virus/malware

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Documents and Settings\sarah g.SARAH.000\My Documents\LimeWire

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\sarah g.SARAH.000\My Documents\LimeWire" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

i think that fixed it! the only thing happening now is that i am getting a ton of ie pop ups even when i am on firefox. how can i prevent that? i thank you guys so much! i really appreciate it!

i was wrong, a window still pops open saying computer is infected, when i try to close it, something starts scanning.

Post a new Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:07 PM, on 8/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sarah g.SARAH.000\My Documents\winlogon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: 1Club.FM Toolbar - {3a9262ef-45b5-46fc-b460-7053539c9176} - C:\Program Files\1Club.FM\tb1Cl0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: 1Club.FM Toolbar - {3a9262ef-45b5-46fc-b460-7053539c9176} - C:\Program Files\1Club.FM\tb1Cl0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: 1Club.FM Toolbar - {3a9262ef-45b5-46fc-b460-7053539c9176} - C:\Program Files\1Club.FM\tb1Cl0.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00F325224.exe] C:\DOCUME~1\SARAHG~1.000\LOCALS~1\Temp\_A00F325224.exe
O4 - HKCU\..\Run: [A00F581C415.exe] C:\DOCUME~1\SARAHG~1.000\LOCALS~1\Temp\_A00F581C415.exe
O4 - HKCU\..\Run: [A00F17B65.exe] C:\DOCUME~1\SARAHG~1.000\LOCALS~1\Temp\_A00F17B65.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Startup: UniversalCallerID.lnk = C:\Program Files\UniversalCallerID\UniversalCallerID.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: f0f624a5649 - C:\WINDOWS\System32\icardie32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: __c00E4400 - C:\WINDOWS\system32\__c00E4400.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7370 bytes

i am still getting redirected to mybestwebearch.net but when i have no script on it prevents it from changing.

Hello.
More malware jumped back on your machine.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\..\Run: [A00F325224.exe] C:\DOCUME~1\SARAHG~1.000\LOCALS~1\Temp\_A00F325224.exe
  O4 - HKCU\..\Run: [A00F581C415.exe] C:\DOCUME~1\SARAHG~1.000\LOCALS~1\Temp\_A00F581C415.exe
  O4 - HKCU\..\Run: [A00F17B65.exe] C:\DOCUME~1\SARAHG~1.000\LOCALS~1\Temp\_A00F17B65.exe
  O20 - Winlogon Notify: f0f624a5649 - C:\WINDOWS\System32\icardie32.dll
  O20 - Winlogon Notify: __c00E4400 - C:\WINDOWS\system32\__c00E4400.dat
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

the first 3 you told me to check did not show up in hijack this log. i already have mbam installed so i ran that and here is the log

Malwarebytes' Anti-Malware 1.39
Database version: 2537
Windows 5.1.2600 Service Pack 2

8/5/2009 2:11:27 PM
mbam-log-2009-08-05 (14-11-27).txt

Scan type: Quick Scan
Objects scanned: 94289
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\3.tmp (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\7.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00DC182.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e6396 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fd0659.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\3.tmp (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\7.tmp (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\sarah g.sarah.000\local settings\temp\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00FD0659.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\__c00DC182.dat (Trojan.Agent) -> Delete on reboot.

i think i have the antispyware 2009 virus. thats what starts scanning when i try to close windows explorer message saying my computer is infected. could mbam be not removing it because i had that installed when i obtained the virus?

i ran mbam again and here is the log

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00C0D52.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00EF2E1.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00c0d52 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1a284.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f127b7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f44f726.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F1A284.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F44F726.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F127B7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\19.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\4.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C0D52.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c0098149.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00EF2E1.dat (Trojan.Agent) -> Delete on reboot.

Re-run Combofix and post a new log.

ComboFix 09-07-31.04 - sarah g 08/06/2009 11:41.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1533 [GMT -4:00]
Running from: c:\documents and settings\sarah g.SARAH.000\Desktop\Combo-fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649C.manifest
c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649O.manifest
c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649P.manifest
c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649S.manifest
c:\documents and settings\sarah g.SARAH.000\My Documents\winlogon.exe
c:\windows\GnuHashes.ini
c:\windows\system32\__c0015940.dat
c:\windows\system32\__c00F6660.dat
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemX86
c:\windows\system32\SystemX86\245.crack.zip
c:\windows\system32\SystemX86\245.crack.zip.kwd
c:\windows\system32\SystemX86\246.keygen.zip
c:\windows\system32\SystemX86\246.keygen.zip.kwd
c:\windows\system32\SystemX86\247.serial.zip
c:\windows\system32\SystemX86\247.serial.zip.kwd
c:\windows\system32\SystemX86\248.setup.zip
c:\windows\system32\SystemX86\248.setup.zip.kwd
c:\windows\system32\SystemX86\249.music.au
c:\windows\system32\SystemX86\249.music.au.kwd
c:\windows\system32\SystemX86\250.music2.au
c:\windows\system32\SystemX86\250.music2.au.kwd
c:\windows\system32\SystemX86\251.music3.au
c:\windows\system32\SystemX86\251.music3.au.kwd
c:\windows\system32\SystemX86\252.music.snd
c:\windows\system32\SystemX86\252.music.snd.kwd
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 15:47 . 2009-08-06 15:47 557 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-08-06 15:47 . 2009-08-06 15:47 -------- d-sh--w- c:\windows\system32\SystemX86
2009-08-06 00:12 . 2009-08-06 00:25 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-05 23:45 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 23:45 . 2009-08-05 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 23:45 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 22:18 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-05 22:18 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-05 22:18 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\system32\scripting
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\system32\en
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\l2schemas
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\system32\bits
2009-08-05 22:10 . 2009-08-05 22:10 -------- d-----w- c:\windows\ServicePackFiles
2009-08-05 22:06 . 2009-08-05 22:06 -------- d-----w- c:\windows\EHome
2009-08-04 21:52 . 2009-08-04 21:53 -------- d-----w- c:\windows\system32\NtmsData
2009-08-04 21:38 . 2009-08-04 21:38 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-30 14:15 . 2009-07-30 14:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\program files\Pando Networks
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- C:\users
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\program files\AIM Toolbar
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\program files\Opera
2009-07-30 01:21 . 2009-07-30 01:21 -------- d--h--r- c:\documents and settings\sarah g.SARAH.000\Application Data\SecuROM
2009-07-30 01:00 . 2009-07-30 01:00 10134 ----a-r- c:\documents and settings\sarah g.SARAH.000\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-30 01:00 . 2009-07-30 00:28 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-30 01:00 . 2009-07-30 01:00 -------- d-----w- c:\program files\Microsoft WSE
2009-07-30 00:57 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-07-30 00:57 . 2009-07-30 00:57 -------- d-----w- c:\windows\Logs
2009-07-29 23:48 . 2009-07-29 23:48 -------- d-----w- c:\program files\ESET
2009-07-29 23:21 . 2009-07-29 23:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-07-29 23:20 . 2009-07-30 01:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-07-29 22:29 . 2009-08-01 01:49 -------- d-----w- c:\documents and settings\sarah g.SARAH.000\Application Data\SUPERAntiSpyware.com
2009-07-29 21:09 . 2009-07-29 21:09 -------- d-----w- C:\ProgramData
2009-07-29 21:09 . 2009-07-29 21:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-07-29 21:08 . 2009-07-30 00:46 -------- d-----w- c:\program files\Electronic Arts
2009-07-29 19:53 . 2009-07-29 19:53 120320 ----a-w- c:\windows\system32\icardie32.dll
2009-07-28 14:35 . 2009-07-28 14:35 4096 ----a-w- c:\windows\d3dx.dat
2009-07-28 14:35 . 2009-07-30 14:08 -------- d-----w- c:\program files\Kudos Demo
2009-07-13 19:30 . 2009-08-04 21:26 -------- d-----w- c:\program files\Transparent Windows

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 15:47 . 2009-08-06 15:47 518144 --sha-w- c:\windows\system32\3.tmp
2009-08-06 14:03 . 2009-08-06 12:06 117 ----a-w- c:\documents and settings\sarah g.SARAH.000\udpcrawl.tmp
2009-08-06 12:06 . 2009-08-06 12:06 518144 --sha-w- c:\windows\system32\1E.tmp
2009-08-06 10:57 . 2009-08-06 10:57 0 ----a-w- c:\windows\system32\4.tmp
2009-08-06 00:42 . 2008-09-27 16:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-05 22:13 . 2008-05-16 18:00 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-01 01:55 . 2008-05-15 15:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 01:49 . 2008-05-15 16:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-30 14:16 . 2008-05-17 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-07-30 14:14 . 2009-06-27 14:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-30 14:14 . 2009-06-09 13:38 -------- d-----w- c:\program files\Safari
2009-07-30 14:14 . 2008-05-17 22:55 -------- d-----w- c:\program files\AIM6
2009-07-30 14:14 . 2009-06-09 13:38 -------- d-----w- c:\program files\Bonjour
2009-07-30 14:10 . 2009-06-27 13:41 -------- d-----w- c:\program files\RegGenie
2009-07-30 01:07 . 2009-07-29 23:24 1328 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-30 00:46 . 2008-05-10 03:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 00:11 . 2008-05-15 15:58 -------- d-----w- c:\program files\LabelCommand
2009-07-29 22:49 . 2008-05-22 13:55 12720 ----a-w- c:\documents and settings\sarah g.SARAH.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 20:45 . 2008-07-29 22:42 -------- d-----w- c:\program files\SIM Edit Tool
2009-06-29 16:12 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 14:44 . 2009-06-27 14:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-27 14:43 . 2009-06-27 14:43 152576 ----a-w- c:\documents and settings\sarah g.SARAH.000\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-27 14:39 . 2009-06-27 14:40 38208 ----a-w- c:\documents and settings\sarah g.SARAH.000\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-21 21:14 . 2008-05-10 03:02 -------- d-----w- c:\program files\Java
2009-06-19 14:05 . 2009-06-19 14:05 -------- d-----w- c:\documents and settings\john\Application Data\Apple Computer
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 20:50 . 2008-11-17 15:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-06-09 13:38 . 2009-06-09 13:38 12736 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-09 13:38 . 2008-08-07 22:28 -------- d-----w- c:\documents and settings\sarah g.SARAH.000\Application Data\Apple Computer
2009-06-05 21:43 . 2009-06-05 21:43 69632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-08-04 21:41 . 2009-06-27 13:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-01_02.03.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-18 00:37 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-09-18 00:37 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2008-05-17 10:37 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50688 c:\windows\twain_32.dll
+ 2009-08-06 15:47 . 2009-08-06 15:47 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
+ 2008-05-16 17:57 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
- 2008-05-16 17:57 . 2006-03-01 19:42 11776 c:\windows\system32\xolehlp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\system32\xmlprovi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 30720 c:\windows\system32\xcopy.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 91648 c:\windows\system32\xactsrv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18432 c:\windows\system32\wtsapi32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50688 c:\windows\system32\wstdecod.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 22528 c:\windows\system32\wsock32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\system32\wship6.dll
+ 2004-08-04 10:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\system32\wscntfy.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\ws2help.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 32256 c:\windows\system32\wpabaln.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\system32\wmpui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\system32\wmpcore.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcore.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\system32\wmpcd.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcd.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 92672 c:\windows\system32\wlnotify.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 53760 c:\windows\system32\winsta.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 17408 c:\windows\system32\winshfhc.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 99328 c:\windows\system32\winscard.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\winrnr.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 75776 c:\windows\system32\wiascr.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
- 2004-08-04 10:00 . 2006-01-04 03:35 68096 c:\windows\system32\webclnt.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
- 2004-08-04 00:56 . 2004-08-04 07:56 23552 c:\windows\system32\wdmaud.drv
+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
+ 2004-08-04 10:00 . 2008-04-14 00:12 49152 c:\windows\system32\wdigest.dll
- 2004-08-04 10:00 . 2006-03-24 04:37 49152 c:\windows\system32\wdigest.dll

- 2008-05-16 17:57 . 2004-08-04 10:00 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 18944 c:\windows\system32\wbem\wbemprox.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 86528 c:\windows\system32\wbem\stdprov.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
+ 2008-05-16 17:57 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 47104 c:\windows\system32\wbem\ncprov.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
- 2008-05-16 17:57 . 2004-08-04 10:00 16384 c:\windows\system32\wbem\mofcomp.exe
- 2008-05-16 17:57 . 2004-08-04 10:00 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2008-05-16 17:57 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2004-08-04 10:00 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 17664 c:\windows\system32\watchdog.sys
+ 2004-08-04 10:00 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
+ 2004-08-04 10:00 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 15872 c:\windows\system32\w3ssl.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\version.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
- 2006-03-17 00:38 . 2006-03-17 00:38 28672 c:\windows\system32\verclsid.exe
+ 2006-03-17 00:38 . 2008-04-14 00:12 28672 c:\windows\system32\verclsid.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 51712 c:\windows\system32\vdmredir.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 26112 c:\windows\system32\vdmdbg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 30749 c:\windows\system32\vbajet32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\system32\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\usmt\log.dll
+ 2004-08-04 10:00 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
+ 2008-09-18 00:37 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
- 2008-05-16 10:54 . 2004-08-04 07:56 74240 c:\windows\system32\usbui.dll
+ 2008-05-16 10:54 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\usbmon.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18432 c:\windows\system32\ups.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\upnpcont.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\system32\uniplat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 74240 c:\windows\system32\unimdmat.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
+ 2007-11-13 11:31 . 2008-04-14 00:12 60416 c:\windows\system32\tzchange.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 12168 c:\windows\system32\tsddd.dll
+ 2004-08-04 10:00 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 93696 c:\windows\system32\tscfgwmi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
+ 2004-08-04 10:00 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 12288 c:\windows\system32\tracert.exe
- 2004-08-04 10:00 . 2005-05-10 23:45 75776 c:\windows\system32\telnet.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\telnet.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 45568 c:\windows\system32\tcpmonui.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 45568 c:\windows\system32\tcpmon.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\system32\tcpmib.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 57856 c:\windows\system32\synceng.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\system32\svchost.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
- 2008-05-16 10:53 . 2004-08-04 00:56 74752 c:\windows\system32\storprop.dll

+ 2008-05-16 10:53 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
+ 2009-08-06 00:12 . 1996-01-12 21:00 24576 c:\windows\system32\STKIT432.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\system32\stimon.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\system32\ssstars.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\ssmyst.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 47104 c:\windows\system32\ssmypics.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 20992 c:\windows\system32\ssmarque.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 71680 c:\windows\system32\ssdpsrv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 34816 c:\windows\system32\ssdpapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\ssbezier.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
- 2004-08-04 10:00 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 96768 c:\windows\system32\srvsvc.dll
+ 2008-05-16 17:58 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
- 2008-05-16 17:58 . 2004-08-04 10:00 67584 c:\windows\system32\srclient.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv.exe
- 2004-08-04 10:00 . 2005-06-10 23:53 57856 c:\windows\system32\spoolsv.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
+ 2004-08-04 10:00 . 2008-04-14 12:42 11264 c:\windows\system32\spnpinst.exe
+ 2008-11-13 05:53 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
- 2008-11-13 05:53 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\snmpapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 50688 c:\windows\system32\smss.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 89600 c:\windows\system32\smlogsvc.exe
+ 2008-09-18 00:38 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
+ 2008-09-18 00:38 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
+ 2008-09-18 00:38 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 98304 c:\windows\system32\slbiop.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 25088 c:\windows\system32\slayerxp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 26112 c:\windows\system32\skeys.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 70144 c:\windows\system32\sigverif.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\system32\sigtab.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\system32\shutdown.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 27648 c:\windows\system32\shscrap.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 27648 c:\windows\system32\shscrap.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 77824 c:\windows\system32\shrpubw.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 77824 c:\windows\system32\shrpubw.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 45056 c:\windows\system32\shmgrate.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 65024 c:\windows\system32\shimeng.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 68096 c:\windows\system32\shgina.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 68096 c:\windows\system32\shgina.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 25088 c:\windows\system32\shfolder.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 25088 c:\windows\system32\shfolder.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 32768 c:\windows\system32\setupn.exe

i will be here all day posting it! it is pages and pages long? is there an easier way? i dont know why it is so long. that is only some of it that i posted.

http://rapidshare.com/files/264435852/combofixlog.txt.html
MD5: 75EC90CCCA16BD75EA5C05293316523D

here is a link to it

it seems to be running ok now. im not getting anymore pop ups. i will know for sure if i am on the internet a little longer to tell.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

its driving me crazy, i am still getting ie add pop ups. i did not get the windows explorer message saying my computer is infected so thats good. but i still think the virus is there. when i do a google search, i get results to download antispyware 2009 and still get redirected to this:
http://64.111.196.117/c.php?s=eNotkU2PsjAAhH-QidtS-nXYAwuiooKAonB5YymgCOquiED645c32cxkkidzmMNcFISU6opxqDal37kh6BSYAqT_pQYABwwQiCEBTMW1fcn8z0-VAcl0QE5Sg4xTqElKMWYZohkSSGb8H8pTlGKdQqEBwQnQCSOYYZIjRnQ8TmpEQZW5d3e4Nn1RGobhWuK1DI39xdsArX7Ly-W9mS9dalnMDBzT9ITGH6hwI6eHQzD08XB8e3FvU787V6L6OoMF47PJcHpwu37tQuIW1PH6qj31s8wN3a7hcj7cnu6LlffZIu_p0_pm5CdMVhvzxrdeeT46wUP-HGaJv937iWXexOQZPmcfX9CfROk6JN5AqiHyvNLx1nq7SEj3aApTmrDbGeF5tbj75VwCcty5-v7WN853M6Rx5Cy8S4O92eYafPCWbduTzco2j207uprg4RvDvJNPqzU_Vk5h-lTX423SHnG1eJPj85iLGyIQ2csI3gN6yIv5e5UIaIw_EDZlcIrAaKXYCHjK0ZSokTQlkUTr2j0nddSMN7xijTdj818K_bVOlaIAJQdnSA52H2vFS9QRUAIxBnHGdCEBJjgXONcExpRlHJM0pb_K-bJf-

should i wait to do that last step since the virus is still there?

Run a Malwarebytes full scan and post the results back here.

Malwarebytes' Anti-Malware 1.40
Database version: 2566
Windows 5.1.2600 Service Pack 3

8/6/2009 4:49:26 PM
mbam-log-2009-08-06 (16-49-26).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 242953
Time elapsed: 37 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\1E.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0072706.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0072706 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f7be9ec.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\1E.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F7BE9EC.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\sarah g.SARAH.000\LOCALS~1\temp\6.tmp.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\3.tmp.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP475\A0063879.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045264.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045257.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045268.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045269.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045271.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045273.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045274.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045275.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045277.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045278.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045279.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045280.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045281.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP420\A0045680.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP461\A0062756.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062811.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062818.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062822.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062823.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062825.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062827.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062828.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062829.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062830.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062831.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062832.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063774.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063775.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063777.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063778.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063780.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063781.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\245.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\245.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\246.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\246.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\247.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\248.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\248.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\249.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\249.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\250.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\250.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\251.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\251.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\252.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\252.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0072706.dat (Trojan.Vundo) -> Delete on reboot.

How is the machine running now?

its ok as of right now but it usually starts again when i am on the computer for awhile. i will post back and let you know. i thank you so much for all your help!

so far no crazy pop ups but the antivirus 2009 still shows up in google searches where the sponsored links are.

it was doing ok till this morning when something called net scan started scanning my computer

Rescan with Combofix AGAIN and upload the log to rapidshare

http://rapidshare.com/files/264872887/combofixlog2.txt.html
MD5: 90498D1A11DFF7A847FB59D376E365AC

That looks like it should have removed it again.
You are possibly visiting a bad site, that's why it came back.

but i only go on google for searches or facebook. i dont really use the computer for anything else. all the pop up ads i get are from internet explorer when i am on firefox. the other things are windows pop ups with messages saying my computer is infected trying to get me to buy stuff like the antispyware 2009.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

GooredFix by jpshortstuff (12.07.09)
Log created at 20:57 on 07/08/2009 (sarah g)
Firefox version 3.0.13 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:29 27/06/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [14:44 27/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"myspacefftb@myspace.com"="C:\Program Files\MySpace\Toolbar\1.0.28.0_1\" []
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:14 21/06/2009]

-=E.O.F=-

I don't see any sign of infection, do the following, I want to make sure there isn't anything left:

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
  
• The program will then begin downloading and installing and will also update the database.
  
• Please be patient as this can take several minutes.
  
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Click View scan report at the bottom.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
  
  **Note**
  
  To optimize scanning time and produce a more sensible report for review:
  
  
• Close any open programs.
  
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
  

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

pages do not want to load in ie. i cant even load this site. i tried to download kaspersky a few days ago but it would not download, either would avg. when i click on them it does nothing. the link works with firefox but i cant get to it in ie.

ok i copied the link and pasted it, it worked. im going to try it now

i tried to run it twice in ie but i get an error saying update failed, i must be online to run it,which i am. it says error key is expired.

hi, just wanted to say that i ran mbam again and after that everything seems ok now. the files in the log though i thought were deleted previously but i guess not. ie is my only problem, i keep getting pop up ads from this site:
bestscanpc.org/win/?code=934

and also pages do not load.
i appreciate all your help!

Hello.
Lets see what's installed, a toolbar maybe causing this.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AIM 6
AIM MusicLink 4.0.0.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Digital Line Detect
Download Updater (AOL LLC)
EA Download Manager
ESET Online Scanner v3
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Modem Diagnostic Tool
Mozilla Firefox (3.0.13)
NetWaiting
OpenOffice.org Installer 1.0
Photo! Editor 1.1
PhotoScape
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SIM Edit Tool
Spybot - Search & Destroy
The Sims 3
Universal Caller ID
UniversalCallerID
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5

How is the machine running now?

i feel awful to keep asking you guys for help! but the darn virus came back. its the windows pop saying im infected again, and then the antispyware 2009 starts scanning. it was running smooth this morning and then it just start happening again. its usually when i do searches on google.