2009-10-24 07:32:13 3114 ----a-w- c:\windows\system32\155dspazse9368.exe
2009-10-22 11:34:17 10507 ----a-w- c:\windows\system32\59e55tezl9399.exe
2009-10-20 21:46:56 6730 ----a-w- c:\windows\system32\84939pambotz9f5.bin
2009-10-19 23:13:04 6735 ----a-w- c:\windows\29849nzt-a-v5rus7b7.bin
2009-10-19 07:16:19 12799 ----a-w- c:\windows\system32\64b5zhief1299.bin
2009-10-15 07:59:39 9440 ----a-w- c:\windows\109809zt-a-viru549b.exe
2009-10-09 20:35:18 14222 ----a-w- c:\windows\7czv95453.bin
2009-10-08 00:20:33 9356 ----a-w- c:\users\palma\appdata\roaming\wklnhst.dat
2009-10-07 23:17:39 12914 ----a-w- c:\windows\2049vi951z.bin
2009-10-07 21:57:17 3966 ----a-w- c:\windows\z99daddware2594.bin
2009-10-04 21:45:51 17957 ----a-w- c:\windows\21z89sp5mbot77d9.bin
2009-10-03 23:57:06 18175 ----a-w- c:\windows\system32\b5bthie928z9.dll
2009-10-03 16:54:47 5758 ----a-w- c:\windows\system32\1aacst5al1298z.exe
2009-10-02 13:30:41 14518 ----a-w- c:\windows\za0bd5wn9oader2406.bin
2009-09-28 09:09:34 14766 ----a-w- c:\windows\3409zhreat200095.exe
2009-09-26 20:53:20 8052 ----a-w- c:\windows\26765worz579.dll
2009-09-25 23:37:49 3802 ----a-w- c:\windows\system32\25990vizus5c0.exe
2009-09-22 18:50:06 8495 ----a-w- c:\windows\system32\33e5bac9door51z7.dll
2009-09-22 18:24:40 5370 ----a-w- c:\windows\28525tr9z1ea.exe
2009-09-20 19:52:24 7882 ----a-w- c:\windows\system32\5ed9addwarz8379.dll
2009-08-22 20:26:38 11908 ----a-w- c:\program files\common files\cidixek.scr
2009-08-21 22:55:20 16971 ----a-w- c:\program files\common files\mesuhan.bin
2009-08-21 22:55:20 16290 ----a-w- c:\program files\common files\qareq.com
2009-08-21 22:55:20 14581 ----a-w- c:\program files\common files\neluje.lib
2009-08-21 22:55:20 13293 ----a-w- c:\program files\common files\ozuwuhedat.dl
2009-08-21 22:55:20 12213 ----a-w- c:\program files\common files\witewifag.dat
2008-09-11 23:56:54 174 --sha-w- c:\program files\desktop.ini
2008-09-11 23:44:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2007-01-16 08:10:37 86016 ----a-w- c:\windows\inf\infstor.dat
2007-01-16 08:10:37 86016 ----a-w- c:\windows\inf\infpub.dat
2007-01-16 08:10:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-02 02:41:45 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-13 17:41:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-13 17:41:09 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-13 17:41:09 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-13 17:41:09 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-03-09 08:20:50 65536 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030220090309\index.dat
2009-03-17 01:04:32 114688 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030920090316\index.dat
2009-03-24 03:06:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031620090323\index.dat
2009-03-24 03:06:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032320090324\index.dat
2009-03-26 06:09:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032520090326\index.dat
2009-03-26 07:41:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032620090327\index.dat
2009-03-27 23:07:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032720090328\index.dat
2009-09-11 03:45:17 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-03-23 05:42:27 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-03-23 05:42:27 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-17 21:37:46 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-04-05 21:49:21 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:06:02.43 ===============

Re: Cant run Malwarebytes HELP!!!17th December 2009, 10:09 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft

Windows Vista

Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/5/2007 6:54:09 AM
System Uptime: 12/17/2009 12:28:55 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Microprocessor | 1795/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 223 GiB total, 42.704 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.061 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1331: 12/14/2009 9:03:49 AM - Scheduled Checkpoint
RP1333: 12/15/2009 8:27:58 AM - Scheduled Checkpoint
RP1335: 12/15/2009 9:16:29 PM - Installed GTA San Andreas

==== Hosts File Hijack ======================

Hosts: 208.43.47.212 reviews.riverstreams.co.uk
Hosts: 208.43.47.212 d1.reviews.cnet.com
Hosts: 208.43.47.212 review.2009softwarereviews.com
Hosts: 208.43.47.212 reviews.download.com
Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
Hosts: 208.43.47.212 reviews.pcmag.com
Hosts: 208.43.47.212 reviews.pcpro.co.uk
Hosts: 208.43.47.212 reviews.techradar.com
Hosts: 208.43.47.212 toptenreviews.com
Hosts: 208.43.47.212 www.reevoo.com
Hosts: 208.43.47.212 a1.review.zdnet.com
Hosts: 208.43.47.212 reviews.riverstreams.co.uk
Hosts: 208.43.47.212 d1.reviews.cnet.com
Hosts: 208.43.47.212 review.2009softwarereviews.com
Hosts: 208.43.47.212 reviews.download.com
Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
Hosts: 208.43.47.212 reviews.pcmag.com
Hosts: 208.43.47.212 reviews.pcpro.co.uk
Hosts: 208.43.47.212 reviews.techradar.com
Hosts: 208.43.47.212 toptenreviews.com
Hosts: 208.43.47.212 www.reevoo.com

==== Installed Programs ======================

Acoustica Effects Pack
Acoustica Mixcraft 3.1
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Any Video Converter 2.7.8
ASIO4ALL
avast! Antivirus
BitTorrent
Collab
Counter-Strike: Source
Curse Client
Day of Defeat: Source
DivX Web Player
FFPremiereAdvertisingPlatform
FLV Player 2.0 (build 25)
Free WMA to MP3 Converter 1.16
GTA San Andreas
KeyMaster - Proj0
Lexmark 1400 Series
Lexmark Z500-Z600 Series
LimeWire 5.3.6
Magic ISO Maker v5.5 (build 0276)
Magic Translator 8.12
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Mirar
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.6)
RealPlayer
Requiem
Synthesia (remove only)
TeamSpeak 2 RC2
TruePianos 1.4.1 40-day Test Version
Virtual DJ - Atomix Productions
Warcraft III
Warcraft III: All Products
Xara3D6
XviD MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.5.3

==== Event Viewer Messages From Past Week ========

12/17/2009 12:23:24 PM, Error: Service Control Manager [7030] - The avast! Web Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/17/2009 12:23:23 PM, Error: Service Control Manager [7030] - The avast! Mail Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/17/2009 12:23:23 PM, Error: Service Control Manager [7030] - The avast! iAVS4 Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/17/2009 12:23:23 PM, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/17/2009 12:01:12 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_ESQULSERV.SYS\0000 disappeared from the system without first being prepared for removal.
12/17/2009 1:03:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
12/16/2009 4:22:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/16/2009 4:20:08 PM, Error: EventLog [6008] - The previous system shutdown at 4:18:09 PM on 12/16/2009 was unexpected.
12/16/2009 1:53:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP hwinterface spldr sptd Wanarpv6
12/16/2009 1:48:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC hwinterface NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2009 1:48:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2009 1:48:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/16/2009 1:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/16/2009 1:48:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/16/2009 1:48:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/16/2009 1:48:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/16/2009 1:48:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/16/2009 1:48:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/16/2009 1:47:42 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
12/16/2009 1:47:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
12/16/2009 1:47:40 PM, Error: EventLog [6008] - The previous system shutdown at 1:45:42 PM on 12/16/2009 was unexpected.
12/16/2009 1:47:01 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
12/12/2009 9:30:01 AM, Error: EventLog [6008] - The previous system shutdown at 8:25:20 PM on 12/11/2009 was unexpected.
12/11/2009 4:38:22 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001676A8151F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/10/2009 4:42:25 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2009 4:39:54 PM, Error: Service Control Manager [7023] - The WinDefend service terminated with the following error: The system cannot find the file specified.
12/10/2009 4:39:54 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2009 4:39:54 PM, Error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
12/10/2009 4:39:54 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
12/10/2009 4:39:54 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
12/10/2009 4:38:21 PM, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942405.
12/10/2009 4:38:19 PM, Error: EventLog [6008] - The previous system shutdown at 9:59:08 PM on 12/9/2009 was unexpected.

==== End Of File ===========================

Re: Cant run Malwarebytes HELP!!!17th December 2009, 10:14 pm

Hello.

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Cant run Malwarebytes HELP!!!18th December 2009, 12:28 am

Umm im stuck am i suppose to use stopzilla? because thats what its making me download....

Re: Cant run Malwarebytes HELP!!!18th December 2009, 12:33 am

Hello.
Does the tinyurl link not take you to a file called KittyFix.exe?

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Click Start >> Control Panel.
Under the Programs click Uninstall a Program
Highlight the following:

BitTorrent
LimeWire 5.3.6
Mirar
Click on the Uninstall/Change button at the top.

In any case, lets bin some other stuff first, because it's not making matters any better.

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:03 am

no i can download that its the
# We need to disable your local AV (Anti-virus) before running Combofix.
# See HERE for how to disable your AV.
# Double click on ComboFix.exe.
# Follow the prompts. NOTE:
# ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

thats the part that it redirects to stopzilla i will still do what you told me above just letting you know which part it does it on

And i cant intsall hijackthis i get a error code 2503 and 2052 with the description The installer has encountered an unexpected error installing this package. This may indicate a problem with this package

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:06 am

Yeah, it's more than likely the Crawler/Ask infection that's showing up in DDS. Usually they are a just a pain in the butt, but usually don't interfere.

Run Hijack This anyway, we'll get rid of those first.

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:06 am

Belahzur wrote:

Yeah, it's more than likely the Crawler/Ask infection that's showing up in DDS. Usually they are a just a pain in the butt, but usually don't interfere.

Run Hijack This anyway, we'll get rid of those first.

i just edited my msg please reread it

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:09 am

Hello.
Ah, an error.

Fine, guess we'll use this and force them out.
Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Please post OTL.txt in this thread.
You may need to use two posts to get it all.

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:19 am

OTL logfile created on: 12/17/2009 4:13:03 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\palma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 87.22% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 42.33 Gb Free Space | 19.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.06 Gb Free Space | 60.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PALMA-PC
Current User Name: palma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/17 16:12:59 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\palma\Desktop\OTL.exe
PRC - [2009/12/15 20:27:04 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/13 19:07:55 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/03 16:14:02 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Public\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Public\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/11/24 15:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/23 22:31:17 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Users\Public\steam\Steam.exe
PRC - [2009/08/06 16:51:54 | 00,613,128 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/05/15 19:24:24 | 00,335,872 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/05/15 19:23:56 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 22:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 19:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2008/10/16 19:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 17:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/06/23 11:04:22 | 00,065,536 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2008/01/18 23:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2007/06/11 15:18:00 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdjcoms.exe
PRC - [2007/03/16 00:24:02 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbccoms.exe
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/12 00:22:34 | 00,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcqcoms.exe
PRC - [2006/11/02 01:45:59 | 00,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/09/29 09:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/08/04 16:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2003/02/25 08:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE
PRC - [2003/02/25 08:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXPPS.EXE

========== Modules (SafeList) ==========

MOD - [2009/12/17 16:12:59 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\palma\Desktop\OTL.exe
MOD - [2008/01/18 23:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - File not found [Auto | Stopped] -- -- (Seekeen Service)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\Public\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/23 22:45:11 | 00,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/15 19:23:56 | 00,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/03/30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/18 14:21:00 | 02,769,658 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/19 17:08:02 | 00,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/09 23:04:17 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/16 19:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/07/24 17:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/10 16:28:04 | 00,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 01:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/23 11:04:22 | 00,065,536 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2008/01/18 23:36:49 | 00,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/18 23:36:15 | 00,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/11 15:18:00 | 00,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdjcoms.exe -- (lxdj_device)
SRV - [2007/03/16 00:24:02 | 00,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbccoms.exe -- (lxbc_device)
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/12 00:22:34 | 00,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcqcoms.exe -- (dlcq_device)
SRV - [2006/11/05 08:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 08:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/09/29 09:38:50 | 00,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/09/14 11:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/04 16:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 00:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/25 08:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)

========== Driver Services (SafeList) ==========

DRV - [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 15:49:48 | 00,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/16 20:59:50 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/22 12:58:43 | 00,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/05/15 20:01:22 | 04,933,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/05/15 20:01:22 | 04,933,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/04/08 13:29:52 | 00,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/30 02:09:28 | 00,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/26 14:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/04 17:46:47 | 00,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2008/12/04 21:55:40 | 00,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/11/27 09:49:06 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/16 19:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/24 17:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 17:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 17:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/02/06 02:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/25 01:12:34 | 00,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2008/01/18 21:56:08 | 00,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/01/18 21:53:39 | 00,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/18 21:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/18 21:53:22 | 00,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/10/29 16:37:22 | 12,214,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2007/04/21 06:15:42 | 00,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2007/04/05 13:49:21 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/04/05 13:49:21 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/04/05 13:49:21 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/09 10:32:30 | 01,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 12:18:15 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/10/18 10:09:26 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 10:08:18 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 10:08:04 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/29 11:59:58 | 00,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/08/04 16:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 13:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/04/10 13:02:18 | 00,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/06/24 17:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2000/09/15 08:26:48 | 00,036,846 | ---- | M] (Motorola Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Net4100.sys -- (ndiscm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070405
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15153&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/15 20:27:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/15 20:27:06 | 00,000,000 | ---D | M]

[2007/01/16 00:34:11 | 00,000,000 | ---D | M] -- C:\Users\palma\AppData\Roaming\Mozilla\Extensions
[2009/04/03 20:13:14 | 00,000,000 | ---D | M] -- C:\Users\palma\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/16 19:56:57 | 00,000,000 | ---D | M] -- C:\Users\palma\AppData\Roaming\Mozilla\Firefox\Profiles\900xdqll.default\extensions
[2009/12/15 17:22:06 | 00,000,000 | ---D | M] (Tamper Data) -- C:\Users\palma\AppData\Roaming\Mozilla\Firefox\Profiles\900xdqll.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/12/15 17:34:40 | 00,000,000 | ---D | M] -- C:\Users\palma\AppData\Roaming\Mozilla\Firefox\Profiles\900xdqll.default\extensions\personas@christopher.beard
[2007/01/16 00:33:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (1626 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:
O1 - Hosts: 127.0.0.1 armywow.servegame.org208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {46245B5A-9FDE-4F66-B0F4-E686C8637D62} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLCQCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Users\Public\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()
O4 - HKCU..\Run: [Steam] c:\users\public\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\Program Files\Uniblue\RegistryBooster\StartRegistryBooster.exe (Uniblue Software)
O4 - HKCU..\Run: [Xbox Generator.exe] C:\Users\palma\AppData\Local\Microsoft\Windows\Explorer\Xbox Generator.exe File not found
O4 - Startup: C:\Users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4700b71e-2a46-11de-a40d-001676a8151f}\Shell - "" = AutoRun
O33 - MountPoints2\{4700b71e-2a46-11de-a40d-001676a8151f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4700b720-2a46-11de-a40d-001676a8151f}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{4b26c073-8b5e-11dd-b712-001676a8151f}\Shell\Auto\command - "" = Xbox Generator.exe
O33 - MountPoints2\{4b26c076-8b5e-11dd-b712-001676a8151f}\Shell - "" = AutoRun
O33 - MountPoints2\{4b26c076-8b5e-11dd-b712-001676a8151f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8d034886-7a70-11dc-a4f2-00038a000015}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{a7d6ae26-e381-11de-b85f-806e6f6e6963}\Shell\Auto\command - "" = Xbox Generator.exe
O33 - MountPoints2\{d75f762e-2921-11dd-87a3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{d75f762e-2921-11dd-87a3-806e6f6e6963}\Shell\phone\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\Spyware Terminator\sp_rsdel.exe "\??\C:\PROGRA~2\Spyware Terminator\sp_rsdel.dat,) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2099/12/31 21:38:51 | 00,000,000 | ---D | C] -- C:\Users\palma\Documents\MAGIX downloads
[2099/12/31 21:38:48 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Roaming\MAGIX
[2099/12/31 21:37:13 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2099/12/31 21:37:12 | 00,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe
[2099/12/31 21:37:12 | 00,188,416 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll
[2099/12/31 21:37:12 | 00,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll
[2099/12/31 21:37:12 | 00,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll
[2099/12/31 21:37:12 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll
[2099/12/31 21:37:12 | 00,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll
[2099/12/31 21:37:12 | 00,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll
[2099/12/31 21:37:12 | 00,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll
[2099/12/31 21:37:12 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll
[2099/12/31 21:37:12 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll
[2099/12/31 21:37:12 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll
[2099/12/31 21:37:11 | 00,487,424 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll
[2099/12/31 21:37:11 | 00,163,840 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll
[2099/12/31 21:37:11 | 00,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll
[2099/12/31 21:37:11 | 00,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll
[2099/12/31 21:37:11 | 00,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll
[2099/12/31 21:37:11 | 00,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll
[2099/12/31 21:37:11 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll
[2099/12/31 21:37:11 | 00,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll
[2099/12/31 21:37:11 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll
[2099/12/31 21:37:11 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll
[2099/12/31 21:37:11 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll
[2099/12/31 21:37:11 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll
[2099/12/31 21:35:37 | 00,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\System32\mgxoschk.dll
[2099/12/31 21:35:37 | 00,000,000 | ---D | C] -- C:\Windows\System32\MAGIX
[2009/12/17 16:12:59 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\palma\Desktop\OTL.exe
[2009/12/17 14:25:18 | 00,390,656 | ---- | C] (iS3, Inc.) -- C:\Users\palma\Desktop\STOPzilla_Setup.exe
[2009/12/17 13:27:58 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/17 12:23:23 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/12/17 12:23:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/12/17 12:23:23 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/12/17 12:23:23 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/12/17 12:23:23 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/12/17 12:23:07 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/12/17 12:23:07 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/12/16 13:49:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/16 13:49:00 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/16 13:49:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/16 13:24:56 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Local\staimy
[2009/12/16 13:24:55 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Local\kqxkye
[2009/12/16 13:24:49 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Local\nxiyyh
[2009/12/15 21:29:24 | 00,000,000 | ---D | C] -- C:\Users\palma\Documents\GTA San Andreas User Files
[2009/12/15 21:16:19 | 00,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2009/12/15 18:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Magic Translator
[2009/12/13 19:08:12 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/12/13 19:08:09 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/12/13 19:08:09 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/12/13 19:08:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/12/13 19:07:57 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/12/13 19:07:56 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/12/13 19:07:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/12/13 19:07:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/12/13 19:07:53 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Roaming\Real
[2009/12/13 17:29:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/12/13 17:28:16 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Roaming\AVG8
[2009/12/13 10:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\Gravity
[2009/12/12 17:19:40 | 00,000,000 | ---D | C] -- C:\Users\palma\Documents\My Recordings
[2009/12/12 17:17:13 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Roaming\Acoustica
[2009/12/12 17:17:10 | 00,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\System32\Wnaspint.dll
[2009/12/12 17:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2009/12/12 17:17:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Acoustica
[2009/12/11 18:25:57 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Local\PackageAware
[2009/12/06 19:06:56 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Roaming\SystemRequirementsLab
[2009/12/05 19:14:12 | 00,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2009/11/29 11:53:28 | 00,000,000 | ---D | C] -- C:\Program Files\Rapid Express
[2009/11/29 11:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\Technitium
[2009/11/27 21:10:51 | 00,000,000 | ---D | C] -- C:\Users\palma\Documents\My Games
[2009/11/25 18:47:13 | 00,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2009/11/24 21:49:16 | 00,000,000 | ---D | C] -- C:\Users\palma\Desktop\Aurelio
[2009/11/21 00:46:32 | 00,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2009/11/20 17:52:28 | 02,769,658 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2009/11/20 17:39:55 | 00,000,000 | ---D | C] -- C:\Users\palma\AppData\Local\assembly
[2009/11/20 17:39:18 | 00,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2009/11/18 16:20:17 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2009/11/18 16:20:17 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2009/11/18 16:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/11/18 16:13:02 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2009/11/17 19:32:22 | 00,000,000 | ---D | C] -- C:\ProgramData\NFS Underground
[2009/09/06 09:57:56 | 00,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdjusb1.dll
[2009/09/06 09:57:56 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdjinpa.dll
[2009/09/06 09:57:56 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdjiesc.dll
[2009/09/06 09:57:56 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdjhcp.dll
[2009/09/06 09:57:55 | 01,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdjserv.dll
[2009/09/06 09:57:55 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdjpmui.dll
[2009/09/06 09:57:55 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdjlmpm.dll
[2009/09/06 09:57:55 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdjprox.dll
[2009/09/06 09:57:55 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdjpplc.dll
[2009/09/06 09:57:54 | 00,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdjhbn3.dll
[2009/09/06 09:57:54 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomc.dll
[2009/09/06 09:57:54 | 00,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomm.dll
[2009/09/05 20:24:33 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009/09/05 20:24:32 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009/09/05 20:24:32 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009/09/05 20:24:31 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009/09/05 20:24:31 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009/09/05 20:24:30 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009/09/05 20:24:30 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009/09/05 20:24:30 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009/09/05 20:24:30 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[2009/09/05 20:24:29 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009/09/05 20:24:27 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009/09/05 20:24:27 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2008/06/16 21:18:25 | 00,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2008/06/16 21:18:24 | 00,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2007/05/20 17:14:08 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCQhcp.dll
[2006/10/11 17:01:40 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcqpmui.dll
[2006/10/11 16:59:56 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcqserv.dll
[2006/10/11 16:54:10 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomm.dll
[2006/10/11 16:52:34 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcqlmpm.dll
[2006/10/11 16:51:16 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcqiesc.dll
[2006/10/11 16:48:58 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcqpplc.dll
[2006/10/11 16:48:14 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomc.dll
[2006/10/11 16:47:42 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcqprox.dll
[2006/10/11 16:41:42 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcqinpa.dll
[2006/10/11 16:41:04 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcqusb1.dll
[2006/10/11 16:37:14 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcqhbn3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/05/21 20:30:20 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0AA02640-BB4C-416C-940D-120AF31B52DC}.job
[2009/12/22 10:02:51 | 00,017,339 | ---- | M] () -- C:\Windows\System32\1cd5addwarez905.cpl
[2009/12/19 23:10:46 | 00,005,537 | ---- | M] () -- C:\Windows\System32\5bf9vir98z35.ocx
[2009/12/19 04:51:23 | 00,005,164 | ---- | M] () -- C:\Windows\System32\32039zackt5ol4ed.bin
[2009/12/18 11:37:25 | 00,007,894 | ---- | M] () -- C:\Windows\System32\71f6do9nlzader2576.dll
[2009/12/17 16:13:09 | 07,864,320 | -HS- | M] () -- C:\Users\palma\ntuser.dat
[2009/12/17 16:12:59 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\palma\Desktop\OTL.exe
[2009/12/17 16:03:32 | 00,906,192 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/17 16:03:32 | 00,746,618 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/17 16:03:32 | 00,159,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/17 16:02:09 | 01,401,344 | ---- | M] () -- C:\Users\palma\Desktop\HijackThis.msi
[2009/12/17 15:57:20 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 15:57:20 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 15:57:14 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/17 15:48:15 | 02,617,126 | -H-- | M] () -- C:\Users\palma\AppData\Local\IconCache.db
[2009/12/17 14:28:16 | 00,390,656 | ---- | M] (iS3, Inc.) -- C:\Users\palma\Desktop\STOPzilla_Setup.exe
[2009/12/17 13:27:34 | 03,854,383 | ---- | M] () -- C:\Users\palma\Desktop\Combo-Fix.exe
[2009/12/17 12:27:02 | 00,524,288 | -HS- | M] () -- C:\Users\palma\ntuser.dat{302ec670-92a2-11dc-9d0b-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2009/12/17 12:27:02 | 00,065,536 | -HS- | M] () -- C:\Users\palma\ntuser.dat{302ec670-92a2-11dc-9d0b-00038a000015}.TM.blf
[2009/12/17 12:23:24 | 00,001,811 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/17 12:23:23 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/17 11:51:44 | 00,000,624 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/17 04:52:28 | 00,013,794 | ---- | M] () -- C:\Windows\System32\15fasza9se2583.ocx
[2009/12/16 15:54:55 | 00,006,892 | ---- | M] () -- C:\Users\palma\AppData\Local\d3d9caps.dat
[2009/12/16 12:52:54 | 00,361,576 | ---- | M] () -- C:\Users\palma\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/16 12:46:42 | 02,828,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/15 20:53:13 | 00,000,411 | ---- | M] () -- C:\ProgramData\MagicTranslator.ini
[2009/12/15 18:57:56 | 00,124,928 | ---- | M] () -- C:\Users\palma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/14 20:28:40 | 03,510,774 | ---- | M] () -- C:\Users\palma\Desktop\Everbody Sample trixxxxx.mp3
[2009/12/14 19:33:04 | 88,047,728 | ---- | M] () -- C:\Users\palma\Documents\clip.avi
[2009/12/14 19:23:06 | 00,015,981 | ---- | M] () -- C:\Windows\22045hre9z8237.dll
[2009/12/14 19:23:06 | 00,012,302 | ---- | M] () -- C:\Windows\120349pzm5ot4c5.ocx
[2009/12/14 19:23:06 | 00,011,730 | ---- | M] () -- C:\Windows\3z95s9eal1256.bin
[2009/12/13 19:33:25 | 00,004,020 | ---- | M] () -- C:\Windows\System32\9005h9cktool51az.bin
[2009/12/13 19:08:43 | 00,000,024 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/12/13 19:08:12 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/12/13 19:08:09 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/12/13 19:08:09 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/12/13 19:07:57 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/12/13 10:26:16 | 00,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Requiem.lnk
[2009/12/12 12:55:26 | 03,135,125 | ---- | M] () -- C:\Users\palma\Desktop\just begun .mp3
[2009/12/11 23:02:09 | 00,015,490 | ---- | M] () -- C:\Windows\System32\2bb9zackdoor15535.bin
[2009/12/11 16:34:44 | 00,000,687 | ---- | M] () -- C:\Users\palma\Desktop\Warcraft III.lnk
[2009/12/10 21:18:27 | 00,076,197 | ---- | M] () -- C:\Windows\War3Unin.dat
[2009/12/10 10:04:05 | 00,012,084 | ---- | M] () -- C:\Windows\758dzhr9at2486.exe
[2009/12/09 20:00:25 | 00,006,302 | ---- | M] () -- C:\Windows\3015zha95tool299.dll
[2009/12/07 12:46:17 | 00,005,680 | ---- | M] () -- C:\Windows\1zf6a5d9are2031.exe
[2009/12/07 07:00:42 | 00,015,974 | ---- | M] () -- C:\Windows\25147worm4z69.dll
[2009/12/06 19:41:25 | 00,007,999 | ---- | M] () -- C:\Windows\System32\1z92sp5rse3152.exe
[2009/12/05 22:07:13 | 00,015,103 | ---- | M] () -- C:\Windows\295z2wo9m2ab5.exe
[2009/12/05 20:22:51 | 00,003,478 | ---- | M] () -- C:\Windows\10z2bac95oor68.cpl
[2009/12/05 19:15:28 | 00,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2009/12/05 19:15:28 | 00,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2009/12/05 12:56:25 | 00,013,859 | ---- | M] () -- C:\Windows\16190ha5ktozl4f0.ocx
[2009/12/04 16:14:31 | 00,003,271 | ---- | M] () -- C:\Windows\1579addw9re2847z.ocx
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/03 05:24:54 | 00,003,930 | ---- | M] () -- C:\Windows\28c9teal3135z.exe
[2009/12/02 12:52:06 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2009/12/02 05:39:10 | 00,007,190 | ---- | M] () -- C:\Windows\System32\347fvz91753.cpl
[2009/11/30 16:42:10 | 00,000,022 | ---- | M] () -- C:\Users\palma\Pictures.zip
[2009/11/30 11:33:46 | 00,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009/11/27 05:20:06 | 00,003,295 | ---- | M] () -- C:\Windows\System32\1932no5za-virus7b8.exe
[2009/11/27 04:31:33 | 00,007,821 | ---- | M] () -- C:\Windows\System32\1cec9ir2z50.ocx
[2009/11/26 17:04:09 | 00,006,527 | ---- | M] () -- C:\Windows\124579zrus346.cpl
[2009/11/26 11:47:20 | 00,013,809 | ---- | M] () -- C:\Windows\32eca5dwar9208z.bin
[2009/11/26 11:30:40 | 00,003,143 | ---- | M] () -- C:\Windows\3170bzckdoor20905.dll
[2009/11/25 16:54:34 | 00,008,412 | ---- | M] () -- C:\Windows\System32\9465spam9zt7e5.cpl
[2009/11/24 15:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/11/24 15:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/11/24 15:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/11/23 16:26:54 | 00,005,744 | ---- | M] () -- C:\Windows\System32\30z00t59j445.cpl
[2009/11/21 22:31:06 | 00,011,970 | ---- | M] () -- C:\Windows\9084spamzot75c5.ocx
[2009/11/21 00:46:32 | 00,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2009/11/20 19:47:25 | 23,694,0897 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/19 19:08:28 | 00,004,643 | ---- | M] () -- C:\Windows\System32\24603hack5oolzc69.ocx
[2009/11/19 02:46:39 | 00,006,004 | ---- | M] () -- C:\Windows\2167spzm59t620.dll
[2009/11/18 16:20:34 | 00,000,760 | ---- | M] () -- C:\Users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/11/18 14:35:40 | 00,006,494 | ---- | M] () -- C:\Windows\58acspa5ze9703.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:19 am

========== Files Created - No Company Name ==========

[2099/12/31 21:37:12 | 00,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2099/12/31 21:37:11 | 00,014,182 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib
[2099/12/31 21:35:51 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2099/12/31 21:35:37 | 00,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/12/22 10:02:51 | 00,017,339 | ---- | C] () -- C:\Windows\System32\1cd5addwarez905.cpl
[2009/12/19 23:10:46 | 00,005,537 | ---- | C] () -- C:\Windows\System32\5bf9vir98z35.ocx
[2009/12/19 04:51:23 | 00,005,164 | ---- | C] () -- C:\Windows\System32\32039zackt5ol4ed.bin
[2009/12/18 11:37:25 | 00,007,894 | ---- | C] () -- C:\Windows\System32\71f6do9nlzader2576.dll
[2009/12/17 16:02:09 | 01,401,344 | ---- | C] () -- C:\Users\palma\Desktop\HijackThis.msi
[2009/12/17 13:27:34 | 03,854,383 | ---- | C] () -- C:\Users\palma\Desktop\Combo-Fix.exe
[2009/12/17 12:23:24 | 00,001,811 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/17 12:23:07 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/12/17 11:51:44 | 00,000,624 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/17 04:52:28 | 00,013,794 | ---- | C] () -- C:\Windows\System32\15fasza9se2583.ocx
[2009/12/15 18:48:50 | 00,000,411 | ---- | C] () -- C:\ProgramData\MagicTranslator.ini
[2009/12/14 20:28:33 | 03,510,774 | ---- | C] () -- C:\Users\palma\Desktop\Everbody Sample trixxxxx.mp3
[2009/12/14 19:32:39 | 88,047,728 | ---- | C] () -- C:\Users\palma\Documents\clip.avi
[2009/12/14 19:23:06 | 00,015,981 | ---- | C] () -- C:\Windows\22045hre9z8237.dll
[2009/12/14 19:23:06 | 00,012,302 | ---- | C] () -- C:\Windows\120349pzm5ot4c5.ocx
[2009/12/14 19:23:06 | 00,011,730 | ---- | C] () -- C:\Windows\3z95s9eal1256.bin
[2009/12/13 19:33:25 | 00,004,020 | ---- | C] () -- C:\Windows\System32\9005h9cktool51az.bin
[2009/12/13 19:08:43 | 00,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/12/13 10:26:16 | 00,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Requiem.lnk
[2009/12/12 13:35:29 | 03,135,125 | ---- | C] () -- C:\Users\palma\Desktop\just begun .mp3
[2009/12/11 23:02:09 | 00,015,490 | ---- | C] () -- C:\Windows\System32\2bb9zackdoor15535.bin
[2009/12/11 16:33:03 | 00,000,687 | ---- | C] () -- C:\Users\palma\Desktop\Warcraft III.lnk
[2009/12/10 10:04:05 | 00,012,084 | ---- | C] () -- C:\Windows\758dzhr9at2486.exe
[2009/12/09 20:00:25 | 00,006,302 | ---- | C] () -- C:\Windows\3015zha95tool299.dll
[2009/12/07 12:46:17 | 00,005,680 | ---- | C] () -- C:\Windows\1zf6a5d9are2031.exe
[2009/12/07 07:00:42 | 00,015,974 | ---- | C] () -- C:\Windows\25147worm4z69.dll
[2009/12/06 19:41:25 | 00,007,999 | ---- | C] () -- C:\Windows\System32\1z92sp5rse3152.exe
[2009/12/05 22:07:13 | 00,015,103 | ---- | C] () -- C:\Windows\295z2wo9m2ab5.exe
[2009/12/05 20:22:51 | 00,003,478 | ---- | C] () -- C:\Windows\10z2bac95oor68.cpl
[2009/12/05 19:14:12 | 00,076,197 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/12/05 19:14:12 | 00,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2009/12/05 12:56:25 | 00,013,859 | ---- | C] () -- C:\Windows\16190ha5ktozl4f0.ocx
[2009/12/04 16:14:31 | 00,003,271 | ---- | C] () -- C:\Windows\1579addw9re2847z.ocx
[2009/12/03 05:24:54 | 00,003,930 | ---- | C] () -- C:\Windows\28c9teal3135z.exe
[2009/12/02 12:52:06 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2009/12/02 05:39:10 | 00,007,190 | ---- | C] () -- C:\Windows\System32\347fvz91753.cpl
[2009/11/30 16:42:10 | 00,000,022 | ---- | C] () -- C:\Users\palma\Pictures.zip
[2009/11/30 11:33:46 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/27 05:20:06 | 00,003,295 | ---- | C] () -- C:\Windows\System32\1932no5za-virus7b8.exe
[2009/11/27 04:31:33 | 00,007,821 | ---- | C] () -- C:\Windows\System32\1cec9ir2z50.ocx
[2009/11/26 17:04:09 | 00,006,527 | ---- | C] () -- C:\Windows\124579zrus346.cpl
[2009/11/26 11:47:20 | 00,013,809 | ---- | C] () -- C:\Windows\32eca5dwar9208z.bin
[2009/11/26 11:30:40 | 00,003,143 | ---- | C] () -- C:\Windows\3170bzckdoor20905.dll
[2009/11/25 16:54:34 | 00,008,412 | ---- | C] () -- C:\Windows\System32\9465spam9zt7e5.cpl
[2009/11/23 16:26:54 | 00,005,744 | ---- | C] () -- C:\Windows\System32\30z00t59j445.cpl
[2009/11/21 22:31:06 | 00,011,970 | ---- | C] () -- C:\Windows\9084spamzot75c5.ocx
[2009/11/19 19:08:28 | 00,004,643 | ---- | C] () -- C:\Windows\System32\24603hack5oolzc69.ocx
[2009/11/19 02:46:39 | 00,006,004 | ---- | C] () -- C:\Windows\2167spzm59t620.dll
[2009/11/18 16:20:34 | 00,000,760 | ---- | C] () -- C:\Users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/11/18 14:35:40 | 00,006,494 | ---- | C] () -- C:\Windows\58acspa5ze9703.exe
[2009/11/16 20:59:50 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/16 20:34:25 | 00,000,230 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/09 19:27:46 | 00,007,554 | ---- | C] () -- C:\Windows\16321spam9ot5az.dll
[2009/10/29 18:58:23 | 00,000,031 | ---- | C] () -- C:\Windows\tdlp32.ini
[2009/10/27 06:59:14 | 00,003,301 | ---- | C] () -- C:\Windows\System32\258bth9zat28367.dll
[2009/10/03 15:57:06 | 00,018,175 | ---- | C] () -- C:\Windows\System32\b5bthie928z9.dll
[2009/09/26 12:53:20 | 00,008,052 | ---- | C] () -- C:\Windows\26765worz579.dll
[2009/09/22 10:50:06 | 00,008,495 | ---- | C] () -- C:\Windows\System32\33e5bac9door51z7.dll
[2009/09/20 11:52:24 | 00,007,882 | ---- | C] () -- C:\Windows\System32\5ed9addwarz8379.dll
[2009/09/16 13:17:26 | 00,009,215 | ---- | C] () -- C:\Windows\System32\63c19tezl1950.dll
[2009/09/14 16:32:51 | 00,004,403 | ---- | C] () -- C:\Windows\16e49zdware1065.dll
[2009/09/06 09:59:23 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdjcoin.dll
[2009/09/06 09:58:07 | 00,000,060 | ---- | C] () -- C:\Windows\System32\lxdjrwrd.ini
[2009/09/06 09:57:56 | 00,286,720 | ---- | C] () -- C:\Windows\System32\lxdjinst.dll
[2009/09/06 09:57:54 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdjgrd.dll
[2009/09/05 20:24:33 | 00,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009/09/05 20:24:32 | 00,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009/09/03 19:33:08 | 00,017,939 | ---- | C] () -- C:\Windows\z5639not5a-virus585.dll
[2009/08/28 06:20:03 | 00,007,568 | ---- | C] () -- C:\Windows\20501zroj359.dll
[2009/08/26 15:38:56 | 00,014,282 | ---- | C] () -- C:\Windows\System32\30514s9zmbot1e1.dll
[2009/08/26 15:38:55 | 00,017,757 | ---- | C] () -- C:\Windows\System32\3b03a5dwzre9095.dll
[2009/08/26 15:38:55 | 00,014,890 | ---- | C] () -- C:\Windows\259z19py53c.dll
[2009/08/26 15:38:55 | 00,010,347 | ---- | C] () -- C:\Windows\System32\699adownloader3591z.dll
[2009/08/26 15:38:55 | 00,009,526 | ---- | C] () -- C:\Windows\System32\7d6a5own9oadzr683.dll
[2009/08/26 15:38:55 | 00,006,864 | ---- | C] () -- C:\Windows\System32\28822tr9z3d5.dll
[2009/08/26 15:38:55 | 00,006,543 | ---- | C] () -- C:\Windows\95025spzmbot8c.dll
[2009/08/26 15:38:55 | 00,006,305 | ---- | C] () -- C:\Windows\316495ozmd1.dll
[2009/08/26 15:38:55 | 00,005,263 | ---- | C] () -- C:\Windows\System32\409759dzare2616.dll
[2009/08/26 15:38:55 | 00,004,832 | ---- | C] () -- C:\Windows\System32\z301s95al2315.dll
[2009/08/26 15:38:54 | 00,018,182 | ---- | C] () -- C:\Windows\255z3spy934.dll
[2009/08/26 15:38:54 | 00,018,079 | ---- | C] () -- C:\Windows\System32\e7asz9rse24355.dll
[2009/08/26 15:38:54 | 00,016,903 | ---- | C] () -- C:\Windows\1z098tro55d79.dll
[2009/08/26 15:38:54 | 00,015,282 | ---- | C] () -- C:\Windows\15934z59j646.dll
[2009/08/26 15:38:54 | 00,015,223 | ---- | C] () -- C:\Windows\System32\33b2spzwa9e2925.dll
[2009/08/26 15:38:54 | 00,010,748 | ---- | C] () -- C:\Windows\System32\57zfvir9918.dll
[2009/08/26 15:38:54 | 00,010,046 | ---- | C] () -- C:\Windows\174209ozm51c.dll
[2009/08/26 15:38:54 | 00,007,010 | ---- | C] () -- C:\Windows\System32\570aste5l1z9.dll
[2009/08/26 15:38:54 | 00,006,703 | ---- | C] () -- C:\Windows\System32\15933h59kzool193.dll
[2009/08/26 15:38:54 | 00,005,632 | ---- | C] () -- C:\Windows\5d89vi9965z.dll
[2009/08/26 15:38:54 | 00,004,332 | ---- | C] () -- C:\Windows\9758spywarz5505.dll
[2009/08/26 15:38:54 | 00,003,352 | ---- | C] () -- C:\Windows\System32\18009t5oj4ez.dll
[2009/08/22 12:26:38 | 00,011,908 | ---- | C] () -- C:\Program Files\Common Files\cidixek.scr
[2009/08/21 14:55:20 | 00,017,691 | ---- | C] () -- C:\Users\palma\AppData\Local\fafy.dl
[2009/08/21 14:55:20 | 00,016,971 | ---- | C] () -- C:\Program Files\Common Files\mesuhan.bin
[2009/08/21 14:55:20 | 00,016,427 | ---- | C] () -- C:\Users\palma\AppData\Local\axalywi._dl
[2009/08/21 14:55:20 | 00,016,290 | ---- | C] () -- C:\Program Files\Common Files\qareq.com
[2009/08/21 14:55:20 | 00,016,122 | ---- | C] () -- C:\Users\palma\AppData\Local\ybezi.com
[2009/08/21 14:55:20 | 00,015,836 | ---- | C] () -- C:\ProgramData\ijarihy.lib
[2009/08/21 14:55:20 | 00,014,757 | ---- | C] () -- C:\Users\palma\AppData\Roaming\izahyv.sys
[2009/08/21 14:55:20 | 00,014,581 | ---- | C] () -- C:\Program Files\Common Files\neluje.lib
[2009/08/21 14:55:20 | 00,013,293 | ---- | C] () -- C:\Program Files\Common Files\ozuwuhedat.dl
[2009/08/21 14:55:20 | 00,012,213 | ---- | C] () -- C:\Program Files\Common Files\witewifag.dat
[2009/08/21 14:55:20 | 00,010,051 | ---- | C] () -- C:\Users\palma\AppData\Roaming\evysunyd.ban
[2009/08/20 17:08:25 | 00,056,320 | ---- | C] () -- C:\Windows\System32\ESQULxpjsieveymjkmpubwkhtabqrbuoliajt.dll
[2009/08/20 17:08:24 | 00,087,040 | ---- | C] () -- C:\Windows\System32\drivers\ESQULxcvndrwpdgqnpbbrxeoxmbpfxnvliqsv.sys
[2009/08/18 16:06:21 | 00,009,034 | ---- | C] () -- C:\Windows\72889tealz335.dll
[2009/08/12 14:56:29 | 00,014,157 | ---- | C] () -- C:\Windows\System32\3cdzs5ywa9e3192.dll
[2009/08/12 07:15:33 | 00,006,788 | ---- | C] () -- C:\Windows\5599zownloader2556.dll
[2009/08/09 13:55:25 | 00,017,500 | ---- | C] () -- C:\Windows\System32\159265oz9353.dll
[2009/08/05 00:23:30 | 00,011,691 | ---- | C] () -- C:\Windows\617dow9loade5198z.dll
[2009/08/02 16:27:29 | 00,011,040 | ---- | C] () -- C:\Windows\630zspy955.dll
[2009/08/02 14:32:36 | 00,005,736 | ---- | C] () -- C:\Windows\System32\58cdsp9rse3z39.dll
[2009/07/27 06:36:48 | 00,013,643 | ---- | C] () -- C:\Windows\26432zroj59e.dll
[2009/07/22 09:50:15 | 00,007,646 | ---- | C] () -- C:\Windows\System32\c50bzck9oor468.dll
[2009/07/19 09:57:13 | 00,010,342 | ---- | C] () -- C:\Windows\System32\2053backdo9r65z.dll
[2009/07/19 06:21:35 | 00,007,990 | ---- | C] () -- C:\Windows\569hackzool29f.dll
[2009/07/08 23:56:31 | 00,016,970 | ---- | C] () -- C:\Windows\24032s5y4z99.dll
[2009/07/05 07:31:56 | 00,018,170 | ---- | C] () -- C:\Windows\6905vi5us7zb.dll
[2009/06/20 11:44:42 | 00,016,303 | ---- | C] () -- C:\Windows\73919hie5z55.dll
[2009/06/18 14:39:39 | 02,121,728 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2009/06/16 12:21:08 | 00,009,087 | ---- | C] () -- C:\Windows\System32\636e9iz5049.dll
[2009/06/16 06:45:02 | 00,008,865 | ---- | C] () -- C:\Windows\13527t9oj29ez.dll
[2009/06/10 17:51:24 | 00,003,571 | ---- | C] () -- C:\Windows\System32\2dcd9hzeat25229.dll
[2009/06/07 02:17:02 | 00,010,265 | ---- | C] () -- C:\Windows\System32\5205sparsz429.dll
[2009/06/03 19:19:50 | 00,002,587 | ---- | C] () -- C:\Windows\393b5ir29z9.dll
[2009/05/31 21:33:06 | 00,016,683 | ---- | C] () -- C:\Windows\3174spz595.dll
[2009/05/29 12:22:20 | 01,712,128 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009/05/21 14:09:34 | 00,010,217 | ---- | C] () -- C:\Windows\System32\5bz89hief2528.dll
[2009/05/21 06:35:59 | 00,005,810 | ---- | C] () -- C:\Windows\269c5pyw9re30z3.dll
[2009/05/16 00:09:23 | 00,017,630 | ---- | C] () -- C:\Windows\6053sparsz9789.dll
[2009/05/15 19:22:50 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/05/05 01:45:43 | 00,012,895 | ---- | C] () -- C:\Windows\System32\z9456not-9-virusf.dll
[2009/05/01 01:20:41 | 00,013,587 | ---- | C] () -- C:\Windows\468295azse1584.dll
[2009/04/29 16:20:14 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/28 06:27:51 | 00,016,024 | ---- | C] () -- C:\Windows\39f6t5ief2040z.dll
[2009/04/25 03:53:19 | 00,004,573 | ---- | C] () -- C:\Windows\18056spy9dz.dll
[2009/04/24 08:25:47 | 00,005,102 | ---- | C] () -- C:\Windows\75z6spyware919.dll
[2009/04/21 22:30:00 | 00,003,023 | ---- | C] () -- C:\Windows\System32\975csparse9z5.dll
[2009/04/20 16:18:04 | 00,014,216 | ---- | C] () -- C:\Windows\System32\2511zh5cktool19.dll
[2009/04/16 21:45:41 | 00,002,603 | ---- | C] () -- C:\Windows\53759py2z8.dll
[2009/04/16 18:37:50 | 00,009,202 | ---- | C] () -- C:\Windows\zbe5spyware3759.dll
[2009/04/13 22:09:22 | 00,003,996 | ---- | C] () -- C:\Windows\99z35hacktool3e.dll
[2009/04/08 19:23:58 | 00,012,338 | ---- | C] () -- C:\Windows\System32\997fzh5ef1736.dll
[2009/04/04 02:19:59 | 00,003,185 | ---- | C] () -- C:\Windows\195z1troj736.dll
[2009/04/03 12:53:06 | 00,012,447 | ---- | C] () -- C:\Windows\System32\6589szywar91433.dll
[2009/03/23 02:57:40 | 00,016,868 | ---- | C] () -- C:\Windows\5534zi53917.dll
[2009/03/08 07:25:55 | 00,010,137 | ---- | C] () -- C:\Windows\580z7spy2df9.dll
[2009/03/04 16:59:25 | 00,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2009/02/25 12:48:24 | 00,004,370 | ---- | C] () -- C:\Windows\System32\3705hzcktool739.dll
[2009/02/25 05:55:18 | 00,005,193 | ---- | C] () -- C:\Windows\System32\z459thi5f1433.dll
[2009/02/07 23:06:20 | 00,015,631 | ---- | C] () -- C:\Windows\System32\21261haczt95l5f9.dll
[2009/01/21 06:43:47 | 00,002,708 | ---- | C] () -- C:\Windows\System32\6285hzef23459.dll
[2009/01/20 08:42:30 | 00,012,630 | ---- | C] () -- C:\Windows\5385threat193z09.dll
[2009/01/18 09:57:36 | 00,007,066 | ---- | C] () -- C:\Windows\System32\z34929o5m221.dll
[2009/01/16 22:07:25 | 00,003,262 | ---- | C] () -- C:\Users\palma\AppData\Roaming\da63de31ef3ac358
[2009/01/16 22:07:10 | 00,003,262 | ---- | C] () -- C:\Users\palma\AppData\Roaming\d85e19205768c6d9
[2009/01/16 22:06:24 | 00,000,128 | -H-- | C] () -- C:\Users\palma\AppData\Local\Thumbs.db
[2009/01/16 21:59:49 | 00,167,936 | ---- | C] () -- C:\Windows\System32\wtx60497.dll
[2009/01/11 14:25:04 | 00,017,603 | ---- | C] () -- C:\Windows\System32\62b05i92706z.dll
[2009/01/05 14:37:33 | 00,016,044 | ---- | C] () -- C:\Windows\System32\5456spywaze24699.dll
[2009/01/05 05:10:18 | 00,002,678 | ---- | C] () -- C:\Windows\391cthr9at3895z.dll
[2009/01/03 20:41:18 | 00,009,607 | ---- | C] () -- C:\Windows\System32\4928backdoo52517z.dll
[2008/12/31 20:53:20 | 00,009,153 | ---- | C] () -- C:\Windows\System32\4925back5ooz1898.dll
[2008/12/16 10:09:52 | 00,017,795 | ---- | C] () -- C:\Windows\749zsteal1055.dll
[2008/12/09 18:13:05 | 02,076,672 | ---- | C] () -- C:\Windows\System32\dz3delight.dll
[2008/12/09 18:13:04 | 06,131,712 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2008/12/09 18:13:04 | 01,785,856 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2008/11/24 04:53:53 | 00,004,052 | ---- | C] () -- C:\Windows\System32\z1b3add9ar5262.dll
[2008/11/19 07:17:51 | 00,014,693 | ---- | C] () -- C:\Windows\549aba5kdozr1113.dll
[2008/11/04 03:33:27 | 00,016,563 | ---- | C] () -- C:\Windows\73f9addware5z29.dll
[2008/11/03 11:15:38 | 00,010,139 | ---- | C] () -- C:\Windows\System32\z1fed5wnloade93185.dll
[2008/10/23 00:19:36 | 00,002,731 | ---- | C] () -- C:\Windows\9572virz82.dll
[2008/10/22 04:28:14 | 00,014,089 | ---- | C] () -- C:\Windows\9769tro52z2.dll
[2008/10/19 20:05:14 | 00,013,053 | ---- | C] () -- C:\Windows\459bzir20.dll
[2008/10/16 12:05:14 | 00,014,304 | ---- | C] () -- C:\Windows\189z99a5ktool248.dll
[2008/10/15 20:53:21 | 00,012,554 | ---- | C] () -- C:\Windows\7688wor9485z.dll
[2008/10/14 02:19:43 | 00,007,735 | ---- | C] () -- C:\Windows\System32\5c1ct5iefz598.dll
[2008/10/04 13:07:54 | 00,005,295 | ---- | C] () -- C:\Windows\System32\22353szy792.dll
[2008/10/01 10:10:33 | 00,004,426 | ---- | C] () -- C:\Windows\System32\34b2t9reat590z5.dll
[2008/09/28 05:17:17 | 00,009,826 | ---- | C] () -- C:\Windows\z9be9a5kdoor2598.dll
[2008/09/17 21:24:41 | 00,016,350 | ---- | C] () -- C:\Windows\58e69zarse1889.dll
[2008/09/11 20:16:36 | 00,010,654 | ---- | C] () -- C:\Windows\System32\51636sp924z.dll
[2008/09/11 16:06:02 | 00,012,257 | ---- | C] () -- C:\Windows\System32\65c29p5warez871.dll
[2008/08/13 16:18:42 | 00,015,109 | ---- | C] () -- C:\Windows\4057vir99z.dll
[2008/08/08 15:35:28 | 00,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/07/24 22:38:21 | 00,005,975 | ---- | C] () -- C:\Windows\System32\27878spam5ot3z9.dll
[2008/07/20 00:12:54 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/07/20 00:12:54 | 00,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/07/18 17:18:32 | 00,013,572 | ---- | C] () -- C:\Windows\System32\4b64down5oa9erz47.dll
[2008/07/15 07:43:51 | 00,017,939 | ---- | C] () -- C:\Windows\6e05z9kdoor2833.dll
[2008/06/24 20:54:57 | 00,010,656 | ---- | C] () -- C:\Windows\System32\50f2threzt17291.dll
[2008/06/23 23:12:53 | 00,018,229 | ---- | C] () -- C:\Windows\2569sp9z94.dll
[2008/06/19 06:36:57 | 00,015,482 | ---- | C] () -- C:\Windows\z9bdspa9s52544.dll
[2008/06/19 05:16:24 | 00,014,119 | ---- | C] () -- C:\Windows\20793not-5-vizus13e9.dll
[2008/06/17 08:41:44 | 00,001,100 | ---- | C] () -- C:\Users\palma\AppData\Local\d3d8caps.dat
[2008/06/16 21:18:28 | 00,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2008/06/16 21:18:27 | 00,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2008/06/16 21:18:26 | 12,214,272 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2008/06/13 02:42:33 | 00,010,878 | ---- | C] () -- C:\Windows\19145notza-virus2ae.dll
[2008/06/11 19:15:07 | 00,014,937 | ---- | C] () -- C:\Windows\6zb8threa59260.dll
[2008/06/05 19:29:14 | 00,007,884 | ---- | C] () -- C:\Windows\System32\563ft5z9at31091.dll
[2008/05/27 17:47:00 | 00,002,770 | ---- | C] () -- C:\Windows\WoWEmuHackSettings.ini
[2008/05/17 02:27:43 | 00,001,299 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/05/16 19:50:41 | 00,010,901 | ---- | C] () -- C:\Windows\System32\ze09parse3544.dll
[2008/05/13 22:41:40 | 00,010,644 | ---- | C] () -- C:\Windows\System32\221bt95ef31z2.dll
[2008/05/11 12:10:58 | 00,017,221 | ---- | C] () -- C:\Windows\359edoznloade5956.dll
[2008/05/05 14:41:02 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/02 20:05:21 | 00,009,836 | ---- | C] () -- C:\Windows\System32\2d555ir9452z.dll
[2008/04/25 04:10:03 | 00,010,122 | ---- | C] () -- C:\Windows\System32\7d78s9arsz537.dll
[2008/04/24 15:18:54 | 00,006,485 | ---- | C] () -- C:\Windows\System32\6156vi957z.dll
[2008/04/18 06:49:29 | 00,006,889 | ---- | C] () -- C:\Windows\System32\488b5h9zf2248.dll
[2008/04/18 04:14:21 | 00,007,794 | ---- | C] () -- C:\Windows\5568t5ie9947z.dll
[2008/04/16 11:24:28 | 00,015,939 | ---- | C] () -- C:\Windows\System32\29z21no9-a-5irus371.dll
[2008/04/15 21:36:40 | 00,006,982 | ---- | C] () -- C:\Windows\3e95zhief1989.dll
[2008/04/14 11:47:17 | 00,014,925 | ---- | C] () -- C:\Windows\30559azkdoor286.dll
[2008/04/13 20:05:18 | 00,000,600 | ---- | C] () -- C:\Users\palma\AppData\Local\PUTTY.RND
[2008/04/13 19:47:17 | 00,000,600 | ---- | C] () -- C:\Users\palma\AppData\Roaming\winscp.rnd
[2008/04/13 08:36:27 | 00,010,971 | ---- | C] () -- C:\Windows\System32\29640vir5z234.dll
[2008/04/10 15:26:17 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/04/04 21:55:16 | 00,003,291 | ---- | C] () -- C:\Windows\1747t9ief53z5.dll
[2008/04/02 16:01:57 | 00,017,658 | ---- | C] () -- C:\Windows\2975thief14z5.dll
[2008/03/31 22:34:56 | 00,004,871 | ---- | C] () -- C:\Windows\15757s5a9bot5z4.dll
[2008/03/28 04:30:20 | 00,003,778 | ---- | C] () -- C:\Windows\537229roj7z3.dll
[2008/03/18 05:01:04 | 00,017,707 | ---- | C] () -- C:\Windows\16268spamb5t1z9.dll
[2008/03/16 19:48:54 | 00,002,771 | ---- | C] () -- C:\Windows\17573zacktool4389.dll
[2008/03/13 07:05:32 | 00,004,995 | ---- | C] () -- C:\Windows\22265not-a9virusz2c.dll
[2008/03/13 04:08:53 | 00,005,521 | ---- | C] () -- C:\Windows\5cz9threat4526.dll
[2008/03/10 18:25:12 | 00,016,739 | ---- | C] () -- C:\Windows\1952zhief5579.dll
[2008/02/26 12:20:52 | 00,006,892 | ---- | C] () -- C:\Users\palma\AppData\Local\d3d9caps.dat
[2008/02/22 20:32:13 | 00,000,106 | ---- | C] () -- C:\Windows\System32\pluginloader.ini
[2008/02/05 12:28:20 | 00,000,051 | ---- | C] () -- C:\Users\palma\AppData\Local\setup.txt
[2008/02/02 19:55:49 | 00,014,502 | ---- | C] () -- C:\Windows\System32\9f18thief320z5.dll
[2008/01/26 23:55:22 | 00,016,094 | ---- | C] () -- C:\Windows\System32\1293a9zware1256.dll
[2008/01/23 14:18:06 | 00,013,308 | ---- | C] () -- C:\Windows\System32\z9929t5oj188.dll
[2008/01/20 02:45:11 | 00,003,076 | ---- | C] () -- C:\Windows\System32\9a75vzr529.dll
[2008/01/19 15:40:28 | 00,009,063 | ---- | C] () -- C:\Windows\7b29bac5zoor1325.dll
[2008/01/17 20:55:16 | 01,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2008/01/16 06:49:04 | 00,006,836 | ---- | C] () -- C:\Windows\5782wz5m6819.dll
[2008/01/15 14:49:12 | 00,003,600 | ---- | C] () -- C:\Windows\System32\5a58thief11z95.dll
[2008/01/14 06:52:00 | 00,011,454 | ---- | C] () -- C:\Windows\3775tzoj6939.dll
[2008/01/13 22:43:49 | 00,004,596 | ---- | C] () -- C:\Windows\System32\954zworm27e.dll
[2008/01/08 03:14:16 | 00,013,443 | ---- | C] () -- C:\Windows\System32\99085ot-a-viruszb6.dll
[2008/01/07 16:12:37 | 00,005,946 | ---- | C] () -- C:\Windows\System32\14847hzcktoo955e.dll
[2008/01/06 22:40:04 | 00,006,051 | ---- | C] () -- C:\Windows\System32\7e70vir9351z.dll
[2008/01/05 21:53:12 | 00,006,819 | ---- | C] () -- C:\Windows\System32\493zthi5f2116.dll
[2008/01/02 20:53:03 | 00,017,873 | ---- | C] () -- C:\Windows\System32\609vi5us9f6z.dll
[2007/09/23 19:46:08 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/09/23 19:45:05 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/09/23 19:45:05 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/09/23 19:45:05 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/06/30 00:44:52 | 00,129,300 | ---- | C] () -- C:\Users\palma\AppData\Roaming\Cosmos Prefs
[2007/05/20 17:17:34 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcqcoin.dll
[2007/05/20 17:14:53 | 00,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/05/20 17:14:53 | 00,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/05/20 17:14:09 | 00,274,432 | ---- | C] () -- C:\Windows\System32\DLCQinst.dll
[2007/05/20 13:18:02 | 00,009,356 | ---- | C] () -- C:\Users\palma\AppData\Roaming\wklnhst.dat
[2007/05/09 17:09:29 | 00,124,928 | ---- | C] () -- C:\Users\palma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/05 13:49:31 | 00,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/04/05 13:49:31 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/04/05 13:49:31 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/05 13:49:31 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/07 11:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 22:54:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/10/31 22:52:38 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/10/20 19:26:34 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcqinsr.dll
[2006/10/20 19:25:52 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcqcur.dll
[2006/10/20 19:22:56 | 00,139,264 | ---- | C] () -- C:\Windows\System32\dlcqjswr.dll
[2006/10/20 19:17:44 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcqinsb.dll
[2006/10/20 19:17:00 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcqcub.dll
[2006/10/20 19:15:28 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcqcu.dll
[2006/10/20 19:14:54 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcqins.dll
[2006/10/20 19:09:16 | 00,454,656 | ---- | C] () -- C:\Windows\System32\dlcqutil.dll
[2006/10/20 18:46:42 | 00,188,416 | ---- | C] () -- C:\Windows\System32\dlcqgrd.dll
[2006/09/16 20:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 20:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 05:12:00 | 00,077,824 | ---- | C] () -- C:\Windows\System32\dlcqcfg.dll
[2006/08/14 16:32:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dlcqcaps.dll
[2006/08/08 14:58:04 | 00,692,224 | ---- | C] () -- C:\Windows\System32\dlcqdrs.dll
[2006/05/18 06:47:12 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdjvs.dll
[2006/05/09 09:10:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcqcnv4.dll
[2006/04/25 02:11:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcqvs.dll
[2004/05/07 01:12:19 | 00,184,320 | ---- | C] () -- C:\Windows\System32\FlashIcon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\palma\Documents\clip0001.avi:TOC.WMV
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C5760A8B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0766416E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6
< End of report >

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:21 am

OTL Extras logfile created on: 12/17/2009 4:13:03 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\palma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 87.22% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 42.33 Gb Free Space | 19.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.06 Gb Free Space | 60.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PALMA-PC
Current User Name: palma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\SubaGames\ACEonline\Launcher.atm" = C:\Program Files\SubaGames\ACEonline\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe" = C:\Program Files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Users\Public\Combat Arms\CombatArms.exe" = C:\Users\Public\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Users\Public\Combat Arms\Engine.exe" = C:\Users\Public\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C045D7-2287-4ABD-AB52-9707F90FDF86}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{229014AC-30C4-4923-8EBA-65D9758AE010}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3FFBF5BD-66FA-4F80-9506-D95C5617235C}" = lport=5358 | protocol=6 | dir=in | app=system |
"{4EB68EF6-DF26-4132-B2EA-D8C111F28159}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7A503237-EBE8-4AA3-8D3C-7F4AA546EFD1}" = rport=5358 | protocol=6 | dir=out | app=system |
"{82052F62-5707-483A-9367-951B5AA82B43}" = rport=5357 | protocol=6 | dir=out | app=system |
"{853BDBA9-4654-43A6-9D82-5FE62C73C29A}" = lport=5357 | protocol=6 | dir=in | app=system |
"{AC069128-C212-4AF3-9D23-2E7C1F47B4DF}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088C0106-E6F1-41C6-AC27-F044289E4A93}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{246D73E6-C935-4E34-98BF-2824993E58E3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{38613A9A-BFAD-4F99-9EAA-35710B73197A}" = protocol=17 | dir=in | app=c:\users\public\warcraft iii\warcraft iii.exe |
"{4F3DD002-8000-4A12-88DF-6E1C74E92D8B}" = protocol=6 | dir=in | app=c:\users\public\warcraft iii\frozen throne.exe |
"{56FCD3A0-32CB-46E2-825C-22C67B54AD52}" = protocol=17 | dir=in | app=c:\users\public\warcraft iii\world editor.exe |
"{63504BDF-310F-47B1-86B0-B2CFDB68137F}" = protocol=6 | dir=in | app=c:\users\public\warcraft iii\warcraft iii.exe |
"{6DB63A02-E114-4455-9F9D-F6FAFC61C905}" = protocol=6 | dir=in | app=c:\users\public\warcraft iii\world editor.exe |
"{729DE0AE-94DF-4F94-9D44-433AD4DB91ED}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{91815BD8-3F1D-424C-B3A7-6AD35A31CA08}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FDA9F548-736C-4AD6-AC8E-25B4508A3E99}" = protocol=17 | dir=in | app=c:\users\public\warcraft iii\frozen throne.exe |
"TCP Query User{029F5DD2-CEAD-4A16-A046-05BFAC26D633}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe |
"TCP Query User{07C785E4-9D67-42CC-AD52-FB44B2FD4155}C:\users\palma\desktop\new folder\thralas\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\thralas\arcemu\arcemu-world.exe |
"TCP Query User{09A9ABE2-E653-4513-A165-C5D8A4EF2B4D}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\source dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\source dedicated server\srcds.exe |
"TCP Query User{1458E5AC-4118-4825-A87D-CAF246E63648}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{234D8899-2E74-4986-9796-0A7F57A78026}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\zombie panic! source\hl2.exe |
"TCP Query User{28680F44-8867-429D-A8D2-D3C69244D07B}C:\users\palma\desktop\new folder\thralas\logon\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\thralas\logon\arcemu-world.exe |
"TCP Query User{286EBF81-E898-4145-836A-F91F1C4C553F}C:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-logonserver.exe |
"TCP Query User{303A8B42-CDA6-4432-9939-013FC5CBF871}C:\users\palma\desktop\new folder\xantic production fun\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\xantic production fun\server\mysql\bin\mysqld.exe |
"TCP Query User{3839B8F5-4A6E-4D5D-B4EA-5A9FBD31AD27}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{4211F7FE-69EF-4446-AC15-B2E01BA2022C}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{4419D699-F020-4B32-8AAA-7B32224936B3}C:\users\palma\desktop\new folder\thralas\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\thralas\server\mysql\bin\mysqld.exe |
"TCP Query User{45083C7F-2DA8-4F84-B21D-4B23E935F05A}C:\users\palma\desktop\new folder\thralas\server\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\thralas\server\apache\bin\apache.exe |
"TCP Query User{4C39D745-C17A-41E3-9E91-13BF00933690}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\day of defeat source\hl2.exe |
"TCP Query User{58544B5A-073A-4615-A8D8-534A22A650D6}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{5AE12D5E-4BE9-4444-ABC3-18CE7A5224B7}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe |
"TCP Query User{5D908CED-C2E8-445D-9CD1-92DB220CF1E8}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe |
"TCP Query User{5DF72EC4-2E37-486C-8BBA-1BE699E8C412}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\counter-strike source\hl2.exe |
"TCP Query User{68330ED1-790B-4D2A-9D00-ED7C1A1CA340}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{68681606-3BF2-4489-A06E-5D86BCAA6DB0}C:\users\palma\desktop\new folder\thralas\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\thralas\arcemu\arcemu-logonserver.exe |
"TCP Query User{774FDDF3-2180-4F9B-9554-5A807CB699FB}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{7BCD38A4-C440-41A1-BB5B-7E7BA8A896BC}C:\users\public\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\public\starcraft\starcraft.exe |
"TCP Query User{8164D688-303C-46AE-9C8A-A6983C53AAC6}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{81B1029C-9251-4824-9F4D-483EA342C713}C:\users\public\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\public\starcraft\starcraft.exe |
"TCP Query User{9463EF74-BBF1-4ABE-BF9E-B5B01C66717A}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{968719E1-C6D7-4990-A288-BD70AB104FB6}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{9F79F039-A9A9-45F8-9F4C-EB9261C70145}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\apache\bin\apache.exe |
"TCP Query User{A5EE6B1D-500C-4201-B615-627A284E770B}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe |
"TCP Query User{A6A31ECC-69F7-495C-8C28-E12DB24B9FD0}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"TCP Query User{B7B2969D-D93A-4190-A864-7F5600A4470E}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{B9EFEE3A-DB5D-4BED-9C81-69D9A549265A}C:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-world.exe |
"TCP Query User{C97BA8C4-CD06-4A22-93EE-3B3CFA38087A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{D520B625-5E69-47BB-B1BD-3E17770CF22B}C:\users\palma\desktop\new folder\keyclone\keyclone.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\keyclone\keyclone.exe |
"TCP Query User{DCF9E8B1-D734-4758-B39C-1AE05F157DE1}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe |
"TCP Query User{DE54BAB7-0546-4CE4-B8D3-453DF8695417}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{E0F21E5C-E288-445B-B354-D0E0600ED375}C:\users\public\halo\haloce.exe" = protocol=6 | dir=in | app=c:\users\public\halo\haloce.exe |
"TCP Query User{E1E945D5-BD94-4567-9C62-77E105911EED}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe |
"TCP Query User{E92017FB-27DC-4D93-8B84-5FCA9A893DA8}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{E93175CD-ACE4-4B2E-B09C-ADB909E950E6}C:\users\public\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\public\warcraft iii\war3.exe |
"TCP Query User{F7F530D7-3943-4612-AD02-1BA2549E041B}C:\users\public\halo\haloce.exe" = protocol=6 | dir=in | app=c:\users\public\halo\haloce.exe |
"TCP Query User{F9C3E254-6868-4DB7-832B-1C125C65993B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{02142C98-ABE0-48FF-87D7-DBEA2424E868}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0390C55E-62D4-4A43-869E-51CD36BD72D8}C:\users\public\halo\haloce.exe" = protocol=17 | dir=in | app=c:\users\public\halo\haloce.exe |
"UDP Query User{0787FFC0-8652-48F7-9091-3FCA4287CD96}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{08D97658-12A6-4391-8D8D-F46E2EC3350F}C:\users\palma\desktop\new folder\keyclone\keyclone.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\keyclone\keyclone.exe |
"UDP Query User{11B7436C-58C7-4AEE-8D9A-24F910A753DC}C:\users\public\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\public\warcraft iii\war3.exe |
"UDP Query User{19CE7DEC-B6C7-42E8-B5B8-22BB83A5EF51}C:\users\palma\desktop\new folder\thralas\server\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\thralas\server\apache\bin\apache.exe |
"UDP Query User{203C08FE-F744-4D9A-B414-8254D1C61526}C:\users\palma\desktop\new folder\xantic production fun\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\xantic production fun\server\mysql\bin\mysqld.exe |
"UDP Query User{2686F840-9255-46AA-B49D-3F2C4DD7273F}C:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-logonserver.exe |
"UDP Query User{2752D961-DC83-4129-905F-FC8895FF37FE}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe |
"UDP Query User{29D14AB1-2D0D-432C-9544-553BB808BE99}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{29F6BA95-7227-4BC5-BDF1-445AB4463D1D}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{3305B9DF-78EF-453C-98C0-D6AF3B4FCD58}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe |
"UDP Query User{38385A11-0BB5-4D91-B835-38AD05E6E772}C:\users\public\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\public\starcraft\starcraft.exe |
"UDP Query User{39BA45DD-7D6E-414D-AF1E-BDFB25528862}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\apache\bin\apache.exe |
"UDP Query User{3A5D2336-9326-4F25-A5FB-7983AC7F535D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{45FFF7AF-C91F-401E-992C-FCDDE594B33F}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\server\mysql\bin\mysqld.exe |
"UDP Query User{5DE7C548-5775-4D0D-A2C0-D59A6E223C7E}C:\users\palma\desktop\new folder\thralas\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\thralas\arcemu\arcemu-logonserver.exe |
"UDP Query User{60939DCB-AB0C-4630-ACEA-C48DF581E053}C:\users\palma\desktop\new folder\thralas\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\thralas\arcemu\arcemu-world.exe |
"UDP Query User{62B10F05-E2DC-42C1-A873-E0D64DBF5049}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{6ECF9AC4-1D5C-478E-AE56-00CFF3DB0DDC}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{76F195EF-8586-49E2-893C-4F96CDC935E7}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\source dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\source dedicated server\srcds.exe |
"UDP Query User{81B17C30-06B5-40B8-87B0-F9172212331F}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{8AD053E4-4FD0-4854-AB89-61CD838C08F8}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe |
"UDP Query User{9F87A0C0-2F6B-4D39-8FE1-AC473081196E}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\day of defeat source\hl2.exe |
"UDP Query User{A921B6FA-F39C-4818-A1EC-1559FE59EB67}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"UDP Query User{AAF921C5-2325-4CB1-AA06-B0DB4B53F65A}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{ADDBC736-7CC5-4248-BB27-1B230398CEBA}C:\users\public\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\public\starcraft\starcraft.exe |
"UDP Query User{B48F8562-5CAD-434A-ACFB-959CDC58E583}C:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\xantic production fun\arcemu\arcemu-world.exe |
"UDP Query User{C20A90E0-BA3E-448E-A246-B76C1CCED0C4}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\counter-strike source\hl2.exe |
"UDP Query User{C463A1CB-F1BA-467D-AE78-63F91B9E6539}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C89382F6-AB5F-458F-B1F7-95078BC1FDE9}C:\users\palma\desktop\new folder\thralas\logon\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\thralas\logon\arcemu-world.exe |
"UDP Query User{CE821C35-A641-4F4A-8794-1205B1769AAB}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D06768CF-11EE-4E6D-AE17-8C92DC21A69F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D6B0B7FA-4D14-486C-B98E-8D3363C6D2C9}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{DB2BCE60-5B81-49BF-ABD6-BE010C035DEB}C:\users\public\steam\steamapps\dj_swift18@yahoo.com\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\users\public\steam\steamapps\dj_swift18@yahoo.com\zombie panic! source\hl2.exe |
"UDP Query User{E51A7768-A7EE-485D-BE40-8E580E91BD89}C:\users\public\halo\haloce.exe" = protocol=17 | dir=in | app=c:\users\public\halo\haloce.exe |
"UDP Query User{E5C92835-2C93-485E-97A4-7044B2AF5F61}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-logonserver.exe |
"UDP Query User{E65D5DFB-8127-4522-B098-D1A64A4EC88E}C:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\winkdogs 3.2.2 repack\arcemu\arcemu-world.exe |
"UDP Query User{F739E63F-5A69-41AA-B5E2-A55F1FD84B1D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{FF39F3F1-19E7-491D-8C79-BFD08A8F20C6}C:\users\palma\desktop\new folder\thralas\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\palma\desktop\new folder\thralas\server\mysql\bin\mysqld.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{46245B5A-9FDE-4F66-B0F4-E686C8637D62}" = Mirar
"{64C96428-3A75-4AAE-A538-C450EF68175F}" = Xara3D6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{F9831B39-277F-4F53-BFB0-12DC90C4CB40}" = Requiem
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 3.1" = Acoustica Mixcraft 3.1
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.7.8
"ASIO4ALL" = ASIO4ALL
"avast!" = avast! Antivirus
"Collab" = Collab
"CurseClient" = Curse Client
"FLV Player" = FLV Player 2.0 (build 25)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Lexmark 1400 Series" = Lexmark 1400 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Magic Translator_is1" = Magic Translator 8.12
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"PremiereAdvertisingPlatformFF" = FFPremiereAdvertisingPlatform
"RealPlayer 12.0" = RealPlayer
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Synthesia" = Synthesia (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TruePianos 40-day Test Version_is1" = TruePianos 1.4.1 40-day Test Version
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Warcraft III" = Warcraft III
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bf392535f062fc65" = KeyMaster - Proj0
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/18/2009 7:57:38 PM | Computer Name = palma-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 4/26/2009 6:08:50 PM | Computer Name = palma-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\palma\AppData\Local\Microsoft\Messenger\xmarcusx123@hotmail.com\SharingMetadata\Working\database_401E_FF4B_1EFF_388C\tmp.edb
failed, 00000026.

Error - 6/19/2009 3:08:01 PM | Computer Name = palma-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 6/19/2009 3:08:01 PM | Computer Name = palma-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 6/19/2009 3:08:04 PM | Computer Name = palma-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 8/21/2009 7:22:07 PM | Computer Name = palma-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000021.

Error - 8/21/2009 7:22:08 PM | Computer Name = palma-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000021.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:22 am

ouch 3 posts lol alot of txt

Re: Cant run Malwarebytes HELP!!!18th December 2009, 1:23 am

Hello.
Thank you, one more log and then we'll get to work killing this, I think there's a rootkit hiding.

Download the GMER rootkit scan from here: GMER

Unzip it and start GMER.
Click the >>> tab and then click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Re: Cant run Malwarebytes HELP!!!18th December 2009, 2:01 am

sorry blue screen error thing had to restart computer.... im now running safe mode with network

Re: Cant run Malwarebytes HELP!!!18th December 2009, 2:27 am

how long is this thing going to take??

Re: Cant run Malwarebytes HELP!!!18th December 2009, 2:52 am

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-17 17:51:54
Windows 6.0.6001 Service Pack 1
Running: tmqkn09w.exe; Driver: C:\Users\palma\AppData\Local\Temp\uglcapoc.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULxcvndrwpdgqnpbbrxeoxmbpfxnvliqsv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULxcvndrwpdgqnpbbrxeoxmbpfxnvliqsv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULsmprxiocgioxitjdxqlqkfveetrbogon.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULxpjsieveymjkmpubwkhtabqrbuoliajt.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0xE6 0xAE 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0xE6 0xAE 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0xE6 0xAE 0xE3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 9162
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 9163
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4615349C-1B6D-E59F-27CC-6550D5E167DE}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4615349C-1B6D-E59F-27CC-6550D5E167DE}@haeeebiacmlmjbhh 0x6B 0x61 0x6C 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4615349C-1B6D-E59F-27CC-6550D5E167DE}@iakebhiecgbamcjjig 0x6B 0x61 0x6C 0x68 ...

---- EOF - GMER 1.0.15 ----

Re: Cant run Malwarebytes HELP!!!18th December 2009, 10:58 am

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15153&l=dis
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {46245B5A-9FDE-4F66-B0F4-E686C8637D62} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O4 - HKCU..\Run: [Xbox Generator.exe] C:\Users\palma\AppData\Local\Microsoft\Windows\Explorer\Xbox Generator.exe File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys]
[-HK_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4615349C-1B6D-E59F-27CC-6550D5E167DE}]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Cant run Malwarebytes HELP!!!18th December 2009, 8:52 pm

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{46245B5A-9FDE-4F66-B0F4-E686C8637D62} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46245B5A-9FDE-4F66-B0F4-E686C8637D62}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Xbox Generator.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}\ deleted successfully.
File {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys\ not found.
Registry key HK_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4615349C-1B6D-E59F-27CC-6550D5E167DE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4615349C-1B6D-E59F-27CC-6550D5E167DE}\ not found.

OTL by OldTimer - Version 3.1.17.0 log created on 12182009_122029

Re: Cant run Malwarebytes HELP!!!18th December 2009, 10:38 pm

Hello.
Can you run Combofix now?
http://www.geekpolice.net/virus-spyware-malware-removal-f11/cant-run-malwarebytes-help-t17093.htm#107764

Re: Cant run Malwarebytes HELP!!!18th December 2009, 11:55 pm

ok ran it now what?
ComboFix 09-12-16.05 - palma 12/18/2009 13:59:20.1.2 - x86
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.1.1033.18.3069.2109 [GMT -8:00]
Running from: c:\users\palma\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-1001
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-1002
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-1006
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-1010
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-1011
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-1012
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-500
c:\$recycle.bin\S-1-5-21-281787401-1428321093-735530139-501
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC_Antispyware2010
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk
c:\users\palma\AppData\Local\Downloaded Installations\{5B00B6A7-3352-415F-A7C2-ABCCCEC5383E}
c:\users\palma\AppData\Local\Downloaded Installations\{5B00B6A7-3352-415F-A7C2-ABCCCEC5383E}\rserv33.msi
c:\users\Public\autorun.inf
c:\users\Public\Install.exe
c:\windows\10045virus967z.exe
c:\windows\10053not-a-vi5usez9.exe
c:\windows\10054z9o542a.exe
c:\windows\1011downzoa9er1958.exe
c:\windows\10155not-5-virzs991.cpl
c:\windows\1058threat2z3929.ocx
c:\windows\10639ot5z-virus778.ocx
c:\windows\1069threat151z1.exe
c:\windows\10928spzmbo910c5.exe
c:\windows\10955ot-a-vzrus980.ocx
c:\windows\109809zt-a-viru549b.exe
c:\windows\10992viruz453.bin
c:\windows\10z2bac95oor68.cpl
c:\windows\10z5vir5s489.ocx
c:\windows\11409wzrm54d.ocx
c:\windows\11z20spam9ot51f.exe
c:\windows\120349pzm5ot4c5.ocx
c:\windows\1212zpar9e5179.cpl
c:\windows\12214hackzool7859.exe
c:\windows\124579zrus346.cpl
c:\windows\124zs9ambot6505.cpl
c:\windows\13157hackt5oz59.exe
c:\windows\13527t9oj29ez.dll
c:\windows\1357zs59mbot656.bin
c:\windows\13efspywar9559z.exe
c:\windows\143baddwzr95167.ocx
c:\windows\149415pyz.cpl
c:\windows\15068v5rzs79d.bin
c:\windows\1519viz2782.ocx
c:\windows\15455s9z356.cpl
c:\windows\154ddownloazer983.ocx
c:\windows\1552nzt-a-virus5a59.bin
c:\windows\1552z5ot-a9virus589.ocx
c:\windows\15692spz9f.ocx
c:\windows\1572659zus465.cpl
c:\windows\15757s5a9bot5z4.dll
c:\windows\1579addw9re2847z.ocx
c:\windows\15934z59j646.dll
c:\windows\15999tr5jze.cpl
c:\windows\159cthzeat9365.cpl
c:\windows\15e9thzef2555.bin
c:\windows\15z96tro937c5.cpl
c:\windows\16184not-a-v5ru9ze6.ocx
c:\windows\16190ha5ktozl4f0.ocx
c:\windows\16215wo9m5za.bin
c:\windows\16268spamb5t1z9.dll
c:\windows\16321spam9ot5az.dll
c:\windows\1639zt95j7fd.cpl
c:\windows\16e49zdware1065.dll
c:\windows\17256viru59ze.bin
c:\windows\17265not-a-vzrus39d5.exe
c:\windows\174209ozm51c.dll
c:\windows\1747t9ief53z5.dll
c:\windows\17573zacktool4389.dll
c:\windows\18056spy9dz.dll
c:\windows\1840addwzr93556.bin
c:\windows\189z99a5ktool248.dll
c:\windows\19089h5c9zool71.exe
c:\windows\19145notza-virus2ae.dll
c:\windows\19290s5azbot675.exe
c:\windows\193z0w59m101.ocx
c:\windows\1952zhief5579.dll
c:\windows\19553troj159z.exe
c:\windows\19569not-a-vzrus20d.cpl
c:\windows\1956sparsz1599.bin
c:\windows\195z1troj736.dll
c:\windows\196z9t59j72.ocx
c:\windows\19719hacktozl6b5.cpl
c:\windows\1990ha9k5ool7cz.cpl
c:\windows\1997sp5rse286z.bin
c:\windows\19z53not-a-5irus53f.exe
c:\windows\1a14thief9175z.ocx
c:\windows\1e49bac5zoor1523.exe
c:\windows\1f859arse3z76.exe
c:\windows\1z098tro55d79.dll
c:\windows\1z443vi5us995.exe
c:\windows\1z5299p544a.cpl
c:\windows\1za9addware6195.exe
c:\windows\1zf6a5d9are2031.exe
c:\windows\2049vi951z.bin
c:\windows\20501zroj359.dll
c:\windows\20599hacktzol55.bin
c:\windows\20726zp9mbo51fe.exe
c:\windows\20793not-5-vizus13e9.dll
c:\windows\21388zir5s795.exe
c:\windows\21624sp9mbotzea5.cpl
c:\windows\2167spzm59t620.dll
c:\windows\21972zroj7ca5.ocx
c:\windows\21z679p5163.bin
c:\windows\21z89sp5mbot77d9.bin
c:\windows\22045hre9z8237.dll
c:\windows\22243spam5o95z5.ocx
c:\windows\22265not-a9virusz2c.dll
c:\windows\22493z95m628.bin
c:\windows\22565s5ambo91e8z.cpl
c:\windows\2309ztro5529.cpl
c:\windows\23201not-z-5irus590.bin
c:\windows\23518hack9ooz5f65.cpl
c:\windows\2359sz52e4.cpl
c:\windows\236945ormza3.cpl
c:\windows\239z5vi9us75b.exe
c:\windows\24032s5y4z99.dll
c:\windows\2479b5ckzoor2192.bin
c:\windows\24899zpa5bot4b6.exe
c:\windows\249z29r5j5e7.bin
c:\windows\25147worm4z69.dll
c:\windows\2519vir9535z.bin
c:\windows\25341no5-a-9izus47b.cpl
c:\windows\25411hackt9oz55d.cpl
c:\windows\255z3spy934.dll
c:\windows\2569sp9z94.dll
c:\windows\25781not-azvirus599.ocx
c:\windows\25938troj9z.bin
c:\windows\259z19py53c.dll
c:\windows\26112not-a-9irusz085.ocx
c:\windows\26259tea5z345.ocx
c:\windows\26432zroj59e.dll
c:\windows\2649spar9e225z.bin
c:\windows\2657tr59113z.cpl
c:\windows\26765worz579.dll
c:\windows\269c5pyw9re30z3.dll
c:\windows\269downloazer5295.ocx
c:\windows\26a2zpyware595.bin
c:\windows\26z79sp5461.exe
c:\windows\270875acktool3z89.bin
c:\windows\2778spyz95.bin
c:\windows\2789s5amboz196.exe
c:\windows\28525tr9z1ea.exe
c:\windows\28576trz9259.cpl
c:\windows\28c9teal3135z.exe
c:\windows\29001zorm5bc.bin
c:\windows\2957viruz416.ocx
c:\windows\295z2wo9m2ab5.exe
c:\windows\297385pambotz24.exe
c:\windows\2974sp5rse14z1.cpl
c:\windows\2975thief14z5.dll
c:\windows\29849nzt-a-v5rus7b7.bin
c:\windows\29950sz94695.bin
c:\windows\29eaba5kdoor2z419.bin
c:\windows\2b18sp9rse1z05.bin
c:\windows\2e6abackzoor2795.cpl
c:\windows\2f7ab9ckzoor653.bin
c:\windows\2z018not5a-vir9s26d.exe
c:\windows\2z359hacktool9aa5.exe
c:\windows\2z78sp5rse309.cpl
c:\windows\3015zha95tool299.dll
c:\windows\30344hackz9ol5ed.bin
c:\windows\30559azkdoor286.dll
c:\windows\316495ozmd1.dll
c:\windows\3170bzckdoor20905.dll
c:\windows\3174spz595.dll
c:\windows\31d6vir1952z.exe
c:\windows\3230back9oor55z7.ocx
c:\windows\32345t9zj571.ocx
c:\windows\3295not-9-vi5zs249.ocx
c:\windows\32eca5dwar9208z.bin
c:\windows\33705tezl9015.ocx
c:\windows\3409zhreat200095.exe
c:\windows\34d89ackdo5r1286z.cpl
c:\windows\3507azd9are2188.bin
c:\windows\35432szy69d.bin
c:\windows\355athreat5z99.cpl
c:\windows\3569hacktzol77b.cpl
c:\windows\3599troj20z.ocx
c:\windows\359edoznloade5956.dll
c:\windows\35a2z5yware1549.ocx
c:\windows\3775tzoj6939.dll
c:\windows\391cthr9at3895z.dll
c:\windows\393b5ir29z9.dll
c:\windows\3995spazse16465.cpl
c:\windows\39f6t5ief2040z.dll
c:\windows\39z45ir906.bin
c:\windows\3b9dspazse935.bin
c:\windows\3bbbazkdo952455.cpl
c:\windows\3c05tzreat93078.cpl
c:\windows\3c69s5eal1701z.exe
c:\windows\3c795hreatz2730.exe
c:\windows\3cz0s59al1211.ocx
c:\windows\3d1b9zief21985.exe
c:\windows\3e95zhief1989.dll
c:\windows\3z09not-a-viru5224.bin
c:\windows\3z25spy6915.bin
c:\windows\3z95s9eal1256.bin
c:\windows\4057vir99z.dll
c:\windows\4065sp59z4.bin
c:\windows\4091th5ef17z7.cpl
c:\windows\4323haczto9l445.bin
c:\windows\459bzir20.dll
c:\windows\45dcthrezt198729.ocx
c:\windows\45f59pzware1191.cpl
c:\windows\468295azse1584.dll
c:\windows\46a6szar5e9092.ocx
c:\windows\47z1add5ar92555.cpl
c:\windows\48dethz9f645.exe
c:\windows\495bvz5595.exe
c:\windows\49b9sp5wzre2659.bin
c:\windows\49thi5z1202.cpl
c:\windows\4a9zt9i5f1915.cpl
c:\windows\4b599dzware516.ocx
c:\windows\4c97doznloader5692.cpl
c:\windows\4e57tzreat503049.bin
c:\windows\4fdedow9lo5der2z46.ocx
c:\windows\4z45tr9j60d5.exe
c:\windows\4z50th9eat32445.ocx
c:\windows\4z589pars5227.bin
c:\windows\50378spam9zt209.bin
c:\windows\5047zpam5ot29f.ocx
c:\windows\50d59ownloader4z9.ocx
c:\windows\51015hreat2z791.exe
c:\windows\510bazkd59r1110.ocx
c:\windows\517z9ownloader2519.cpl
c:\windows\51z5v9r5055.bin
c:\windows\5251hackzoo94655.bin
c:\windows\52c2spywarez509.ocx
c:\windows\52c4dowzload5r1980.ocx
c:\windows\52z6vi59405.bin
c:\windows\5330vir9s1d0z.ocx
c:\windows\537229roj7z3.dll
c:\windows\53759py2z8.dll
c:\windows\5385threat193z09.dll
c:\windows\541029ot-a-vizus47c.bin
c:\windows\54185roj2b9z.exe
c:\windows\5455vzr957.bin
c:\windows\5495threaz5729.bin
c:\windows\549aba5kdozr1113.dll
c:\windows\550zthreat8959.ocx
c:\windows\5534zi53917.dll
c:\windows\5554z9y53e.bin
c:\windows\5568t5ie9947z.dll
c:\windows\556z99orm55c.exe
c:\windows\557ds9arsz3113.cpl
c:\windows\5599zownloader2556.dll
c:\windows\559spy9are1238z.exe
c:\windows\55b1z9dware905.bin
c:\windows\569csparze645.cpl
c:\windows\569hackzool29f.dll
c:\windows\5748zte591852.bin
c:\windows\5749sp9z08.ocx
c:\windows\576669iruz7e4.cpl
c:\windows\57721wozm9a.exe
c:\windows\5782wz5m6819.dll
c:\windows\57ee9zr2467.cpl
c:\windows\580z7spy2df9.dll
c:\windows\58556trzj5dc9.ocx
c:\windows\58acspa5ze9703.exe
c:\windows\58c6vir5989z.exe
c:\windows\58e69zarse1889.dll
c:\windows\58z9spyware922.bin
c:\windows\591a5ackdoor683z.cpl
c:\windows\5972steaz1099.cpl
c:\windows\59asparsz150.bin
c:\windows\59e5sparse3z95.exe
c:\windows\59z7wo9m5595.exe
c:\windows\5b3adow5loaderz039.ocx
c:\windows\5bdbste593237z.exe
c:\windows\5c89threat351z9.exe
c:\windows\5c9cthzef7899.ocx
c:\windows\5cf3backdzor1779.bin
c:\windows\5cz9threat4526.dll
c:\windows\5d89vi9965z.dll
c:\windows\5dfct9reaz16955.bin
c:\windows\5e75sparse3z93.ocx
c:\windows\5easpyw9re241z.cpl
c:\windows\5f57addware9561z.exe
c:\windows\5z06sparse9356.bin
c:\windows\5z829not-a-vi9us1c3.cpl
c:\windows\5z9threat22075.bin
c:\windows\5zc3v9r355.exe
c:\windows\5ze5spy5a9e856.bin
c:\windows\6053sparsz9789.dll
c:\windows\60c5spywaze2749.exe
c:\windows\60e59zdware2638.exe
c:\windows\617dow9loade5198z.dll
c:\windows\61e5zhie92889.bin
c:\windows\630zspy955.dll
c:\windows\6339dozn59ader306.bin
c:\windows\6343spywa59746z.ocx
c:\windows\6484spar5z290.cpl
c:\windows\6491adzw5re2809.cpl
c:\windows\650zorm795.cpl
c:\windows\655fthr9az18993.bin
c:\windows\6591th5eat9z28.cpl
c:\windows\659athreatz78369.exe
c:\windows\6905vi5us7zb.dll
c:\windows\6909sz9al5520.cpl
c:\windows\6922zownlo5der504.ocx
c:\windows\6947tzoj503.ocx
c:\windows\6975tzief1945.cpl
c:\windows\6c15threz931879.ocx
c:\windows\6c2at95zf1155.bin
c:\windows\6d53vir2980z.cpl
c:\windows\6e05z9kdoor2833.dll
c:\windows\6e95thiefz53.cpl
c:\windows\6f8zthrea929535.cpl
c:\windows\6z195ackdoor2939.cpl
c:\windows\6zb8threa59260.dll
c:\windows\709dv5rz95.ocx
c:\windows\71375pamb9tz73.bin
c:\windows\7249zi5us698.exe
c:\windows\72889tealz335.dll
c:\windows\73919hie5z55.dll
c:\windows\73f9addware5z29.dll
c:\windows\749zsteal1055.dll
c:\windows\758dzhr9at2486.exe
c:\windows\7592sparsz1152.cpl
c:\windows\75z6spyware919.dll
c:\windows\762z5parse15319.cpl
c:\windows\7688wor9485z.dll
c:\windows\77z9th9e5t8159.bin
c:\windows\7849szy5are2834.ocx
c:\windows\796cth5eat31z30.cpl
c:\windows\79e7vir15z75.cpl
c:\windows\79efdownloade599z9.exe
c:\windows\79zspa5se2784.bin
c:\windows\79zvir665.bin
c:\windows\7b29bac5zoor1325.dll
c:\windows\7czv95453.bin
c:\windows\7e34ad9wa5e11z6.ocx
c:\windows\7eczaddwa5e2589.bin
c:\windows\7z90spyware7095.bin
c:\windows\7zebbackdoor9125.exe
c:\windows\81369pambot5zf.bin
c:\windows\88159zoj551.bin
c:\windows\8c0azdware5629.ocx
c:\windows\8d8t5ief20z9.ocx
c:\windows\90229vzr5s76b.bin
c:\windows\90515virzs5e6.ocx
c:\windows\905bbackd5or2137z.ocx
c:\windows\9084spamzot75c5.ocx
c:\windows\91264wor52z1.exe
c:\windows\9179spyz45.bin
c:\windows\92456spa5bot19z.cpl
c:\windows\92559zorm6ce5.bin
c:\windows\94665hacktool5ze.bin
c:\windows\94c5hreatz789.bin
c:\windows\95025spzmbot8c.dll
c:\windows\95046szy795.exe
c:\windows\95665ormzb0.bin
c:\windows\9572virz82.dll
c:\windows\95837not-a-v5rus37z.ocx
c:\windows\95f4backzoor2951.ocx
c:\windows\9758spywarz5505.dll
c:\windows\975backdoor9z16.exe
c:\windows\9769tro52z2.dll
c:\windows\97azthreat15990.ocx
c:\windows\98a9threzt51115.exe
c:\windows\98bbz5r2871.bin
c:\windows\98d8thief25z05.ocx
c:\windows\9925zir148.bin
c:\windows\9950hacktozl20b.bin
c:\windows\9953downloader203z.bin
c:\windows\9976b5czdoor2766.cpl
c:\windows\99z35hacktool3e.dll
c:\windows\9ee9zparse1835.cpl
c:\windows\9z51hack5ool795.ocx
c:\windows\9z57sp5155.exe
c:\windows\9z905hacktool625.cpl
c:\windows\b6cvirz9759.exe
c:\windows\c3bz95rse923.cpl
c:\windows\df5bac59oor2z75.cpl
c:\windows\qywyrozoqy._sy
c:\windows\system32\1045zwor9253.exe
c:\windows\system32\10zathi9f2532.ocx
c:\windows\system32\110z15o9-a-virus438.exe
c:\windows\system32\11799virus50ez.exe
c:\windows\system32\12394spa5z9t535.cpl
c:\windows\system32\1269hack5zol1d2.ocx
c:\windows\system32\1293a9zware1256.dll
c:\windows\system32\129bt9re5tz666.ocx
c:\windows\system32\13059not-a-5zrus722.ocx
c:\windows\system32\13998tz5j2a4.cpl
c:\windows\system32\14701sp9mbot1z05.cpl
c:\windows\system32\14847hzcktoo955e.dll
c:\windows\system32\15016hack59ol1b6z.cpl
c:\windows\system32\154zdownloader9377.cpl
c:\windows\system32\155709ro539z.bin
c:\windows\system32\155dspazse9368.exe
c:\windows\system32\15810vzrus298.bin
c:\windows\system32\159265oz9353.dll
c:\windows\system32\15933h59kzool193.dll
c:\windows\system32\15fasza9se2583.ocx
c:\windows\system32\15z09tro93ad.bin
c:\windows\system32\16158no5-a-zirus9d7.exe
c:\windows\system32\16459not-a-z9rus5d5.cpl
c:\windows\system32\16682s5y96z.bin
c:\windows\system32\17471not-a-zi59s592.exe
c:\windows\system32\18009t5oj4ez.dll
c:\windows\system32\182985z9us3c2.cpl
c:\windows\system32\185zba5kdoor981.exe
c:\windows\system32\18845hacztool97.cpl
c:\windows\system32\1887v5r9752z.cpl
c:\windows\system32\1932no5za-virus7b8.exe
c:\windows\system32\193335ot-a-virus461z.cpl
c:\windows\system32\19359zro53c3.exe
c:\windows\system32\19468worm50z5.ocx
c:\windows\system32\19529s5zmbot57.ocx
c:\windows\system32\19583notza-v9rus3d8.cpl
c:\windows\system32\19653hacktool7z89.cpl
c:\windows\system32\1985zdware896.bin
c:\windows\system32\1994wzrm64f5.cpl
c:\windows\system32\199565zambot33a.cpl
c:\windows\system32\1aacst5al1298z.exe
c:\windows\system32\1b55dowz5oader1979.cpl
c:\windows\system32\1c67d9wnloadzr2555.bin
c:\windows\system32\1ca3vzr11995.exe
c:\windows\system32\1cd5addwarez905.cpl
c:\windows\system32\1cec9ir2z50.ocx
c:\windows\system32\1e95thiefz038.cpl
c:\windows\system32\1z523w9r56a9.ocx
c:\windows\system32\1z557n9t-a-virus7e2.bin
c:\windows\system32\1z92sp5rse3152.exe
c:\windows\system32\20358h9c5tozl161.ocx
c:\windows\system32\2053backdo9r65z.dll
c:\windows\system32\20f5zddwar98445.ocx
c:\windows\system32\20zas9yw5re231.ocx
c:\windows\system32\21097sp55a1z.cpl
c:\windows\system32\2116zs95mbot1da.bin
c:\windows\system32\21261haczt95l5f9.dll
c:\windows\system32\213s9y50z.exe
c:\windows\system32\21987zroj95b.exe
c:\windows\system32\22089worm55z.cpl
c:\windows\system32\221bt95ef31z2.dll
c:\windows\system32\22353szy792.dll
c:\windows\system32\224539r5jz4.cpl
c:\windows\system32\22949hiez27775.exe
c:\windows\system32\22z19spam5ot3a5.ocx
c:\windows\system32\2326sze5l9383.exe
c:\windows\system32\23970tr5j90z.exe
c:\windows\system32\24225not-z9vir5s657.ocx
c:\windows\system32\245159py2d9z.ocx
c:\windows\system32\24603hack5oolzc69.ocx
c:\windows\system32\2511zh5cktool19.dll
c:\windows\system32\251worm489z.ocx
c:\windows\system32\252zad9ware30945.exe
c:\windows\system32\25592virus97z5.ocx
c:\windows\system32\258bth9zat28367.dll
c:\windows\system32\25990vizus5c0.exe
c:\windows\system32\25994worm45z5.bin
c:\windows\system32\26559wozm9a1.bin
c:\windows\system32\271thie59748z.exe
c:\windows\system32\2721s9yzare1852.cpl
c:\windows\system32\273179pazbo54e6.ocx
c:\windows\system32\27878spam5ot3z9.dll
c:\windows\system32\2799zspambo56f5.bin
c:\windows\system32\284025pambotza9.bin
c:\windows\system32\28463
c:\windows\system32\28463\TKIU.001
c:\windows\system32\28463\TKIU.002
c:\windows\system32\28463\TKIU.002.tmp
c:\windows\system32\28463\TKIU.006
c:\windows\system32\28463\TKIU.007
c:\windows\system32\28551spam9otzd6.bin
c:\windows\system32\28822tr9z3d5.dll
c:\windows\system32\28z995ambot6df.cpl
c:\windows\system32\2934z5y299.cpl
c:\windows\system32\29543w9zm155.cpl
c:\windows\system32\295z8spa9bot775.bin
c:\windows\system32\29640vir5z234.dll
c:\windows\system32\29682trojz05.exe
c:\windows\system32\298z5spy252.exe
c:\windows\system32\2997spambotf5z.exe
c:\windows\system32\29z21no9-a-5irus371.dll
c:\windows\system32\29z59worm709.bin
c:\windows\system32\2a8s5ezl749.bin
c:\windows\system32\2bb9zackdoor15535.bin
c:\windows\system32\2be4do9nloader5746z.ocx
c:\windows\system32\2bz1thief21395.exe
c:\windows\system32\2c09spyzare2953.ocx
c:\windows\system32\2d555ir9452z.dll
c:\windows\system32\2dcd9hzeat25229.dll
c:\windows\system32\2e09sp5rs9z18.ocx
c:\windows\system32\2e199tea5255z.ocx
c:\windows\system32\2eb5t9r5at18z35.bin
c:\windows\system32\2f49thief115z5.bin
c:\windows\system32\2f60s5eal9z93.exe
c:\windows\system32\2z49steal2950.bin
c:\windows\system32\30514s9zmbot1e1.dll
c:\windows\system32\30549vz5us4d5.bin
c:\windows\system32\30z00t59j445.cpl
c:\windows\system32\31093not5z-virus34b.bin
c:\windows\system32\31396nzt-a5vir9s37.bin
c:\windows\system32\314129pamb5z62e.bin
c:\windows\system32\315z7virus459.cpl
c:\windows\system32\32039zackt5ol4ed.bin
c:\windows\system32\32640h59ktool1bz.ocx
c:\windows\system32\32665teal199z.bin
c:\windows\system32\33b2spzwa9e2925.dll
c:\windows\system32\33e5bac9door51z7.dll
c:\windows\system32\347fvz91753.cpl
c:\windows\system32\34b2t9reat590z5.dll
c:\windows\system32\35053not-a-vizus60e9.exe
c:\windows\system32\355z1no9-a-virus785.bin
c:\windows\system32\3595threa52663z.exe
c:\windows\system32\35d6th9ez1719.cpl
c:\windows\system32\36a1ad9warz5932.cpl
c:\windows\system32\3705hzcktool739.dll
c:\windows\system32\37969hief59z.cpl
c:\windows\system32\38ze5ownloader1249.exe
c:\windows\system32\394zpa5se1697.exe
c:\windows\system32\39bdthre5z11745.exe
c:\windows\system32\3az9v5r2544.bin
c:\windows\system32\3b03a5dwzre9095.dll
c:\windows\system32\3cdzs5ywa9e3192.dll
c:\windows\system32\3z1do9n5oader2814.exe
c:\windows\system32\409759dzare2616.dll
c:\windows\system32\4159v9rz460.bin
c:\windows\system32\424zvirus1519.exe
c:\windows\system32\42ecs5ywa9e4z0.exe
c:\windows\system32\4302thrza591020.ocx
c:\windows\system32\430fdownl5adez9919.exe
c:\windows\system32\44279hreatz589.cpl
c:\windows\system32\4460threat951z2.bin
c:\windows\system32\4499viru5534z.cpl
c:\windows\system32\45fdthreat2z5399.bin
c:\windows\system32\488b5h9zf2248.dll
c:\windows\system32\4895doznloader1559.bin
c:\windows\system32\4925back5ooz1898.dll
c:\windows\system32\4928backdoo52517z.dll
c:\windows\system32\493zthi5f2116.dll
c:\windows\system32\497d5parse1z35.ocx
c:\windows\system32\49az9ac5door589.exe
c:\windows\system32\4b64down5oa9erz47.dll
c:\windows\system32\4f5aspzrse9170.bin
c:\windows\system32\4f89tzreat53080.exe
c:\windows\system32\4fcath9e5t410z.ocx
c:\windows\system32\4z9bba5kdoor2940.bin
c:\windows\system32\50407sp95c9z.exe
c:\windows\system32\50a5downlozd5r1969.bin
c:\windows\system32\50f2threzt17291.dll
c:\windows\system32\5160spambzt159.ocx
c:\windows\system32\51636sp924z.dll
c:\windows\system32\51dzpyw95e2133.ocx
c:\windows\system32\5205sparsz429.dll
c:\windows\system32\52a9zddware9225.exe
c:\windows\system32\52c9vir31z3.ocx
c:\windows\system32\53756not-a-v9rusz9.exe
c:\windows\system32\5456spywaze24699.dll
c:\windows\system32\55909spambz9529.exe
c:\windows\system32\559cbaczdoor9772.bin
c:\windows\system32\55d8sparse193z.exe
c:\windows\system32\55zbvir9306.exe
c:\windows\system32\563ft5z9at31091.dll
c:\windows\system32\56aethiez9718.ocx
c:\windows\system32\56bzspa5se9938.ocx
c:\windows\system32\56c19h5ezt19538.bin
c:\windows\system32\570aste5l1z9.dll
c:\windows\system32\570ethrea52z991.cpl
c:\windows\system32\5736tz9j448.exe
c:\windows\system32\574cszywar52789.bin
c:\windows\system32\5760a5d9arez251.exe
c:\windows\system32\5780s59ware1086z.ocx
c:\windows\system32\57zfvir9918.dll
c:\windows\system32\5879t95eaz24493.bin
c:\windows\system32\5896stz5l155.exe
c:\windows\system32\58cdsp9rse3z39.dll
c:\windows\system32\5923d9wzloader5155.ocx
c:\windows\system32\595spzm5ot905.ocx
c:\windows\system32\5987z9roj326.ocx
c:\windows\system32\59e55tezl9399.exe
c:\windows\system32\59e9z5eal1272.ocx
c:\windows\system32\59efthreat7z98.cpl
c:\windows\system32\5a50v9z1678.exe
c:\windows\system32\5a58thief11z95.dll
c:\windows\system32\5aa7down59ader1951z.ocx
c:\windows\system32\5bc8adzware79.exe
c:\windows\system32\5bd5bazkdo9r1927.exe
c:\windows\system32\5bf9vir98z35.ocx
c:\windows\system32\5bz89hief2528.dll
c:\windows\system32\5c1ct5iefz598.dll
c:\windows\system32\5c629ddwzre1588.cpl
c:\windows\system32\5d6bzi93210.exe
c:\windows\system32\5ed9addwarz8379.dll
c:\windows\system32\5ee5downl9adzr1520.cpl
c:\windows\system32\5fb5zh9eat15605.cpl
c:\windows\system32\5z4bd9wnload5r983.ocx
c:\windows\system32\5z829o5m537.cpl
c:\windows\system32\5zevi52994.bin
c:\windows\system32\609vi5us9f6z.dll
c:\windows\system32\6105thrz9514988.exe
c:\windows\system32\6156vi957z.dll
c:\windows\system32\6285hzef23459.dll
c:\windows\system32\62b05i92706z.dll
c:\windows\system32\62d095eaz628.exe
c:\windows\system32\636e9iz5049.dll
c:\windows\system32\63c19tezl1950.dll
c:\windows\system32\64b5zhief1299.bin
c:\windows\system32\650bs9y5arez126.bin
c:\windows\system32\6583t9zef225.ocx
c:\windows\system32\6589szywar91433.dll
c:\windows\system32\6598steal26z8.bin
c:\windows\system32\65c29p5warez871.dll
c:\windows\system32\65ffdownl9ade524z7.exe
c:\windows\system32\6653tr9z4ba.ocx
c:\windows\system32\6715stea92918z.cpl
c:\windows\system32\675baddwa5ez490.exe
c:\windows\system32\67f5backdo9rz26.cpl
c:\windows\system32\6855thzea98539.exe
c:\windows\system32\6951spazse2230.cpl
c:\windows\system32\695fz5yware2624.bin
c:\windows\system32\699adownloader3591z.dll
c:\windows\system32\6d5ca9dware2z77.cpl
c:\windows\system32\6d8fspy5ar927z9.ocx
c:\windows\system32\6d99stz5l2407.cpl
c:\windows\system32\6dc9thi9f83z5.bin
c:\windows\system32\6z99spambo53c6.cpl
c:\windows\system32\6zd5spyware10739.cpl
c:\windows\system32\7039z5oj73c.ocx
c:\windows\system32\70419iruz2e35.cpl
c:\windows\system32\7199down5zader2709.bin
c:\windows\system32\71f6do9nlzader2576.dll
c:\windows\system32\725edown9oader1z67.bin
c:\windows\system32\7319zr57d7.bin
c:\windows\system32\7401backdo9rz549.ocx
c:\windows\system32\74ezs5yware1913.ocx
c:\windows\system32\75e7szarse9036.cpl
c:\windows\system32\75z0st5al13309.exe
c:\windows\system32\75z2stea91529.ocx
c:\windows\system32\75z9s5eal2137.ocx
c:\windows\system32\7793spywar51394z.bin
c:\windows\system32\77a7thi5f229z.exe
c:\windows\system32\77f8a5dwzr92208.exe
c:\windows\system32\7938spamb5z406.exe
c:\windows\system32\7966ba5kdoor17z5.bin
c:\windows\system32\7d6a5own9oadzr683.dll
c:\windows\system32\7d78s9arsz537.dll
c:\windows\system32\7ddfs5y9arz2082.ocx
c:\windows\system32\7e70vir9351z.dll
c:\windows\system32\7eadd9are146z5.exe
c:\windows\system32\7z25virus9c2.bin
c:\windows\system32\7z79steal145.bin
c:\windows\system32\8270zp53409.exe
c:\windows\system32\84939pambotz9f5.bin
c:\windows\system32\8d9thrzat84595.cpl
c:\windows\system32\9005h9cktool51az.bin
c:\windows\system32\905adz59re2584.cpl
c:\windows\system32\9219s5amb9t60cz.exe
c:\windows\system32\924spa5bzt7b4.cpl
c:\windows\system32\9353spam5otz1.exe
c:\windows\system32\93595orm5ze.ocx
c:\windows\system32\9465spam9zt7e5.cpl
c:\windows\system32\94847tro560z.exe
c:\windows\system32\94f6downloz5er1575.bin
c:\windows\system32\94z05acktool57b.exe
c:\windows\system32\951zownloa9er2046.exe
c:\windows\system32\953abackdoor32z7.ocx
c:\windows\system32\954zworm27e.dll
c:\windows\system32\95853worm17z.bin
c:\windows\system32\975csparse9z5.dll
c:\windows\system32\99085ot-a-viruszb6.dll
c:\windows\system32\995faddw5re19z.cpl
c:\windows\system32\997fzh5ef1736.dll
c:\windows\system32\9a75vzr529.dll
c:\windows\system32\9ccfa5dware289z.bin
c:\windows\system32\9dfbthiez20035.bin
c:\windows\system32\9ed5s5eal2091z.bin
c:\windows\system32\9f18thief320z5.dll
c:\windows\system32\9f755iz1996.ocx
c:\windows\system32\9z44sp5f9.ocx
c:\windows\system32\9z92sp5992.exe
c:\windows\system32\a129hi5f1z15.bin
c:\windows\system32\b5bthie928z9.dll
c:\windows\system32\c50bzck9oor468.dll
c:\windows\system32\c5bvirz595.bin
c:\windows\system32\d5zvir1897.cpl
c:\windows\system32\ddavi521z9.exe
c:\windows\system32\drivers\ESQULxcvndrwpdgqnpbbrxeoxmbpfxnvliqsv.sys
c:\windows\system32\e7asz9rse24355.dll
c:\windows\system32\e9backdoor166z5.cpl
c:\windows\system32\ebfz9ckdoor5895.bin
c:\windows\system32\ESQULxpjsieveymjkmpubwkhtabqrbuoliajt.dll
c:\windows\system32\mi2.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\z1565spa9bot695.exe
c:\windows\system32\z1753spy3cf9.cpl
c:\windows\system32\z1957ha5ktool16d.bin
c:\windows\system32\z19aspywar527399.cpl
c:\windows\system32\z1b3add9ar5262.dll
c:\windows\system32\z1fed5wnloade93185.dll
c:\windows\system32\z2837tr9j695.ocx
c:\windows\system32\z301s95al2315.dll
c:\windows\system32\z34929o5m221.dll
c:\windows\system32\z35a95r2905.bin
c:\windows\system32\z3ecspywa9581.exe
c:\windows\system32\z459thi5f1433.dll
c:\windows\system32\z4972spam9o511b.bin
c:\windows\system32\z499tro57f9.cpl
c:\windows\system32\z4e5spar9e544.bin
c:\windows\system32\z5c1spars91449.bin
c:\windows\system32\z6119ownlo5der424.bin
c:\windows\system32\z626tro59f2.bin
c:\windows\system32\z6bbv5r19449.exe
c:\windows\system32\z7997ha5k9ool4a.exe
c:\windows\system32\z7e3vi910455.exe
c:\windows\system32\z822hackt9ol295.bin
c:\windows\system32\z9456not-9-virusf.dll
c:\windows\system32\z9508wor976d.exe
c:\windows\system32\z951ste9l2637.cpl
c:\windows\system32\z953sp9165.ocx
c:\windows\system32\z9929t5oj188.dll
c:\windows\system32\zb9195eal1960.bin
c:\windows\system32\ze09parse3544.dll
c:\windows\uhigan.scr
c:\windows\z0784virus1589.cpl
c:\windows\z09b9ddware1555.bin
c:\windows\z3647hack5ool3689.bin
c:\windows\z3fbspyware2395.ocx
c:\windows\z54bspar9e68.bin
c:\windows\z5639not5a-virus585.dll
c:\windows\z58vi95s59.bin
c:\windows\z596downl9ader2520.bin
c:\windows\z60139pam5ot173.cpl
c:\windows\z6b6s9arse1535.bin
c:\windows\z8f3stea528949.ocx
c:\windows\z9526vir5s49e.exe
c:\windows\z99daddware2594.bin
c:\windows\z9bdspa9s52544.dll
c:\windows\z9be9a5kdoor2598.dll
c:\windows\za0bd5wn9oader2406.bin
c:\windows\zb21backdo951263.ocx
c:\windows\zbe5spyware3759.dll
c:\windows\zc1vir7539.bin
c:\windows\zce9t9reat6854.exe
c:\windows\ze7a5ac9door1355.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2100-01-01 05:38 . 2009-06-15 06:12 -------- d-----w- c:\users\palma\AppData\Roaming\MAGIX
2100-01-01 05:35 . 2007-04-27 18:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2100-01-01 05:35 . 2009-08-19 03:27 -------- d-----w- c:\windows\system32\MAGIX
2100-01-01 05:35 . 2008-04-16 00:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2099-05-21 23:40 . 2009-12-12 18:57 -------- d-----w- c:\users\Public\Starcraft
2009-12-18 19:51 . 2009-12-18 19:51 -------- d-----w- C:\_OTL
2009-12-18 03:34 . 2009-12-18 03:34 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-12-18 02:11 . 2009-11-03 04:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-18 01:58 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-18 01:58 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-18 01:58 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-18 01:58 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-18 01:58 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-18 01:58 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-18 01:58 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-18 01:58 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-18 01:58 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-17 20:23 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-17 20:23 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-17 20:23 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-17 20:23 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-17 20:23 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-17 20:23 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-17 20:23 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-16 21:54 . 2009-12-17 19:51 -------- d-----w- c:\users\Public\Malwarebytes' Anti-Malware
2009-12-16 21:49 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-16 21:49 . 2009-12-16 21:49 -------- d-----w- c:\programdata\Malwarebytes
2009-12-16 21:49 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 21:24 . 2009-12-17 19:59 -------- d-----w- c:\users\palma\AppData\Local\staimy
2009-12-16 21:24 . 2009-12-17 19:59 -------- d-----w- c:\users\palma\AppData\Local\kqxkye
2009-12-16 21:24 . 2009-12-17 19:59 -------- d-----w- c:\users\palma\AppData\Local\nxiyyh
2009-12-16 05:16 . 2009-12-16 05:16 -------- d-----w- c:\program files\Rockstar Games
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\Readme
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\DirectX
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\CRACK
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\Bin
2009-12-16 05:07 . 2009-12-16 05:07 -------- d-----w- c:\users\Public\audio
2009-12-16 02:11 . 2009-12-16 02:31 -------- d-----w- c:\program files\Magic Translator
2009-12-14 03:08 . 2009-12-14 03:08 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-14 03:07 . 2009-12-14 03:07 -------- d-----w- c:\program files\Real
2009-12-14 03:07 . 2009-12-14 03:08 -------- d-----w- c:\program files\Common Files\Real
2009-12-14 01:29 . 2009-12-14 01:29 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-14 01:28 . 2009-12-14 01:28 -------- d-----w- c:\users\palma\AppData\Roaming\AVG8
2009-12-13 18:26 . 2009-12-13 18:26 -------- d-----w- c:\program files\Gravity
2009-12-13 01:17 . 2009-12-13 01:17 -------- d-----w- c:\users\palma\AppData\Roaming\Acoustica
2009-12-13 01:17 . 2007-08-07 19:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-12-13 01:17 . 2009-12-13 01:19 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-12-13 01:17 . 2009-12-13 01:17 -------- d-----w- c:\programdata\Acoustica
2009-12-12 02:25 . 2009-12-12 02:25 -------- d-----w- c:\users\palma\AppData\Local\PackageAware
2009-12-07 03:06 . 2009-12-07 03:06 -------- d-----w- c:\users\palma\AppData\Roaming\SystemRequirementsLab
2009-12-06 03:14 . 2009-12-11 05:18 76197 ----a-w- c:\windows\War3Unin.dat
2009-12-06 03:14 . 2009-12-06 03:15 2829 ----a-w- c:\windows\War3Unin.pif
2009-12-06 03:14 . 2009-12-06 03:15 139264 ----a-w- c:\windows\War3Unin.exe
2009-12-06 03:12 . 2009-12-14 04:08 -------- d-----w- c:\users\Public\Warcraft III
2009-12-01 00:42 . 2009-12-01 00:42 22 ----a-w- c:\users\palma\Pictures.zip
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-29 19:53 . 2009-11-29 19:53 -------- d-----w- c:\program files\Rapid Express
2009-11-29 19:37 . 2009-11-29 19:37 -------- d-----w- c:\program files\Technitium
2009-11-26 02:47 . 2009-11-26 02:47 -------- d-----w- c:\programdata\LogMeIn
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-21 01:39 . 2009-11-21 01:39 -------- d-----w- c:\users\palma\AppData\Local\assembly
2009-11-21 01:39 . 2009-11-21 03:51 -------- d-----w- c:\program files\NCSoft
2009-11-19 00:20 . 2009-11-19 00:20 -------- d-----w- c:\program files\MagicDisc
2009-11-19 00:20 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-11-19 00:19 . 2009-11-19 00:19 -------- d-----w- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 22:27 . 2009-11-17 04:32 -------- d-----w- c:\users\palma\AppData\Roaming\uTorrent
2009-12-18 22:26 . 2009-10-15 03:15 -------- d-----w- c:\program files\Curse
2009-12-18 21:09 . 1989-05-14 23:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-18 20:39 . 2009-09-27 07:29 -------- d-----w- c:\program files\uTorrent
2009-12-18 19:40 . 2009-04-12 06:12 -------- d-----w- c:\program files\LogMeIn
2009-12-18 03:35 . 2007-06-20 06:03 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-18 00:01 . 2008-01-25 23:18 -------- d-----w- c:\program files\LimeWire
2009-12-17 20:23 . 2009-04-18 23:27 -------- d-----w- c:\program files\Alwil Software
2009-12-17 00:01 . 2007-05-21 01:19 -------- d-----w- c:\program files\Dl_cats
2009-12-16 23:54 . 2008-02-26 20:20 6892 ----a-w- c:\users\palma\AppData\Local\d3d9caps.dat
2009-12-16 20:52 . 2007-05-08 21:03 361576 ----a-w- c:\users\palma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-16 05:16 . 2007-04-05 13:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-15 03:48 . 2007-07-22 02:13 -------- d-----w- c:\users\palma\AppData\Roaming\Xfire
2009-12-14 00:47 . 2008-01-25 23:19 -------- d-----w- c:\users\palma\AppData\Roaming\LimeWire
2009-12-13 18:25 . 2009-10-14 02:58 -------- d-----w- c:\program files\ZD Soft
2009-12-13 01:17 . 2009-09-19 04:24 -------- d-----w- c:\program files\VstPlugins
2009-12-12 00:28 . 2007-07-22 02:13 -------- d-----w- c:\programdata\Xfire
2009-12-07 23:07 . 2009-11-16 04:04 -------- d-----w- c:\programdata\NOS
2009-12-06 21:28 . 2007-07-22 02:13 -------- d-----w- c:\program files\Xfire
2009-12-02 20:52 . 2009-12-02 20:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-12-01 04:01 . 2007-11-04 07:06 -------- d-----w- c:\users\palma\AppData\Roaming\GetRightToGo
2009-11-24 04:44 . 2009-11-14 06:41 -------- d-----w- c:\users\palma\AppData\Roaming\Any Video Converter
2009-11-24 04:42 . 2009-11-14 06:41 -------- d-----w- c:\program files\Any Video Converter
2009-11-18 04:10 . 2009-11-18 03:32 -------- d-----w- c:\programdata\NFS Underground
2009-11-18 03:03 . 2009-11-17 04:59 -------- d-----w- c:\users\palma\AppData\Roaming\DAEMON Tools Lite
2009-11-17 04:59 . 2009-11-17 04:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-17 04:59 . 2009-11-17 04:59 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-16 04:04 . 2009-11-16 04:04 -------- d-----w- c:\program files\NOS
2009-11-13 04:00 . 2009-11-13 04:00 -------- d-----w- c:\program files\YouTube Downloader
2009-11-13 02:30 . 2009-11-13 02:30 -------- d-----w- c:\users\Techno\AppData\Roaming\Yahoo!
2009-11-13 02:24 . 2009-11-13 02:24 359376 ----a-w- c:\users\Techno\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-13 02:16 . 2009-11-13 02:16 -------- d-----w- c:\users\Techno\AppData\Roaming\Subversion
2009-11-13 02:16 . 2009-11-13 02:16 -------- d-----w- c:\program files\Web Publish
2009-11-13 01:28 . 2007-12-09 22:54 -------- d-----w- c:\users\palma\AppData\Roaming\Hamachi
2009-11-13 01:05 . 2007-11-30 00:44 -------- d-----w- c:\users\palma\AppData\Roaming\Apple Computer
2009-11-12 22:48 . 2009-11-12 22:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-30 22:56 . 2009-10-30 22:56 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2009-10-30 03:40 . 2007-05-24 05:54 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-30 02:09 . 2009-10-30 02:09 -------- d-----w- c:\program files\Common Files\Xara
2009-10-30 02:09 . 2009-10-30 02:09 -------- d-----w- c:\program files\Xara
2009-10-30 02:09 . 2007-04-05 13:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-08 00:20 . 2007-05-20 21:18 9356 ----a-w- c:\users\palma\AppData\Roaming\wklnhst.dat
2009-08-22 20:26 . 2009-08-22 20:26 11908 ----a-w- c:\program files\Common Files\cidixek.scr
2009-08-21 22:55 . 2009-08-21 22:55 16971 ----a-w- c:\program files\Common Files\mesuhan.bin
2009-08-21 22:55 . 2009-08-21 22:55 16290 ----a-w- c:\program files\Common Files\qareq.com
2009-08-21 22:55 . 2009-08-21 22:55 14581 ----a-w- c:\program files\Common Files\neluje.lib
2009-08-21 22:55 . 2009-08-21 22:55 13293 ----a-w- c:\program files\Common Files\ozuwuhedat.dl
2009-08-21 22:55 . 2009-08-21 22:55 12213 ----a-w- c:\program files\Common Files\witewifag.dat
2007-04-05 21:49 . 2007-04-05 21:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-08 1934336]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]
"Steam"="c:\users\public\steam\steam.exe" [2009-10-24 1217808]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-18 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCQCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-14 198160]
"Malwarebytes' Anti-Malware"="c:\users\Public\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-04 429392]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-11-18 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\Spyware Terminator\sp_rsdel.exe \??\c:\progra~2\Spyware

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Registration Tool.lnk]
backup=c:\windows\pss\Run Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^palma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WoW Glider.1.8.0.exe]
backup=c:\windows\pss\WoW Glider.1.8.0.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^palma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e

ùýùÇûïþóÎêøøûøôùÊýòñûûÞó
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjamon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TKIU Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{08B6B52F-0438-6B96-0307-070101060807}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2007-12-21 14:39 50520 ----a-w- c:\users\palma\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCQCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcqtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcqmon.exe]
2006-12-12 08:22 291720 ----a-w- c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-12-12 08:22 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-07-11 23:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashIcon]
2004-12-15 06:57 49152 ----a-w- c:\program files\GENERIC\USB Card Reader Driver v2.3\FlashIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-02-09 18:32 106496 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 17:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-02-09 18:32 98304 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-25 01:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCI USB Safe]
2004-05-21 22:39 34816 ----a-w- c:\windows\System32\usbsafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-12-12 08:22 304008 ----a-w- c:\program files\Dell Photo AIO Printer 966\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-02-09 18:32 81920 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-09-28 23:32 344064 ----a-w- c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-24 06:31 1217808 ----a-w- c:\users\Public\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-20 01:08 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-05-12 18:19 270336 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48 99624 ----a-w- c:\program files\Uniblue\RegistryBooster\StartRegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/17/2009 12:23 PM 114768]
R1 hwinterface;hwinterface;c:\windows\System32\drivers\hwinterface.sys [3/4/2009 5:46 PM 3026]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [5/15/2009 7:23 PM 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/17/2009 12:23 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/17/2009 12:23 PM 53328]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [6/23/2008 11:04 AM 65536]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [4/11/2009 10:13 PM 47640]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 MBAMService;MBAMService;c:\users\Public\Malwarebytes' Anti-Malware\mbamservice.exe [12/16/2009 1:54 PM 276816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/26/2009 10:12 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/16/2009 1:49 PM 19160]
R3 tenCapture;tenCapture;c:\windows\System32\drivers\tenCapture.sys [4/21/2007 6:15 AM 9344]
S2 Seekeen Service;Seekeen Service; [x]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [1/25/2008 1:12 AM 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 4:28 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
------- Supplementary Scan -------
.
uStart Page =
uDefault_Search_URL =
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Crawler Search - tbr:iemenu
FF - ProfilePath - c:\users\palma\AppData\Roaming\Mozilla\Firefox\Profiles\900xdqll.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{46245B5A-9FDE-4F66-B0F4-E686C8637D62} - (no file)
ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)
MSConfigStartUp-Fling - c:\program files\NCH Software\Fling\fling.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1179446061\ee\AOLSoftware.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-SigmatelSysTrayApp - sttray.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VirtualDJ\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 14:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys sprg.sys hal.dll >>UNKNOWN [0x862DB938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b9a7322
\Driver\ACPI -> acpi.sys @ 0x8b1b4d4c
\Driver\iaStor -> iastor.sys @ 0x8b297f90
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\palma\AppData\Local\Temp\LTXFEC.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-281787401-1428321093-735530139-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4615349C-1B6D-E59F-27CC-6550D5E167DE}*]
"haeeebiacmlmjbhh"=hex:6b,61,6c,68,6e,69,62,6e,63,69,6d,6b,70,6c,63,70,69,63,
63,6b,6c,6d,00,00
"iakebhiecgbamcjjig"=hex:6b,61,6c,68,6b,69,6d,6e,70,67,68,6a,62,70,65,66,68,69,
69,6e,69,61,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(972)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\System32\NLSData0009.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcqcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\lxbccoms.exe
c:\windows\system32\lxdjcoms.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-12-18 14:40:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 22:40

Pre-Run: 52,762,828,800 bytes free
Post-Run: 63,978,180,608 bytes free

- - End Of File - - 3F2C83AC892812533D93C1763F8C3C42

Re: Cant run Malwarebytes HELP!!!19th December 2009, 12:17 am

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::
C:\program files\Common Files\cidixek.scr
c:\program files\Common Files\mesuhan.bin
c:\program files\Common Files\qareq.com
c:\program files\Common Files\neluje.lib
c:\program files\Common Files\ozuwuhedat.dl
c:\program files\Common Files\witewifag.dat

Folder::
c:\users\palma\AppData\Roaming\uTorrent
c:\program files\uTorrent
c:\program files\LimeWire
c:\users\palma\AppData\Roaming\LimeWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{08B6B52F-0438-6B96-0307-070101060807}]

RegNull::
[HKEY_USERS\S-1-5-21-281787401-1428321093-735530139-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4615349C-1B6D-E59F-27CC-6550D5E167DE}*]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

DDS::
uStart Page =
uDefault_Search_URL =
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=

Driver::
Viewpoint Manager Service
Seekeen Service
npggsvc
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Cant run Malwarebytes HELP!!!19th December 2009, 1:46 am

ComboFix 09-12-16.05 - palma 12/18/2009 16:12:00.3.2 - x86
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.1.1033.18.3069.1911 [GMT -8:00]
Running from: c:\users\palma\Desktop\Combo-Fix.exe
Command switches used :: c:\users\palma\Desktop\CFScript.txt

FILE ::
"c:\program files\Common Files\cidixek.scr"
"c:\program files\Common Files\mesuhan.bin"
"c:\program files\Common Files\neluje.lib"
"c:\program files\Common Files\ozuwuhedat.dl"
"c:\program files\Common Files\qareq.com"
"c:\program files\Common Files\witewifag.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\cidixek.scr
c:\program files\Common Files\mesuhan.bin
c:\program files\Common Files\neluje.lib
c:\program files\Common Files\ozuwuhedat.dl
c:\program files\Common Files\qareq.com
c:\program files\Common Files\witewifag.dat
c:\program files\LimeWire
c:\program files\LimeWire\commons-httpclient.jar.tmp
c:\program files\LimeWire\commons-pool.jar.tmp
c:\program files\LimeWire\httpcore-nio.jar.tmp
c:\program files\LimeWire\httpcore.jar.tmp
c:\program files\LimeWire\id3v2.jar.tmp
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\unpackedJars.tmp
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\uTorrent
c:\program files\uTorrent\16667-utorrent.4168.dmp
c:\program files\uTorrent\16667-utorrent.e58f.dmp
c:\program files\uTorrent\uTorrent.exe
c:\users\palma\AppData\Roaming\LimeWire
c:\users\palma\AppData\Roaming\LimeWire\active.mojito
c:\users\palma\AppData\Roaming\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\palma\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\palma\AppData\Roaming\LimeWire\bugs.data
c:\users\palma\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\palma\AppData\Roaming\LimeWire\createtimes.cache
c:\users\palma\AppData\Roaming\LimeWire\downloads.dat
c:\users\palma\AppData\Roaming\LimeWire\fileurns.cache
c:\users\palma\AppData\Roaming\LimeWire\filters.props
c:\users\palma\AppData\Roaming\LimeWire\gnutella.net
c:\users\palma\AppData\Roaming\LimeWire\installation.props
c:\users\palma\AppData\Roaming\LimeWire\library.dat
c:\users\palma\AppData\Roaming\LimeWire\library5.dat
c:\users\palma\AppData\Roaming\LimeWire\limewire.props
c:\users\palma\AppData\Roaming\LimeWire\lock
c:\users\palma\AppData\Roaming\LimeWire\mojito.props
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BCC79A5d01
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\AE98BDE5d01
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\BB25F3C2d01
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\Cache\CEC59CF8d01
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\palma\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\palma\AppData\Roaming\LimeWire\player.props
c:\users\palma\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\palma\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\palma\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\palma\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\palma\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\palma\AppData\Roaming\LimeWire\questions.props
c:\users\palma\AppData\Roaming\LimeWire\responses.cache
c:\users\palma\AppData\Roaming\LimeWire\simpp.xml
c:\users\palma\AppData\Roaming\LimeWire\spam.dat
c:\users\palma\AppData\Roaming\LimeWire\tables.props
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\logo.png
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\notsearching.png
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\searching.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\palma\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\palma\AppData\Roaming\LimeWire\ttdata.cache
c:\users\palma\AppData\Roaming\LimeWire\ttrees.cache
c:\users\palma\AppData\Roaming\LimeWire\ttroot.cache
c:\users\palma\AppData\Roaming\LimeWire\version.xml
c:\users\palma\AppData\Roaming\LimeWire\versions.props
c:\users\palma\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\palma\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\palma\AppData\Roaming\LimeWire\xml\data\video.sxml3
c:\users\palma\AppData\Roaming\uTorrent
c:\users\palma\AppData\Roaming\uTorrent\Call.Of.Duty.World.At.War-RELOADED.torrent
c:\users\palma\AppData\Roaming\uTorrent\dht.dat
c:\users\palma\AppData\Roaming\uTorrent\dht.dat.old
c:\users\palma\AppData\Roaming\uTorrent\resume.dat
c:\users\palma\AppData\Roaming\uTorrent\resume.dat.old
c:\users\palma\AppData\Roaming\uTorrent\rss.dat
c:\users\palma\AppData\Roaming\uTorrent\rss.dat.old
c:\users\palma\AppData\Roaming\uTorrent\settings.dat
c:\users\palma\AppData\Roaming\uTorrent\settings.dat.old

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npggsvc
-------\Service_Seekeen Service
-------\Service_Viewpoint Manager Service

((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2100-01-01 05:38 . 2009-06-15 06:12 -------- d-----w- c:\users\palma\AppData\Roaming\MAGIX
2100-01-01 05:35 . 2007-04-27 18:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2100-01-01 05:35 . 2009-08-19 03:27 -------- d-----w- c:\windows\system32\MAGIX
2100-01-01 05:35 . 2008-04-16 00:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2099-05-21 23:40 . 2009-12-12 18:57 -------- d-----w- c:\users\Public\Starcraft
2009-12-19 00:28 . 2009-12-19 00:30 -------- d-----w- c:\users\palma\AppData\Local\temp
2009-12-19 00:28 . 2009-12-19 00:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-19 00:28 . 2009-12-19 00:28 -------- d-----w- c:\users\Techno\AppData\Local\temp
2009-12-19 00:28 . 2009-12-19 00:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-19 00:28 . 2009-12-19 00:28 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-12-19 00:28 . 2009-12-19 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-19 00:28 . 2009-12-19 00:28 -------- d-----w- c:\users\asrfeg\AppData\Local\temp
2009-12-18 19:51 . 2009-12-18 19:51 -------- d-----w- C:\_OTL
2009-12-18 03:34 . 2009-12-18 03:34 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-12-18 02:11 . 2009-11-03 04:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-18 01:58 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-18 01:58 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-18 01:58 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-18 01:58 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-18 01:58 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-18 01:58 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-18 01:58 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-18 01:58 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-18 01:58 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-17 20:23 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-17 20:23 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-17 20:23 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-17 20:23 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-17 20:23 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-17 20:23 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-17 20:23 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-16 21:54 . 2009-12-17 19:51 -------- d-----w- c:\users\Public\Malwarebytes' Anti-Malware
2009-12-16 21:49 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-16 21:49 . 2009-12-16 21:49 -------- d-----w- c:\programdata\Malwarebytes
2009-12-16 21:49 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 21:24 . 2009-12-17 19:59 -------- d-----w- c:\users\palma\AppData\Local\staimy
2009-12-16 21:24 . 2009-12-17 19:59 -------- d-----w- c:\users\palma\AppData\Local\kqxkye
2009-12-16 21:24 . 2009-12-17 19:59 -------- d-----w- c:\users\palma\AppData\Local\nxiyyh
2009-12-16 05:16 . 2009-12-16 05:16 -------- d-----w- c:\program files\Rockstar Games
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\Readme
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\DirectX
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\CRACK
2009-12-16 05:08 . 2009-12-16 05:08 -------- d-----w- c:\users\Public\Bin
2009-12-16 05:07 . 2009-12-16 05:07 -------- d-----w- c:\users\Public\audio
2009-12-16 02:11 . 2009-12-16 02:31 -------- d-----w- c:\program files\Magic Translator
2009-12-14 03:08 . 2009-12-14 03:08 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-14 03:07 . 2009-12-14 03:07 -------- d-----w- c:\program files\Real
2009-12-14 03:07 . 2009-12-14 03:08 -------- d-----w- c:\program files\Common Files\Real
2009-12-14 01:29 . 2009-12-14 01:29 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-14 01:28 . 2009-12-14 01:28 -------- d-----w- c:\users\palma\AppData\Roaming\AVG8
2009-12-13 18:26 . 2009-12-13 18:26 -------- d-----w- c:\program files\Gravity
2009-12-13 01:17 . 2009-12-13 01:17 -------- d-----w- c:\users\palma\AppData\Roaming\Acoustica
2009-12-13 01:17 . 2007-08-07 19:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-12-13 01:17 . 2009-12-13 01:19 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-12-13 01:17 . 2009-12-13 01:17 -------- d-----w- c:\programdata\Acoustica
2009-12-12 02:25 . 2009-12-12 02:25 -------- d-----w- c:\users\palma\AppData\Local\PackageAware
2009-12-07 03:06 . 2009-12-07 03:06 -------- d-----w- c:\users\palma\AppData\Roaming\SystemRequirementsLab
2009-12-06 03:14 . 2009-12-11 05:18 76197 ----a-w- c:\windows\War3Unin.dat
2009-12-06 03:14 . 2009-12-06 03:15 2829 ----a-w- c:\windows\War3Unin.pif
2009-12-06 03:14 . 2009-12-06 03:15 139264 ----a-w- c:\windows\War3Unin.exe
2009-12-06 03:12 . 2009-12-14 04:08 -------- d-----w- c:\users\Public\Warcraft III
2009-12-01 00:42 . 2009-12-01 00:42 22 ----a-w- c:\users\palma\Pictures.zip
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-29 19:53 . 2009-11-29 19:53 -------- d-----w- c:\program files\Rapid Express
2009-11-29 19:37 . 2009-11-29 19:37 -------- d-----w- c:\program files\Technitium
2009-11-26 02:47 . 2009-11-26 02:47 -------- d-----w- c:\programdata\LogMeIn
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-21 01:39 . 2009-11-21 01:39 -------- d-----w- c:\users\palma\AppData\Local\assembly
2009-11-21 01:39 . 2009-11-21 03:51 -------- d-----w- c:\program files\NCSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 00:11 . 2009-10-15 03:15 -------- d-----w- c:\program files\Curse
2009-12-18 21:09 . 1989-05-14 23:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-18 19:40 . 2009-04-12 06:12 -------- d-----w- c:\program files\LogMeIn
2009-12-18 03:35 . 2007-06-20 06:03 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-17 20:23 . 2009-04-18 23:27 -------- d-----w- c:\program files\Alwil Software
2009-12-17 00:01 . 2007-05-21 01:19 -------- d-----w- c:\program files\Dl_cats
2009-12-16 23:54 . 2008-02-26 20:20 6892 ----a-w- c:\users\palma\AppData\Local\d3d9caps.dat
2009-12-16 20:52 . 2007-05-08 21:03 361576 ----a-w- c:\users\palma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-16 05:16 . 2007-04-05 13:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-15 03:48 . 2007-07-22 02:13 -------- d-----w- c:\users\palma\AppData\Roaming\Xfire
2009-12-13 18:25 . 2009-10-14 02:58 -------- d-----w- c:\program files\ZD Soft
2009-12-13 01:17 . 2009-09-19 04:24 -------- d-----w- c:\program files\VstPlugins
2009-12-12 00:28 . 2007-07-22 02:13 -------- d-----w- c:\programdata\Xfire
2009-12-07 23:07 . 2009-11-16 04:04 -------- d-----w- c:\programdata\NOS
2009-12-06 21:28 . 2007-07-22 02:13 -------- d-----w- c:\program files\Xfire
2009-12-02 20:52 . 2009-12-02 20:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-12-01 04:01 . 2007-11-04 07:06 -------- d-----w- c:\users\palma\AppData\Roaming\GetRightToGo
2009-11-24 04:44 . 2009-11-14 06:41 -------- d-----w- c:\users\palma\AppData\Roaming\Any Video Converter
2009-11-24 04:42 . 2009-11-14 06:41 -------- d-----w- c:\program files\Any Video Converter
2009-11-19 00:20 . 2009-11-19 00:20 -------- d-----w- c:\program files\MagicDisc
2009-11-19 00:19 . 2009-11-19 00:19 -------- d-----w- c:\program files\MagicISO
2009-11-18 04:10 . 2009-11-18 03:32 -------- d-----w- c:\programdata\NFS Underground
2009-11-18 03:03 . 2009-11-17 04:59 -------- d-----w- c:\users\palma\AppData\Roaming\DAEMON Tools Lite
2009-11-17 04:59 . 2009-11-17 04:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-17 04:59 . 2009-11-17 04:59 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-16 04:04 . 2009-11-16 04:04 -------- d-----w- c:\program files\NOS
2009-11-13 04:00 . 2009-11-13 04:00 -------- d-----w- c:\program files\YouTube Downloader
2009-11-13 02:30 . 2009-11-13 02:30 -------- d-----w- c:\users\Techno\AppData\Roaming\Yahoo!
2009-11-13 02:24 . 2009-11-13 02:24 359376 ----a-w- c:\users\Techno\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-13 02:16 . 2009-11-13 02:16 -------- d-----w- c:\users\Techno\AppData\Roaming\Subversion
2009-11-13 02:16 . 2009-11-13 02:16 -------- d-----w- c:\program files\Web Publish
2009-11-13 01:28 . 2007-12-09 22:54 -------- d-----w- c:\users\palma\AppData\Roaming\Hamachi
2009-11-13 01:05 . 2007-11-30 00:44 -------- d-----w- c:\users\palma\AppData\Roaming\Apple Computer
2009-11-12 22:48 . 2009-11-12 22:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-30 22:56 . 2009-10-30 22:56 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2009-10-30 03:40 . 2007-05-24 05:54 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-30 02:09 . 2009-10-30 02:09 -------- d-----w- c:\program files\Common Files\Xara
2009-10-30 02:09 . 2009-10-30 02:09 -------- d-----w- c:\program files\Xara
2009-10-30 02:09 . 2007-04-05 13:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-08 00:20 . 2007-05-20 21:18 9356 ----a-w- c:\users\palma\AppData\Roaming\wklnhst.dat
2007-04-05 21:49 . 2007-04-05 21:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

Re: Cant run Malwarebytes HELP!!!19th December 2009, 1:46 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-08 1934336]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]
"Steam"="c:\users\public\steam\steam.exe" [2009-10-24 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCQCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-14 198160]
"Malwarebytes' Anti-Malware"="c:\users\Public\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-04 429392]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\users\palma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-11-18 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\Spyware Terminator\sp_rsdel.exe \??\c:\progra~2\Spyware

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Registration Tool.lnk]
backup=c:\windows\pss\Run Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^palma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WoW Glider.1.8.0.exe]
backup=c:\windows\pss\WoW Glider.1.8.0.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^palma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2007-12-21 14:39 50520 ----a-w- c:\users\palma\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCQCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcqtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcqmon.exe]
2006-12-12 08:22 291720 ----a-w- c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-12-12 08:22 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-07-11 23:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashIcon]
2004-12-15 06:57 49152 ----a-w- c:\program files\GENERIC\USB Card Reader Driver v2.3\FlashIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-02-09 18:32 106496 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 17:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-02-09 18:32 98304 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-25 01:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCI USB Safe]
2004-05-21 22:39 34816 ----a-w- c:\windows\System32\usbsafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-12-12 08:22 304008 ----a-w- c:\program files\Dell Photo AIO Printer 966\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-02-09 18:32 81920 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-09-28 23:32 344064 ----a-w- c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-24 06:31 1217808 ----a-w- c:\users\Public\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-20 01:08 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-05-12 18:19 270336 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48 99624 ----a-w- c:\program files\Uniblue\RegistryBooster\StartRegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/17/2009 12:23 PM 114768]
R1 hwinterface;hwinterface;c:\windows\System32\drivers\hwinterface.sys [3/4/2009 5:46 PM 3026]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [5/15/2009 7:23 PM 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/17/2009 12:23 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/17/2009 12:23 PM 53328]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [6/23/2008 11:04 AM 65536]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [4/11/2009 10:13 PM 47640]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 MBAMService;MBAMService;c:\users\Public\Malwarebytes' Anti-Malware\mbamservice.exe [12/16/2009 1:54 PM 276816]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/16/2009 1:49 PM 19160]
R3 tenCapture;tenCapture;c:\windows\System32\drivers\tenCapture.sys [4/21/2007 6:15 AM 9344]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [1/25/2008 1:12 AM 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 4:28 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Crawler Search - tbr:iemenu
FF - ProfilePath - c:\users\palma\AppData\Roaming\Mozilla\Firefox\Profiles\900xdqll.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\palma\AppData\Local\Temp\LTXFEC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3296)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcqcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\lxbccoms.exe
c:\windows\system32\lxdjcoms.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-12-18 16:42:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 00:42
ComboFix2.txt 2009-12-18 22:40

Pre-Run: 63,358,382,080 bytes free
Post-Run: 63,168,528,384 bytes free

- - End Of File - - D58BF2DEB5A28A96DC75DC9DD5A01586

Re: Cant run Malwarebytes HELP!!!19th December 2009, 2:04 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: Cant run Malwarebytes HELP!!!19th December 2009, 2:17 am

OMG I LOVE YOU NO MORE ERRORS!!! THANK YOU Belahzur Smile...

and what you think of my signature? Big Grin

............................................................................................
Cant run Malwarebytes HELP!!! Unled11i

Re: Cant run Malwarebytes HELP!!!19th December 2009, 3:43 pm

Not bad.

Now your in the trainee area, I suggest you spend a lot of time reading when your not doing much. Learn as much as you can, as fast as you can.

Cant run Malwarebytes HELP!!!

descriptionCant run Malwarebytes HELP!!!16th December 2009, 10:01 pm

descriptionRe: Cant run Malwarebytes HELP!!!16th December 2009, 10:07 pm

descriptionRe: Cant run Malwarebytes HELP!!!16th December 2009, 10:26 pm

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 1:01 am

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 4:27 am

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 5:59 pm

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 9:13 pm

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 9:49 pm

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 10:06 pm

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 10:09 pm

descriptionRe: Cant run Malwarebytes HELP!!!17th December 2009, 10:14 pm

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 12:28 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 12:33 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:03 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:06 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:06 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:09 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:19 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:19 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:21 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:22 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 1:23 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 2:01 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 2:27 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 2:52 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 10:58 am

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 8:52 pm

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 10:38 pm

descriptionRe: Cant run Malwarebytes HELP!!!18th December 2009, 11:55 pm

descriptionRe: Cant run Malwarebytes HELP!!!19th December 2009, 12:17 am

descriptionRe: Cant run Malwarebytes HELP!!!19th December 2009, 1:46 am

descriptionRe: Cant run Malwarebytes HELP!!!19th December 2009, 1:46 am

descriptionRe: Cant run Malwarebytes HELP!!!19th December 2009, 2:04 am

descriptionRe: Cant run Malwarebytes HELP!!!19th December 2009, 2:17 am

descriptionRe: Cant run Malwarebytes HELP!!!19th December 2009, 3:43 pm

descriptionRe: Cant run Malwarebytes HELP!!!