I have no clue what im doing

[alspach06]

this scan is taking FOREVER!

[evilfantasy]

Did you choose full scan or quick scan.

There are a BUNCH of adware files to be removed so if it takes a while it's worth it. As long as it doesn't get stuck then everything is OK.

Can't wait to see the log... 

[alspach06]

Malwarebytes' Anti-Malware 1.36
Database version: 1995
Windows 5.1.2600 Service Pack 3

4/17/2009 5:46:26 PM
mbam-log-2009-04-17 (17-46-26).txt

Scan type: Quick Scan
Objects scanned: 110120
Time elapsed: 37 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 60
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 69

Memory Processes Infected:
D:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Unloaded process successfully.

Memory Modules Infected:
D:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
D:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
D:\Documents and Settings\All Users\Application Data\tmdelapw.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77fcd0b8-ff5e-479e-a337-2562e05f7824} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webhancer agent (Adware.Webhancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tmdelapw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
D:\Program Files\Ipwindows (Trojan.Rond) -> Files: 2461 -> Quarantined and deleted successfully.
D:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
D:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
D:\WINDOWS\system32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
D:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
D:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\Linda\Local Settings\Temp\snpp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Linda\Local Settings\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
D:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
D:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\tmdelapw.dll (Trojan.Agent) -> Delete on reboot.
D:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
D:\Program Files\Common Files\Yazzle1122OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\taskkill.com (Worm.P2P) -> Quarantined and deleted successfully.








your not gunna crash n burn my computer are you

[alspach06]

DS (Ver_09-03-16.01) - NTFSx86 
Run by Linda at 18:07:07.37 on Fri 04/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.247.72 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\igfxtray.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
D:\Documents and Settings\Linda\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - d:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - d:\program files\windows live toolbar\msntb.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "d:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [AVG7_CC] d:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [AVG7_EMC] d:\progra~1\grisoft\avgfre~1\avgemc.exe
mRun: [IgfxTray] d:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "d:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [IpWins] d:\program files\ipwindows\ipwins.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
dRun: [AVG7_Run] d:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - d:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - d:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office\OSA9.EXE
IE: &Windows Live Search - d:\program files\windows live toolbar\msntb.dll/search.htm
IE: Open in new background tab - d:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?f60327c5b4d84eafb53ab58613fead2f
IE: Open in new foreground tab - d:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?f60327c5b4d84eafb53ab58613fead2f
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130969658513
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;d:\windows\system32\drivers\avg7core.sys [2006-5-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver;d:\windows\system32\drivers\avg7rsw.sys [2006-2-27 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;d:\windows\system32\drivers\avg7rsxp.sys [2006-3-14 27776]
R1 AvgClean;AVG Clean Driver;d:\windows\system32\drivers\avgclean.sys [2007-4-12 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;d:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-11-3 418816]
R2 Avg7UpdSvc;AVG7 Update Service;d:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-11-3 49664]
R2 AvgTdi;AVG Network Redirector;d:\windows\system32\drivers\avgtdi.sys [2005-11-3 4960]
S2 Client IP-IPX;Client IP-IPX;"d:\windows\system32\svchosts.exe" -e te-110-12-0000282 --> d:\windows\system32\svchosts.exe [?]

=============== Created Last 30 ================

2009-04-17 16:55   <DIR>   --d-----   d:\docume~1\linda\applic~1\Malwarebytes
2009-04-17 16:54   15,504   a-------   d:\windows\system32\drivers\mbam.sys
2009-04-17 16:54   38,496   a-------   d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 16:54   <DIR>   --d-----   d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 16:54   <DIR>   --d-----   d:\program files\Malwarebytes' Anti-Malware
2009-04-16 12:02   <DIR>   --d-----   D:\SDFix
2009-04-15 13:20   <DIR>   --d-----   d:\program files\Trend Micro
2009-04-14 21:18   401,408   -c------   d:\windows\system32\dllcache\rpcss.dll
2009-04-14 21:18   284,160   -c------   d:\windows\system32\dllcache\pdh.dll
2009-04-14 21:18   110,592   -c------   d:\windows\system32\dllcache\services.exe
2009-04-14 21:18   473,600   -c------   d:\windows\system32\dllcache\fastprox.dll
2009-04-14 21:18   453,120   -c------   d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 21:18   227,840   -c------   d:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 21:18   729,088   -c------   d:\windows\system32\dllcache\lsasrv.dll
2009-04-14 21:18   617,472   -c------   d:\windows\system32\dllcache\advapi32.dll
2009-04-14 21:18   714,752   -c------   d:\windows\system32\dllcache\ntdll.dll
2009-04-14 21:17   1,203,922   -c------   d:\windows\system32\dllcache\sysmain.sdb
2009-04-14 21:17   2,560   --------   d:\windows\system32\xpsp4res.dll
2009-04-14 21:17   215,552   -c------   d:\windows\system32\dllcache\wordpad.exe
2009-04-14 12:27   <DIR>   --d-----   d:\program files\iPod
2009-04-14 11:42   156,672   --------   d:\windows\system32\RtlCPAPI.dll
2009-04-14 11:42   69,632   --------   d:\windows\soundman.exe
2009-04-14 11:42   40,448   --------   d:\windows\system32\ChCfg.exe
2009-04-14 11:42   9,196,032   --------   d:\windows\system32\RTLCPL.exe
2009-04-14 11:42   141,016   --------   d:\windows\system32\alsndmgr.wav
2009-04-14 11:42   208,896   --------   d:\windows\alcupd.exe
2009-04-14 11:42   139,264   --------   d:\windows\alcrmv.exe
2009-04-07 13:18   <DIR>   --d-----   d:\program files\Realtek
2009-04-07 13:18   540,672   a-------   d:\windows\RtlExUpd.dll
2009-04-06 21:48   36,864   a-------   d:\windows\system32\drivers\usbaapl.sys
2009-04-06 21:47   1,900,544   a-------   d:\windows\system32\usbaaplrc.dll
2009-04-06 19:01   107,368   a-------   d:\windows\system32\GEARAspi.dll
2009-04-06 19:01   23,400   a-------   d:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-06 12:26   <DIR>   --d-----   d:\program files\iTunes
2009-04-06 12:26   <DIR>   --d-----   d:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-06 12:25   <DIR>   --d-----   d:\program files\Bonjour
2009-03-30 17:50   <DIR>   --dsh---   d:\documents and settings\linda\PrivacIE
2009-03-30 17:44   <DIR>   --dsh---   d:\documents and settings\linda\IETldCache
2009-03-30 17:28   <DIR>   --d-----   d:\windows\ie8updates
2009-03-30 17:24   <DIR>   -cd-h---   d:\windows\ie8
2009-03-30 17:16   105,984   -c------   d:\windows\system32\dllcache\iecompat.dll
2009-03-21 09:06   989,696   -c------   d:\windows\system32\dllcache\kernel32.dll

==================== Find3M  ====================

2009-03-08 04:34   914,944   a-------   d:\windows\system32\wininet.dll
2009-03-08 04:34   43,008   a-------   d:\windows\system32\licmgr10.dll
2009-03-08 04:33   18,944   a-------   d:\windows\system32\corpol.dll
2009-03-08 04:33   420,352   a-------   d:\windows\system32\vbscript.dll
2009-03-08 04:32   72,704   a-------   d:\windows\system32\admparse.dll
2009-03-08 04:32   71,680   a-------   d:\windows\system32\iesetup.dll
2009-03-08 04:31   34,816   a-------   d:\windows\system32\imgutil.dll
2009-03-08 04:31   48,128   a-------   d:\windows\system32\mshtmler.dll
2009-03-08 04:31   45,568   a-------   d:\windows\system32\mshta.exe
2009-03-08 04:22   156,160   a-------   d:\windows\system32\msls31.dll
2009-03-06 09:22   284,160   a-------   d:\windows\system32\pdh.dll
2009-02-09 07:10   729,088   a-------   d:\windows\system32\lsasrv.dll
2009-02-09 07:10   714,752   a-------   d:\windows\system32\ntdll.dll
2009-02-09 07:10   617,472   a-------   d:\windows\system32\advapi32.dll
2009-02-09 07:10   401,408   a-------   d:\windows\system32\rpcss.dll
2009-02-09 06:13   1,846,784   a-------   d:\windows\system32\win32k.sys
2009-02-07 19:02   2,066,048   a-------   d:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11   110,592   a-------   d:\windows\system32\services.exe
2009-02-06 06:08   2,189,056   a-------   d:\windows\system32\ntoskrnl.exe
2009-02-06 05:39   35,328   a-------   d:\windows\system32\sc.exe
2009-02-03 14:59   56,832   a-------   d:\windows\system32\secur32.dll

============= FINISH: 18:07:38.96 ===============

[alspach06]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2005 4:11:20 PM
System Uptime: 4/17/2009 5:48:45 PM (1 hours ago)

Motherboard: TriGem Computer Inc. |  | Glendale motherboard                         
Processor:                 Intel(R) Celeron(R) CPU 2.70GHz | WMT478/NWD | 2691/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 6 GiB total, 0.576 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 20.1 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 4/7/2009 12:35:54 PM - System Checkpoint
RP2: 4/7/2009 1:18:39 PM - Installed Realtek High Definition Audio Driver
RP3: 4/8/2009 1:26:29 PM - System Checkpoint
RP4: 4/9/2009 2:26:25 PM - System Checkpoint
RP5: 4/10/2009 3:26:26 PM - System Checkpoint
RP6: 4/11/2009 3:58:27 PM - System Checkpoint
RP7: 4/12/2009 4:58:25 PM - System Checkpoint
RP8: 4/13/2009 5:58:27 PM - System Checkpoint
RP9: 4/14/2009 12:05:48 PM - Removed iTunes
RP10: 4/14/2009 12:10:05 PM - Removed QuickTime
RP11: 4/14/2009 12:26:43 PM - Installed iTunes
RP12: 4/15/2009 3:00:36 AM - Software Distribution Service 3.0
RP13: 4/16/2009 3:20:33 AM - System Checkpoint
RP14: 4/17/2009 4:19:49 AM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Mobile Device Support
Apple Software Update
AVG Free Edition
Bonjour
CardRd81
CCScore
CR2
Critical Update for Windows Media Player 11 (KB959772)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Form Fill (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics Driver
IpWins
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LimeWire 4.16.6
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
netbrdg
Notifier
OfotoXMI
OIN
OneCare Advisor (Windows Live Toolbar)
PCDADDIN
PCDHELP
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
SKIN0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
staticcr
Tabbed Browsing (Windows Live Toolbar)
tooltips
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/16/2009 12:10:04 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
4/16/2009 12:10:04 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2009 12:10:04 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2009 12:09:33 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/16/2009 12:09:29 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/14/2009 12:07:47 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
4/14/2009 11:49:07 AM, error: Service Control Manager [7000]  - The Client IP-IPX service failed to start due to the following error:  The system cannot find the file specified.

==== End Of File ===========================

[evilfantasy]

your not gunna crash n burn my computer are you

I find more enjoyment in making them run good then I do crashing them...  

Go to Add or Remove Programs and uninstall:

- IpWins

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
BHO: 1 (0x1) - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [IpWins] d:\program files\ipwindows\ipwins.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

Folder::
d:\program files\ipwindows

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
  
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
  
• Place a check next to Remove Useless JRE Files and click Go
  
• Exit JavaRa
  
• Delete the JavaRa files from the Desktop

.
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

[alspach06]

sorry this is taking so long..new hours at work so i dont have a whole lot of extra time on my hands and the computer you are helping me fix isnt at my house yet... it will prob be like this for awhile..i appreciate your helping me...






ComboFix 09-04-20.02 - Linda 04/19/2009 21:50.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.247.59 [GMT -5:00]
Running from: d:\documents and settings\Linda\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Linda\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
d:\documents and settings\Michelle\Start Menu\Programs\Startup\winlogon.lnk
d:\progra~1\COMMON~1\{10B7B~1
d:\progra~1\COMMON~1\{10B7B~1\system.dll
d:\progra~1\COMMON~1\{10B7B~2
d:\progra~1\COMMON~1\{10B7B~2\system.dll
d:\program files\messenger\msmsgs.exe
d:\windows\system32\hljwugsf.bin

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Service_Client IP-IPX



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="d:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-03-01 590848]
"AVG7_EMC"="d:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-27 406528]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="d:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 219136]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - d:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - d:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"d:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"d:\\StubInstaller.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"d:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - Avg7Alrt
*Deregistered* - Avg7UpdSvc
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - iPod Service
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-20 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f60327c5b4d84eafb53ab58613fead2f
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f60327c5b4d84eafb53ab58613fead2f
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Client IP-IPX]
"ImagePath"="\"d:\windows\system32\svchosts.exe\" -e te-110-12-0000282"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2164)
d:\docume~1\Linda\LOCALS~1\Temp\IadHide5.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\OneX.DLL
d:\windows\system32\eappprxy.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
d:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-20 22:15 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-20 03:15

Pre-Run: 21,504,122,880 bytes free
Post-Run: 23,344,259,072 bytes free

162   --- E O F ---   2009-04-15 08:08

[alspach06]

what do i download on the website for the new Sun Java Runtime Environment? which one do i pick???

[evilfantasy]

The 5th download button next to JRE 6 Update 13 on this page. http://java.sun.com/javase/downloads/index.jsp

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Client IP-IPX]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

How is the computer running now?

[alspach06]

there is 3 options to download which do i choose?

[evilfantasy]

The first one. Windows Offline Installation

[alspach06]

ok so when i downloaded java once it was finished i kept gettin a message that said Syntec error what is that

[evilfantasy]

Is that the whole error?

Have you restarted the computer?

[alspach06]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Client IP-IPX\\ not found.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5716.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5736.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B80.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B90.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\V341E69C\ViewFilteredProducts-SingleVariationTypeFilter98a8d675[1].htm scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\A9MGCRYN\topic,81147.msg540929[1].html scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_18c.dat scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_e6c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04202009_215520

Files moved on Reboot...
DllUnregisterServer procedure not found in D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll
D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
D:\DOCUME~1\Linda\LOCALS~1\Temp\IadHide5.dll moved successfully.
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5716.tmp not found!
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5736.tmp not found!
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B80.tmp not found!
File D:\DOCUME~1\Linda\LOCALS~1\Temp\~DF5B90.tmp not found!
D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\V341E69C\ViewFilteredProducts-SingleVariationTypeFilter98a8d675[1].htm moved successfully.
D:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\A9MGCRYN\topic,81147.msg540929[1].html moved successfully.
File D:\WINDOWS\temp\Perflib_Perfdata_18c.dat not found!
D:\WINDOWS\temp\Perflib_Perfdata_e6c.dat moved successfully.

[alspach06]

im pretty sure i didnt get my java updated right can you start over with those instructions?