HELP ME PLEASE !!! Bankerfox

I have millions of popups and alerts.... BANKERFOX.A it says... can't do anything.

PLEASE HELP ME

Now I have alerts saying my computer will shut down in 60 seconds... then it shuts down!!!

I always had AVAST on my computer and keep it updated... how did this get in????

I follwed some instructions found here... HijackThis.... here is a past of the log it gave me after the scan...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:05, on 2009-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\baempo\najysysguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Distributel
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 www.winguard-2009.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Distributel Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [xlknokxt] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\baempo\najysysguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [xlknokxt] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\baempo\najysysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CD-MENU.LNK = D:\AutoMenu.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212721323906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213654569360&h=cbc540f20c614ebed7ea77b3d73ca8e8/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9195 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O1 - Hosts: ::1 localhost
  O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
  O1 - Hosts: 91.212.127.226 winguard-2009.com
  O1 - Hosts: 91.212.127.226 www.winguard-2009.com
  O4 - HKLM\..\Run: [xlknokxt] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\baempo\najysysguard.exe
  O4 - HKCU\..\Run: [xlknokxt] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\baempo\najysysguard.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Wow.... thanks... already feels better to be able to reply without any popups or alerts appearing all over the place!!

anything else I have to do??
thank you SOOOO MUCH !!!

here is a paste of MBAM Log:


Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 5.1.2600 Service Pack 2

2009-11-03 21:18:07
mbam-log-2009-11-03 (21-18-07).txt

Scan type: Quick Scan
Objects scanned: 113100
Time elapsed: 16 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Propriétaire\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\FunWebProducts\Data\Propriétaire (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\D5H0ENEO\Inst_180s9[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\FunWebProducts\Data\Propriétaire\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\FunWebProducts\Data\Propriétaire\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

Hi There,
the virus came back.... popups and alerts are flooding my screen
now it says I have 2 Viruses.... BANKERFOX.A AND Win32/Nuqel.E

do I have to restart the whole procedure??

I will redo the scan on HijackThis and post it here.....

thank you for your time... greatly appreciated !!

Here is the latest HijackThis log scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:52, on 2009-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\elycmj\vrjosysguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Distributel
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 www.winguard-2009.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Distributel Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [sodgqceg] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\elycmj\vrjosysguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [sodgqceg] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\elycmj\vrjosysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CD-MENU.LNK = D:\AutoMenu.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212721323906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213654569360&h=cbc540f20c614ebed7ea77b3d73ca8e8/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9054 bytes

Can you re-run the whole thing? right from the Hijack This fix.

yes sure, but the boxes that you had me ''check'' in HighjackThis and then ''fix'' are not all there anymore

O4 - HKLM\..\Run: [xlknokxt] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\baempo\najysysguard.exe
O4 - HKCU\..\Run: [xlknokxt] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\baempo\najysysguard.exe

are both not there.... so do I just check the other boxes that are still there??

thanks again

Yes.

Hi There !
okay.... I've re-ran everything right from the HijackThis fix.

the first time I had done this I remember the popups had stopped. Now everything is still the same... popups + alerts (BankerFox.A + Nuqel.E)

anyway... I redid the procedure with MBAM as well (the log is below)

also.. I downloaded DDS by sUBs to my Desktop but am completely unable to run DDS.scr everytime I double click on it (and I've clicked hundreds of times) I have a popup: the file dds.scr is infected.
What should I do now???
thank you for your patience ! here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 5.1.2600 Service Pack 2

2009-11-05 23:51:25
mbam-log-2009-11-05 (23-51-25).txt

Scan type: Quick Scan
Objects scanned: 93745
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please download CKScanner by askey127 from here

Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

==

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • hȋdden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • hȋdden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The
  log will be saved automatically in the same folder Sysprot.exe was
  extracted to. Open the text file and copy/paste the log here.
  

==

Please post the CKScanner and SysProt logs in your next reply.

Hi,
thanks.... so I got to do the CKScanner part. here is my log below.
I did the ''Scan Root Drive'' .. that was fine... found the log text file... but my computer will not read it says windows cannot open this file
file : SysProDrv.sys

thanks for your help

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\propriétaire\mes documents\ma musique\downloaded 06-2008\eminem - crack cocaine (unreleased very rare studio out tak.mp3
scanner sequence 3.AP.11
----- EOF -----

Please download SpiderKill and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

ok thanks... here is the log of SpiderKill

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [version 5.1.2600]

********************Drivers list********************


Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est B88F-3952

R‚pertoire de C:\Windows\System32\Drivers

2009-11-03 20:58 .
2009-11-03 20:58 ..
2008-05-15 18:13 26ÿ944 aavmker4.sys
2004-08-19 14:56 188ÿ672 acpi.sys
2004-08-19 14:56 12ÿ032 acpiec.sys
2006-02-14 19:22 142ÿ464 aec.sys
2004-08-19 14:56 138ÿ496 afd.sys
2004-08-19 15:07 41ÿ216 amdk6.sys
2004-08-19 15:07 41ÿ600 amdk7.sys
2004-08-19 15:07 60ÿ800 arp1394.sys
2008-05-15 18:16 20ÿ560 aswFsBlk.sys
2008-01-17 11:34 93ÿ264 aswmon.sys
2008-05-15 18:18 94ÿ416 aswmon2.sys
2008-05-15 18:15 23ÿ152 aswRdr.sys
2008-05-15 18:20 78ÿ416 aswSP.sys
2008-05-15 18:14 42ÿ912 aswTdi.sys
2004-08-19 14:56 14ÿ336 asyncmac.sys
2004-08-19 14:56 95ÿ360 atapi.sys
2004-08-19 14:56 59ÿ904 atmarpc.sys
2004-08-19 14:56 31ÿ360 atmepvc.sys
2004-08-19 14:56 55ÿ936 atmlane.sys
2004-08-19 14:56 352ÿ256 atmuni.sys
2001-08-17 16:59 3ÿ072 audstub.sys
2004-08-19 14:56 4ÿ224 beep.sys
2004-08-19 14:56 71ÿ552 bridge.sys
2004-08-19 14:56 13ÿ952 cbidf2k.sys
2004-08-19 14:57 18ÿ688 cdaudio.sys
2004-08-19 14:56 63ÿ744 cdfs.sys
2008-07-23 11:50 9ÿ336 cdr4_xp.sys
2008-07-23 11:50 9ÿ464 cdralw2k.sys
2004-08-19 14:56 49ÿ536 cdrom.sys
2004-08-19 14:57 262ÿ528 cinemst2.sys
2004-08-19 14:56 49ÿ664 classpnp.sys
2004-08-19 14:57 11ÿ776 cpqdap01.sys
2004-08-19 15:07 40ÿ704 crusoe.sys
2003-11-19 01:15 128ÿ398 del200f.cty
2008-05-23 15:21 disdn
2004-08-19 14:57 36ÿ352 disk.sys
2004-08-19 14:57 14ÿ208 diskdump.sys
2004-08-19 14:57 800ÿ256 dmboot.sys
2004-08-19 14:57 154ÿ496 dmio.sys
2004-08-19 14:57 5ÿ888 dmload.sys
2004-08-03 22:07 52ÿ864 DMusic.sys
2004-08-03 22:08 60ÿ288 drmk.sys
2004-08-03 22:07 2ÿ944 drmkaud.sys
2004-08-19 14:57 10ÿ496 dxapi.sys
2004-08-19 14:57 71ÿ040 dxg.sys
2004-08-19 14:57 3ÿ328 dxgthk.sys
2004-02-10 14:49 154ÿ112 e100b325.sys
2009-11-05 23:37 etc
2004-08-19 14:57 143ÿ360 fastfat.sys
2004-08-19 14:57 27ÿ392 fdc.sys
2004-08-19 14:58 35ÿ072 fips.sys
2004-08-19 14:58 20ÿ480 flpydisk.sys
2006-08-21 04:14 128ÿ896 fltmgr.sys
2004-08-19 14:57 12ÿ416 fsvga.sys
2004-08-19 14:58 7ÿ936 fs_rec.sys
2004-08-19 14:58 126ÿ080 ftdisk.sys
2004-08-19 14:58 3ÿ440ÿ660 gm.dls
2004-08-19 14:58 646 gmreadme.txt
2004-08-19 14:58 36ÿ224 hidclass.sys
2004-08-19 14:58 24ÿ960 hidparse.sys
2003-11-17 14:59 212ÿ224 HSFHWBS2.sys
2003-11-17 14:58 680ÿ704 HSF_CNXT.sys
2003-11-17 14:56 1ÿ042ÿ432 HSF_DP.sys
2006-03-16 19:33 262ÿ784 http.sys
2004-08-19 14:58 54ÿ400 i8042prt.sys
2005-09-20 09:00 1ÿ302ÿ332 ialmnt5.sys
2004-08-19 14:58 41ÿ856 imapi.sys
2004-08-03 19:43 5ÿ504 intelide.sys
2004-08-19 14:58 40ÿ320 intelppm.sys
2004-08-19 14:58 29ÿ056 ip6fw.sys
2004-08-19 14:58 32ÿ896 ipfltdrv.sys
2004-08-19 14:58 20ÿ992 ipinip.sys
2004-09-29 17:28 134ÿ912 ipnat.sys
2004-08-19 14:58 74ÿ752 ipsec.sys
2004-08-19 14:58 11ÿ264 irenum.sys
2004-08-19 14:58 36ÿ224 isapnp.sys
2004-08-19 14:59 25ÿ216 kbdclass.sys
2006-06-14 03:47 172ÿ416 kmixer.sys
2004-08-03 22:15 140ÿ928 ks.sys
2004-08-19 14:59 92ÿ032 ksecdd.sys
2009-09-10 14:53 19ÿ160 mbam.sys
2009-09-10 14:54 38ÿ224 mbamswissarmy.sys
2004-08-19 14:59 7ÿ680 mcd.sys
2003-04-09 12:48 11ÿ043 mdmxsdk.sys
2004-08-19 15:07 63ÿ744 mf.sys
2004-08-19 15:00 4ÿ224 mnmdd.sys
2004-08-19 15:07 30ÿ336 modem.sys
2001-08-17 20:57 16ÿ128 MODEMCSA.sys
2004-08-19 15:07 23ÿ680 mouclass.sys
2004-08-19 15:00 42ÿ240 mountmgr.sys
2007-12-18 04:51 179ÿ584 mrxdav.sys
2006-05-05 04:41 453ÿ120 mrxsmb.sys
2004-08-19 15:01 19ÿ072 msfs.sys
2004-08-19 15:01 35ÿ072 msgpc.sys
2004-08-03 21:58 7ÿ552 MSKSSRV.sys
2004-08-03 21:58 5ÿ376 MSPCLOCK.sys
2004-08-03 21:58 4ÿ992 MSPQM.sys
2004-08-19 15:07 15ÿ488 mssmbios.sys
2004-08-19 15:02 107ÿ904 mup.sys
2004-08-19 15:02 182ÿ912 ndis.sys
2004-08-19 15:02 9ÿ600 ndistapi.sys
2004-08-19 15:07 12ÿ928 ndisuio.sys
2004-08-19 15:02 91ÿ776 ndiswan.sys
2004-08-19 15:02 38ÿ016 ndproxy.sys
2004-08-19 15:02 34ÿ560 netbios.sys
2004-08-19 15:02 162ÿ816 netbt.sys
2004-08-19 15:07 61ÿ824 nic1394.sys
2004-08-19 14:57 12ÿ032 nikedrv.sys
2004-08-19 15:02 40ÿ320 nmnt.sys
2004-08-19 15:03 30ÿ848 npfs.sys
2007-02-09 06:10 574ÿ464 ntfs.sys
2004-08-19 15:03 2ÿ944 null.sys
2004-08-19 15:03 12ÿ416 nwlnkflt.sys
2004-08-19 15:03 32ÿ512 nwlnkfwd.sys
2004-08-19 15:03 88ÿ448 nwlnkipx.sys
2004-08-19 15:03 63ÿ232 nwlnknb.sys
2004-08-19 15:03 55ÿ936 nwlnkspx.sys
2004-08-19 15:03 3ÿ456 oprghdlr.sys
2004-08-19 15:07 46ÿ720 p3.sys
2004-08-19 15:07 80ÿ384 parport.sys
2004-08-19 15:03 18ÿ688 partmgr.sys
2004-08-19 15:03 6ÿ912 parvdm.sys
2004-08-19 15:03 68ÿ608 pci.sys
2004-08-19 15:03 3ÿ328 pciide.sys
2004-08-19 15:03 25ÿ088 pciidex.sys
2004-08-19 15:03 120ÿ320 pcmcia.sys
2004-08-03 22:15 145ÿ792 portcls.sys
2004-08-19 15:07 39ÿ552 processr.sys
2004-08-19 15:04 69ÿ120 psched.sys
2004-08-19 15:04 17ÿ792 ptilink.sys
2008-07-23 11:50 43ÿ528 PxHelp20.sys
2009-03-06 17:59 15ÿ172 PzWDM.sys
2004-08-19 15:04 8ÿ832 rasacd.sys
2004-08-19 15:04 51ÿ328 rasl2tp.sys
2004-08-19 15:04 41ÿ472 raspppoe.sys
2004-08-19 15:04 48ÿ384 raspptp.sys
2004-08-19 15:04 16ÿ512 raspti.sys
2004-08-19 15:04 34ÿ432 rawwan.sys
2006-05-05 04:47 174ÿ592 rdbss.sys
2004-08-19 15:04 4ÿ224 rdpcdd.sys
2004-08-03 22:01 196ÿ864 rdpdr.sys
2005-06-09 23:11 139ÿ528 rdpwd.sys
2004-08-03 19:39 58ÿ496 redbook.sys
2004-08-19 14:57 12ÿ032 rio8drv.sys
2004-08-19 14:57 12ÿ032 riodrv.sys
2006-07-13 03:48 202ÿ240 rmcast.sys
2004-08-19 15:04 30ÿ080 rndismp.sys
2004-08-19 15:05 5ÿ888 rootmdm.sys
2004-08-19 15:05 96ÿ256 scsiport.sys
2004-08-19 15:05 67ÿ584 sdbus.sys
2007-11-13 05:25 20ÿ480 secdrv.sys
2004-09-17 08:02 732ÿ928 senfilt.sys
2004-08-19 15:05 15ÿ488 serenum.sys
2004-08-19 15:05 66ÿ560 serial.sys
2004-08-19 15:05 11ÿ136 sffdisk.sys
2004-08-19 15:05 10ÿ240 sffp_sd.sys
2004-08-19 15:05 11ÿ392 sfloppy.sys
2004-08-19 15:06 14ÿ592 smclib.sys
2005-01-27 14:31 260ÿ352 smwdm.sys
2004-08-19 15:07 25ÿ472 sonydcam.sys
2006-06-14 03:47 6ÿ400 splitter.sys
2004-08-19 15:07 73ÿ600 sr.sys
2006-08-14 05:34 332ÿ928 srv.sys
2004-08-03 22:08 48ÿ640 stream.sys
2004-08-19 15:07 4ÿ352 swenum.sys
2001-08-17 21:00 54ÿ272 swmidi.sys
2004-08-03 22:15 60ÿ800 sysaudio.sys
2004-08-19 15:08 14ÿ976 tape.sys
2007-10-30 12:20 360ÿ064 tcpip.sys
2006-08-16 04:37 225ÿ664 tcpip6.sys
2004-08-19 15:08 18ÿ560 tdi.sys
2004-08-19 15:08 12ÿ040 tdpipe.sys
2004-08-19 15:08 21ÿ896 tdtcp.sys
2004-08-03 23:55 40ÿ840 termdd.sys
2004-08-19 14:57 51ÿ712 tosdvd.sys
2004-08-19 14:57 21ÿ376 tsbvcap.sys
2004-08-19 15:07 12ÿ416 tunmp.sys
2004-08-19 15:08 66ÿ176 udfs.sys
2007-04-23 05:32 364ÿ160 update.sys
2004-08-19 15:09 12ÿ672 usb8023.sys
2004-08-19 14:57 23ÿ808 usbcamd.sys
2004-08-19 14:57 23ÿ936 usbcamd2.sys
2004-08-03 22:08 31ÿ616 usbccgp.sys
2004-08-19 15:09 4ÿ736 usbd.sys
2004-08-19 15:09 26ÿ624 usbehci.sys
2004-08-19 15:09 57ÿ600 usbhub.sys
2004-08-19 15:07 16ÿ000 usbintel.sys
2004-08-19 15:09 142ÿ976 usbport.sys
2004-08-03 22:01 25ÿ856 usbprint.sys
2004-08-03 22:58 15ÿ104 usbscan.sys
2004-08-03 22:08 26ÿ496 USBSTOR.SYS
2004-08-19 15:09 20ÿ480 usbuhci.sys
2004-08-19 14:57 58ÿ112 vdmindvd.sys
2004-08-19 15:09 20ÿ992 vga.sys
2004-08-19 15:09 79ÿ744 videoprt.sys
2004-08-19 15:09 53ÿ376 volsnap.sys
2004-08-19 15:09 34ÿ560 wanarp.sys
2006-06-14 04:00 82ÿ944 wdmaud.sys
2004-08-19 15:11 4ÿ352 wmilib.sys
2004-08-19 15:12 12ÿ032 ws2ifsl.sys
198 fichier(s) 20ÿ365ÿ339 octets

R‚pertoire de C:\Windows\System32\Drivers\disdn

2008-05-23 15:21 .
2008-05-23 15:21 ..
0 fichier(s) 0 octets

R‚pertoire de C:\Windows\System32\Drivers\etc

2009-11-05 23:37 .
2009-11-05 23:37 ..
2009-11-05 23:37 21 hosts
2004-08-19 14:59 4ÿ251 lmhosts.sam
2004-08-19 15:02 457 networks
2004-08-19 15:04 904 protocol
2004-08-19 15:05 7ÿ445 services
5 fichier(s) 13ÿ078 octets

Total des fichiers list‚sÿ:
203 fichier(s) 20ÿ378ÿ417 octets
8 R‚p(s) 61ÿ368ÿ430ÿ592 octets libres


***********************Hidden Drivers********************
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est B88F-3952

R‚pertoire de C:\Windows\System32\Drivers



*********************Processes*******************







******************************************
EOF

Something is hiding...

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

ok... I've done everything.... when I finished the scan it said: NO THREATS DETECTED

here is the log:

Scan
----
Scanned: 163926
Detected: 0
Untreated: 0
Start time: 2009-11-06 21:50:09
Duration: 00:57:25
Finish time: 2009-11-06 22:47:34


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
2009-11-06 21:51:48 Running module: smss.exe\smss.exe ok sc

Please post a new HijackThis log.

Hi,
now the popups and alerts are gone. some things on my screen have changed (like the color of my toolbar at the bottom... use to be blue now it's grey, the icons in my ''START'' menu use to be big now they're small, and the writing is much bigger than before but honestly I don't really care about that.... if I can have a fonctional computer I'll be more than happy).

so here is my new HijackThis log:

anything else I have to do or does it mean the virus is gone?

Thank you so much for everything!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:08, on 2009-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.distributel.net/distributel-portail_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.distributel.net/distributel-portail_fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Distributel
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Distributel Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [sodgqceg] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\elycmj\vrjosysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CD-MENU.LNK = D:\AutoMenu.exe
O4 - Startup: is-9J9JL.lnk = ?
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212721323906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213654569360&h=cbc540f20c614ebed7ea77b3d73ca8e8/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 8687 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Distributel Web Accelerator\components\NOWImaging.dll (file missing)
  O4 - HKCU\..\Run: [sodgqceg] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\elycmj\vrjosysguard.exe
  O4 - Startup: CD-MENU.LNK = D:\AutoMenu.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Hi,
ok I did the scan.... when the MBAM scan finished it said:

'' certain items could not be removed! the first few are listed below. All items that could not be removed have been added to the delete on reboot list. Please restart your computer now. A Logfile was saved to the log folder.

c:\ProgramFiles\WindowsLive\msimg32.dll



Here is my MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 5.1.2600 Service Pack 2

2009-11-08 18:50:40
mbam-log-2009-11-08 (18-50-40).txt

Scan type: Quick Scan
Objects scanned: 102081
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

here are my DDS LOGS:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Propri‚taire at 22:11:36,90 on 2009-11-08
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.254.88 [GMT -5:00]

AV: avast! antivirus 4.8.1201 [VPS 091108-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Propriétaire\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Distributel
uDefault_Page_URL = hxxp://www.distributel.net/distributel-portail_fr.htm
uDefault_Search_URL = hxxp://www.distributel.net/distributel-portail_fr
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.distributel.net/distributel-portail_fr.htm
mDefault_Search_URL = hxxp://www.distributel.net/distributel-portail_fr
mStart Page = hxxp://www.distributel.net/distributel-portail_fr.htm
mWindow Title = Distributel
mSearch Bar = hxxp://www.distributel.net/distributel-portail_fr
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeUpdater] c:\program files\fichiers communs\adobe\updater5\AdobeUpdater.exe
mRun: [UIUCU] c:\docume~1\propri~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mediac~1.lnk - c:\program files\hotalbummybox\MediaChecker.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212721323906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213654569360&h=cbc540f20c614ebed7ea77b3d73ca8e8/&filename=jinstall-6u6-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\fichiers communs\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\propri~1\applic~1\mozilla\firefox\profiles\t5zmc8mc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-3-6 15172]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-24 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-24 20560]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\propriétaire\bureau\sysprot\sysprot\SysProtDrv.sys [2009-11-6 44288]

=============== Created Last 30 ================

2009-11-07 22:31:52 16196 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-07 22:31:52 1290272 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-06 22:44:21 0 d-----w- c:\docume~1\propri~1\applic~1\DriverCure
2009-11-06 22:44:06 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-11-06 22:44:06 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverCure
2009-11-04 01:59:06 0 d-----w- c:\docume~1\propri~1\applic~1\Malwarebytes
2009-11-04 01:58:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 01:58:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 01:58:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-04 01:58:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 23:45:36 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-11-09 03:02:59 4456448 ---ha-w- c:\documents and settings\propriétaire\NTUSER.DAT
2009-11-01 22:31:28 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-01 22:31:28 367658 ----a-w- c:\windows\system32\perfh00C.dat

============= FINISH: 22:12:33,32 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Édition familiale
Boot Device: \Device\HarddiskVolume2
Install Date: 2008-05-23 20:41:15
System Uptime: 2009-11-08 22:02:18 (0 hours ago)

Motherboard: Dell Computer Corp. | | 0F8403
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2394/533mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 74 GiB total, 56,931 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP425: 2009-08-06 21:56:06 - Point de vérification système
RP426: 2009-08-07 22:28:55 - Point de vérification système
RP427: 2009-08-08 23:26:35 - Point de vérification système
RP428: 2009-08-10 00:01:54 - Point de vérification système
RP429: 2009-08-11 19:37:08 - Point de vérification système
RP430: 2009-08-12 20:18:32 - Point de vérification système
RP431: 2009-08-13 20:26:32 - Point de vérification système
RP432: 2009-08-22 10:52:41 - Point de vérification système
RP433: 2009-08-29 15:26:50 - Point de vérification système
RP434: 2009-08-30 16:01:02 - Point de vérification système
RP435: 2009-08-31 16:15:05 - Point de vérification système
RP436: 2009-09-01 17:19:42 - Point de vérification système
RP437: 2009-09-02 18:06:22 - Point de vérification système
RP438: 2009-09-03 18:34:48 - Point de vérification système
RP439: 2009-09-04 21:23:57 - Point de vérification système
RP440: 2009-09-05 22:26:59 - Point de vérification système
RP441: 2009-09-06 23:45:16 - Point de vérification système
RP442: 2009-09-08 00:32:13 - Point de vérification système
RP443: 2009-09-09 01:16:08 - Point de vérification système
RP444: 2009-09-10 02:15:01 - Point de vérification système
RP445: 2009-09-11 03:14:58 - Point de vérification système
RP446: 2009-09-12 17:19:46 - Point de vérification système
RP447: 2009-09-13 19:52:21 - Point de vérification système
RP448: 2009-09-14 20:24:24 - Point de vérification système
RP449: 2009-09-15 21:35:00 - Point de vérification système
RP450: 2009-09-16 22:13:33 - Point de vérification système
RP451: 2009-09-18 02:04:07 - Point de vérification système
RP452: 2009-09-19 08:12:46 - Point de vérification système
RP453: 2009-09-20 08:45:15 - Point de vérification système
RP454: 2009-09-21 09:04:32 - Point de vérification système
RP455: 2009-09-22 09:45:11 - Point de vérification système
RP456: 2009-09-23 11:18:32 - Point de vérification système
RP457: 2009-09-24 11:55:16 - Point de vérification système
RP458: 2009-09-25 12:56:25 - Point de vérification système
RP459: 2009-09-26 13:55:16 - Point de vérification système
RP460: 2009-09-27 14:55:17 - Point de vérification système
RP461: 2009-09-28 15:31:36 - Point de vérification système
RP462: 2009-09-29 15:56:25 - Point de vérification système
RP463: 2009-09-30 16:55:20 - Point de vérification système
RP464: 2009-10-01 17:04:33 - Point de vérification système
RP465: 2009-10-02 18:04:32 - Point de vérification système
RP466: 2009-10-03 18:05:36 - Point de vérification système
RP467: 2009-10-04 18:10:30 - Point de vérification système
RP468: 2009-10-05 19:04:35 - Point de vérification système
RP469: 2009-10-06 19:05:41 - Point de vérification système
RP470: 2009-10-07 20:05:28 - Point de vérification système
RP471: 2009-10-08 21:21:33 - Point de vérification système
RP472: 2009-10-09 21:43:24 - Point de vérification système
RP473: 2009-10-10 21:58:48 - Point de vérification système
RP474: 2009-10-11 23:02:16 - Point de vérification système
RP475: 2009-10-12 23:58:48 - Point de vérification système
RP476: 2009-10-14 00:47:21 - Point de vérification système
RP477: 2009-10-15 01:47:17 - Point de vérification système
RP478: 2009-10-16 09:05:27 - Point de vérification système
RP479: 2009-10-17 09:27:27 - Point de vérification système
RP480: 2009-10-18 10:27:27 - Point de vérification système
RP481: 2009-10-19 10:28:33 - Point de vérification système
RP482: 2009-10-20 11:27:27 - Point de vérification système
RP483: 2009-10-21 11:28:32 - Point de vérification système
RP484: 2009-10-22 12:27:23 - Point de vérification système
RP485: 2009-10-23 14:15:31 - Point de vérification système
RP486: 2009-10-24 14:27:25 - Point de vérification système
RP487: 2009-10-25 15:27:26 - Point de vérification système
RP488: 2009-10-26 16:27:29 - Point de vérification système
RP489: 2009-10-27 17:20:55 - Point de vérification système
RP490: 2009-10-28 17:50:49 - Point de vérification système
RP491: 2009-10-29 17:52:50 - Point de vérification système
RP492: 2009-10-30 20:05:01 - Point de vérification système
RP493: 2009-11-01 19:03:40 - Point de vérification système
RP494: 2009-11-02 19:32:09 - Point de vérification système
RP495: 2009-11-03 22:52:38 - Point de vérification système
RP496: 2009-11-08 19:19:47 - Point de vérification système

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2 - Français
µTorrent
AutoUpdate
avast! Antivirus
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Choice Guard
Conexant D850 56K V.9x DFVc Modem
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB914440)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
DivX Codec
DivX Converter
DivX Player
DivX Web Player
getPlus(R)_ocx
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HOT ALBUM MYBOX
Hotfix for Windows XP (KB915865)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 6
Junk Mail filter update
LimeWire Music
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB941693)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944338)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB945553)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour de sécurité pour Windows XP (KB947864)
Mise à jour de sécurité pour Windows XP (KB948590)
Mise à jour de sécurité pour Windows XP (KB948881)
Mise à jour de sécurité pour Windows XP (KB950749)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB932823-v3)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Mozilla Firefox (1.5)
MSVCRT
RealPlayer
Segoe UI
SolveigMM WMP Trimmer Plugin
SoundMAX
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool

==== Event Viewer Messages From Past Week ========

2009-11-06 23:57:08, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-11-06 23:56:48, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-11-06 23:49:30, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2009-11-06 23:49:25, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2009-11-06 22:44:57, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-11-06 22:44:31, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Aavmker4 aswSP Fips intelppm
2009-11-06 22:43:18, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-11-06 22:40:09, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service avast! Mail Scanner.
2009-11-06 22:40:09, error: Service Control Manager [7000] - Le service avast! Mail Scanner n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
2009-11-06 22:37:36, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-11-06 22:36:13, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2009-11-06 22:36:13, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
2009-11-06 22:36:13, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
2009-11-06 22:36:13, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
2009-11-06 22:36:13, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
2009-11-06 22:35:34, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2009-11-06 22:35:25, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-11-06 18:34:53, error: Service Control Manager [7000] - Le service SysProtDrv.sys n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable.
2009-11-06 18:34:52, error: Service Control Manager [7000] - Le service SysProtDrv.sys n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable.
2009-11-06 18:31:11, error: Service Control Manager [7000] - Le service SysProtDrv.sys n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable.
2009-11-06 18:31:11, error: Service Control Manager [7000] - Le service SysProtDrv.sys n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable.
2009-11-03 21:44:05, error: Service Control Manager [7034] - Le service avast! Web Scanner s'est terminé de façon inattendue pour la 1ème fois.
2009-11-03 21:43:11, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service avast! Web Scanner.
2009-11-03 21:43:11, error: Service Control Manager [7000] - Le service avast! Web Scanner n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
2009-11-03 21:42:40, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service avast! Web Scanner.
2009-11-03 21:42:40, error: Service Control Manager [7000] - Le service avast! Web Scanner n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
2009-11-03 21:41:51, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service avast! Web Scanner.
2009-11-03 21:41:51, error: Service Control Manager [7000] - Le service avast! Web Scanner n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
2009-11-03 21:41:16, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service avast! Web Scanner.
2009-11-03 21:41:16, error: Service Control Manager [7000] - Le service avast! Web Scanner n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
2009-11-03 20:14:00, error: Service Control Manager [7031] - Le service Appel de procédure distante (RPC) s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer l'ordinateur.

==== End Of File ===========================

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

µTorrent
Java(TM) 6 Update 6
LimeWire Music
Mozilla Firefox (1.5)

How is the machine now?

the machine seems back to normal... thank you SO MUCH!!!

Thank you again... I am now a fan on facebook and will definately pass on the word about you guys to all my friends.

GeekPolice... YOU ARE GREAT!!! Thank you

Everything is fine except 1 little thingy...

I had a box apear (twice since yesterday and it doesn't stop me from doing anything) it says something like ( I'm translating from from to english because everything on my computer is french) :

RUNDLL
loading error of C:\ProgramFiles\FichiersCommun\ParetoLogic\UUS2\UUS.dll
The Modifies module cannot be found



and then I press ok and everything goes back to normal.

I was not doing anything on my computer when it appeared... My MSN was open but I was not at my desk.

Thank you AGAIN for your help.