Hi, I hope someone can help me with Trojan. The problem started last week when I noticed programs not responding quickly, eventually not at all. I kept getting connection not available for some web pages. Antivir stopped responding, Superantispyware would not update and stopped opening. Defender popped up with severe threat warnings.

I scanned Spybot, Malwarebyte, Defender, Superantispyware a couple times with each one. Sometimes they would find something, sometimes they did not. When they did find something it was catagorized as;
Trojan.DNSChanger or
Trojan.Agent/gen.FakeAlert

By Wednesday last week I couldn't download any security updates or follow most of DAL links to any help. I was able to load and run a Combofix on thurs. After that I got web pages and response to links back.

Here is the Malwarebyte log
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/23/2010 10:27:16 PM
mbam-log-2010-06-23 (22-27-16).txt

Scan type: Quick scan
Objects scanned: 149175
Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.54,93.188.161.184 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{c0e0cd61-ffe2-46e4-8baa-7a76e96c3d31}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.54,93.188.161.184 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is a Combofix log,
ComboFix 10-06-25.02 - Noel 06/26/2010 1:18.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1823 [GMT -4:00]
Running from: c:\documents and settings\Noel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-25 02:17 . 2010-06-25 02:17 42624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 01:52 . 2010-06-25 01:52 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-25 01:40 . 2010-06-25 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-24 23:35 . 2010-06-24 23:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-24 23:30 . 2010-06-24 23:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-24 21:28 . 2010-06-24 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-14 17:36 . 2010-06-14 17:36 323716 ----a-w- c:\documents and settings\Logan\Application Data\InstallShield\Professional\RunTime\10\50\Inte l32\setup.dll
2010-06-14 17:36 . 2010-06-14 17:36 192644 ----a-w- c:\documents and settings\Logan\Application Data\InstallShield\Professional\RunTime\10\50\Inte l32\iGdi.dll
2010-06-14 17:36 . 2010-06-14 17:36 -------- d-----w- c:\documents and settings\Logan\Application Data\InstallShield
2010-06-12 15:58 . 2010-06-13 21:54 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-12 15:58 . 2010-06-12 15:58 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-06-08 22:14 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-05 05:14 . 2010-06-05 05:14 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-05-30 17:06 . 2010-05-30 19:33 120 ----a-w- c:\documents and settings\Griffen\Local Settings\Application Data\Qnoyuqejakokupu.dat
2010-05-30 17:06 . 2010-05-30 17:06 0 ----a-w- c:\documents and settings\Griffen\Local Settings\Application Data\Tqeba.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-25 21:14 . 2010-05-14 13:55 63488 ----a-w- c:\documents and settings\Noel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-25 21:14 . 2009-05-01 02:17 117760 ----a-w- c:\documents and settings\Noel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-25 01:41 . 2007-11-26 22:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-25 01:39 . 2007-11-26 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-24 02:07 . 2008-03-12 01:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 02:07 . 2008-02-14 01:50 -------- d-----w- c:\program files\SpywareBlaster
2010-06-22 23:56 . 2005-01-16 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-16 01:00 . 2009-11-10 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-14 14:29 . 2010-05-26 20:12 120 ----a-w- c:\documents and settings\Logan\Local Settings\Application Data\Qnoyuqejakokupu.dat
2010-06-14 14:29 . 2010-05-26 20:12 0 ----a-w- c:\documents and settings\Logan\Local Settings\Application Data\Tqeba.bin
2010-06-13 23:52 . 2010-05-26 01:41 120 ----a-w- c:\windows\Qnoyuqejakokupu.dat
2010-06-13 21:53 . 2009-04-10 23:31 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-12 01:49 . 2010-05-26 01:41 0 ----a-w- c:\windows\Tqeba.bin
2010-06-11 02:43 . 2010-05-15 23:12 43 ----a-w- c:\documents and settings\Owner\jagex__preferences3.dat
2010-06-11 02:43 . 2009-10-03 15:57 45 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-11 02:30 . 2009-10-03 15:57 87 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-05 11:34 . 2008-08-10 02:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 22:34 . 2009-10-04 04:48 42 ----a-w- c:\documents and settings\Griffen\jagex_runescape_preferences.dat
2010-05-30 22:25 . 2009-10-04 04:49 87 ----a-w- c:\documents and settings\Griffen\jagex_runescape_preferences2.dat
2010-05-26 01:39 . 2010-05-26 01:39 16 ----a-w- c:\documents and settings\Owner\Application Data\vqdlkr.dat
2010-05-22 19:03 . 2006-05-07 22:19 42624 -c--a-w- c:\documents and settings\Isabel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-22 01:42 . 2010-05-22 01:42 0 ----a-w- c:\documents and settings\Griffen\jagex__preferences3.dat
2010-05-21 18:14 . 2009-10-03 13:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 22:32 . 2009-10-15 22:49 75 ----a-w- c:\documents and settings\Logan\jagex_runescape_preferences2.dat
2010-05-16 22:31 . 2009-10-15 22:49 42 ----a-w- c:\documents and settings\Logan\jagex_runescape_preferences.dat
2010-05-16 22:30 . 2010-05-16 22:30 0 ----a-w- c:\documents and settings\Logan\jagex__preferences3.dat
2010-05-06 10:41 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 22:46 . 2010-05-05 22:45 -------- d-----w- c:\program files\iTunes
2010-05-05 22:45 . 2010-05-05 22:45 -------- d-----w- c:\program files\iPod
2010-05-05 22:45 . 2010-04-17 21:17 -------- d-----w- c:\program files\Common Files\Apple
2010-05-05 22:40 . 2007-11-02 03:05 -------- d-----w- c:\program files\Bonjour
2010-05-05 22:39 . 2010-05-05 22:39 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2002-09-03 17:11 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:25 . 2010-04-29 22:25 -------- d-----w- c:\documents and settings\Griffen\Application Data\Apple Computer
2010-04-29 19:39 . 2009-11-10 03:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-10 03:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-09-03 16:27 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 20:38 . 2010-04-17 20:38 3584 ----a-r- c:\documents and settings\Noel\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-17 00:16 . 2010-04-17 00:16 13107200 ----a-w- c:\documents and settings\Griffen\Application Data\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardGr aphicalClient.exe
2010-04-17 00:16 . 2010-04-17 00:16 13107200 ----a-w- c:\documents and settings\Griffen\Application Data\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardGr aphicalClient.exe
2010-04-11 02:39 . 2010-04-11 02:40 555520 ------w- c:\documents and settings\Griffen\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\ISSetup.dll
2010-04-11 02:39 . 2010-04-11 02:40 393216 ----a-w- c:\documents and settings\Griffen\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
2010-04-11 02:39 . 2010-04-11 02:40 148792 ----a-w- c:\documents and settings\Griffen\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\_Setup.dll
2010-04-09 20:14 . 2006-08-14 22:11 42624 ----a-w- c:\documents and settings\Griffen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 21:23 . 2006-05-07 22:18 42624 ----a-w- c:\documents and settings\Logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-11-20 21:09 . 2009-11-20 21:09 812344 ----a-w- c:\program files\HJTInstall.exe
2006-12-02 03:53 . 2007-09-12 01:02 1663036 ------w- c:\program files\LineRider_beta.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-25_02.29.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-03 16:51 . 2010-06-09 07:07 71176 c:\windows\system32\perfc009.dat
+ 2002-09-03 16:51 . 2010-06-25 02:48 71176 c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbsc mp20_mscorlib.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfco unter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorw ks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_util s.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.ente rpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data .dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.conf iguration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dl l
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dl l
+ 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.j script.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreade r.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-25 02:51 . 2010-06-25 02:51 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationProvider\ea1b4fbde0e772748c6ac42d627cf684 \UIAutomationProvider.ni.dll
+ 2010-06-26 00:44 . 2010-06-26 00:44 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18 \System.Windows.Presentation.ni.dll
+ 2010-06-25 02:50 . 2010-06-25 02:50 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFontCac#\18729514178d458aa1225dd068718d4e \PresentationFontCache.ni.exe
+ 2010-06-25 02:50 . 2010-06-25 02:50 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d \PresentationCFFRasterizer.ni.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
- 2010-06-09 07:06 . 2010-06-09 07:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
- 2010-06-09 07:07 . 2010-06-09 07:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-09 07:07 . 2010-06-09 07:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2002-09-03 16:52 . 2010-06-25 02:48 441432 c:\windows\system32\perfh009.dat
- 2002-09-03 16:52 . 2010-06-09 07:07 441432 c:\windows\system32\perfh009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationHostDLL.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae \WindowsFormsIntegration.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClient\4131a3627fec69291dbaed236f30dc65\U IAutomationClient.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\a10c2c7e38291c3ada631ad13e762818 \PresentationFramework.Aero.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\7579c76fa81eb309d3170b62467be58d \PresentationFramework.Luna.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\3bef0992fb684e71dbfab5c0a99316af \PresentationFramework.Classic.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\2f6687d394813d760496f60acf046384 \PresentationFramework.Royale.ni.dll
+ 2010-06-26 00:42 . 2010-06-26 00:42 657408 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Wte.Serv#\b5686e776d3dfa8520accda355900fd7 \Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
+ 2010-06-25 02:47 . 2010-06-25 02:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
+ 2010-06-25 02:47 . 2010-06-25 02:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
+ 2010-06-25 02:48 . 2010-06-25 02:48 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-25 02:48 . 2010-06-25 02:48 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
+ 2010-06-25 02:47 . 2010-06-25 02:47 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
+ 2010-06-25 02:47 . 2010-06-25 02:47 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
- 2010-06-09 07:07 . 2010-06-09 07:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
- 2010-06-09 07:07 . 2010-06-09 07:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
- 2010-06-09 07:06 . 2010-06-09 07:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
+ 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\59fbb.msp
+ 2010-06-25 02:50 . 2010-06-25 02:50 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsB ase.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClients#\d8549ce90b26cdc3071224ab6f020189 \UIAutomationClientsideProviders.ni.dll
+ 2010-06-26 00:42 . 2010-06-26 00:42 4160000 c:\windows\assembly\NativeImages_v2.0.50727_32\tta x\ac7ea8e4c39f921832a03706a32f0025\ttax.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Printing\af217ef58e5558991f331d482c2bdba6\Syst em.Printing.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Rea chFramework\57abb757c1f38586390dcc63bf056322\Reach Framework.ni.dll
+ 2010-06-25 02:51 . 2010-06-25 02:51 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationUI\0095ba60255d4addaf5b8ebee697a027\Prese ntationUI.ni.dll
+ 2010-06-26 00:43 . 2010-06-26 00:43 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Map\3e16b6de6ddd9ccdd78fff8fa7914210\Intui t.Ctg.Map.ni.dll
+ 2010-06-25 02:49 . 2010-06-25 02:49 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__ 31bf3856ad364e35\WindowsBase.dll
+ 2010-06-25 02:48 . 2010-06-25 02:48 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
+ 2010-06-25 02:48 . 2010-06-25 02:48 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-25 02:49 . 2010-06-25 02:49 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework \3.0.0.0__31bf3856ad364e35\PresentationFramework.d ll
+ 2010-06-25 02:47 . 2010-06-25 02:47 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
- 2010-06-09 07:06 . 2010-06-09 07:06 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
+ 2010-06-25 02:48 . 2010-06-25 02:48 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
- 2009-04-10 23:14 . 2009-04-10 23:14 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0. 0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-25 02:49 . 2010-06-25 02:49 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0. 0__31bf3856ad364e35\PresentationCore.dll
- 2010-06-09 07:07 . 2010-06-09 07:07 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
+ 2010-06-25 02:47 . 2010-06-25 02:47 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
+ 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\59fc9.msp
+ 2010-06-25 02:51 . 2010-06-25 02:51 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\560662ada034afb6ec78a152bd9a47b5 \PresentationFramework.ni.dll
+ 2010-06-25 02:50 . 2010-06-25 02:50 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\Pre sentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Owner\Start Menu\Programs\Startup\~Disabled
Cuyahoga County Tray App.lnk - c:\program files\PermissionTV\bin\dmtray.exe [2009-7-23 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\~Disabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??G ? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??G ? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 20:28 684032 -c----w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ------w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 09:01 135264 ------w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 -c----w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 16:06 11776 -c----w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 16:06 110592 -c----w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"UserAccess7"=2 (0x2)
"TabletServicePen"=2 (0x2)
"sprtsvc_medicsp2"=2 (0x2)
"ScsiAccess"=2 (0x2)
"PermissionTVDownloadManager"=2 (0x2)
"LightScribeService"=2 (0x2)
"LexBceS"=2 (0x2)
"KodakCCS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPodService"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Civilization4.exe"=
"f:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58007:TCP"= 58007:TCP:Pando Media Booster
"58007:UDP"= 58007:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 7:01 PM 135664]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:\windows\system32\drivers\atinttxx. sys [8/4/2004 1:29 AM 13824]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/9/2009 9:13 PM 108289]
S4 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\PERMIS~1\bin\dm.exe [7/23/2009 9:37 PM 213053]
S4 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [8/20/2007 7:27 PM 202280]
S4 TabletServicePen;TabletServicePen;c:\windows\syste m32\Pen_Tablet.exe [11/29/2008 11:48 PM 1373480]

--- Other Services/Drivers In Memory ---

*Deregistered* - ugpcrfow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-21 c:\windows\Tasks\book.job
- c:\windows\system32\ntbackup.exe [2001-08-18 02:36]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 23:01]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 23:01]

2010-06-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-06-17 c:\windows\Tasks\Windows Defender.job
- c:\progra~1\WINDOW~4\MSASCui.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: d-a-l.com
Trusted Zone: download.com
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: turbotax.com
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} - hxxp://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-26 01:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\�•€|ÿÿÿÿ"•€|ù•Ôw*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Progra m Files\\Alias\\Maya7.0\\presets\\Ashli\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3432)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-26 01:27:35
ComboFix-quarantined-files.txt 2010-06-26 05:27
ComboFix2.txt 2010-06-25 02:33
ComboFix3.txt 2009-11-23 01:00

Pre-Run: 31,512,408,064 bytes free
Post-Run: 31,486,308,352 bytes free

- - End Of File - - E2A6B997D529CFD99D4EA404DC9B5534

Thanks everyone

Also here is a Kaspersky scan log;
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 26, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, June 26, 2010 14:45:36
Records in database: 4292236


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics
Objects scanned 214547
Threats found 1
Infected objects found 0
Suspicious objects found 5
Scan duration 05:43:51

File name Threat Threats count
C:\Documents and Settings\Noel\Local Settings\Application Data\Identities\{059A97ED-67BC-4E05-B635-D9E229D0C38B}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 5

Selected area has been scanned.
Thank you

I can see, you ran Combofix twice over last couple of days.
I'd like to see C:\ComboFix2.txt log.

Also...

Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Hi Broni,
Thank you so much for responding. Yes, I've run Combofix twice. I was using another of your threads to try and tackle this myself. I can only find the one Combofix log. I can't seem to locate the temp files I thought they were saved in.

Here is a GMER log;
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-26 10:25:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Noel\LOCALS~1\Temp\ugpcrfow.sys


---- System - GMER 1.0.15 ----

SSDT F7A81966 ZwCreateKey
SSDT F7A8195C ZwCreateThread
SSDT F7A8196B ZwDeleteKey
SSDT F7A81975 ZwDeleteValueKey
SSDT F7A8197A ZwLoadKey
SSDT F7A81948 ZwOpenProcess
SSDT F7A8194D ZwOpenThread
SSDT F7A81984 ZwReplaceKey
SSDT F7A8197F ZwRestoreKey
SSDT F7A81970 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA8FE0620]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A6DA016D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A6D9FFC2

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 1 Byte [48]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB970B000, 0x198FE0, 0xE8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA68AB400, 0x5215E, 0xE0000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA6914820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA6914820]
.protectÿÿÿÿhardlockunknown last code section [0xA6914600, 0x54B9, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA6914600, 0x54B9, 0xE0000020]
? C:\DOCUME~1\Noel\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Noel\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000079 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000007a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000007b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000007c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- EOF - GMER 1.0.15 ----

Until I ran the Combo fix I could not download the GMER at all. It's from a couple nights ago, should I run it again?
Thank you,
Noel

It's from a couple nights ago, should I run it again?

This one is just fine.


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\documents and settings\Griffen\Local Settings\Application Data\Qnoyuqejakokupu.dat
c:\documents and settings\Griffen\Local Settings\Application Data\Tqeba.bin
c:\documents and settings\Logan\Local Settings\Application Data\Qnoyuqejakokupu.dat
c:\documents and settings\Logan\Local Settings\Application Data\Tqeba.bin
c:\windows\Qnoyuqejakokupu.dat
c:\windows\Tqeba.bin


Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-


RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|ù•Ôw*]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

Thanks Broni,
I have not been able to turn off Avira Antivir. How should I do that?

Here is the Combofix log;
ComboFix 10-06-27.03 - Noel 06/27/2010 20:34:52.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1828 [GMT -4:00]
Running from: c:\documents and settings\Noel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Noel\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Griffen\Local Settings\Application Data\Qnoyuqejakokupu.dat"
"c:\documents and settings\Griffen\Local Settings\Application Data\Tqeba.bin"
"c:\documents and settings\Logan\Local Settings\Application Data\Qnoyuqejakokupu.dat"
"c:\documents and settings\Logan\Local Settings\Application Data\Tqeba.bin"
"c:\windows\Qnoyuqejakokupu.dat"
"c:\windows\Tqeba.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Griffen\Local Settings\Application Data\Qnoyuqejakokupu.dat
c:\documents and settings\Griffen\Local Settings\Application Data\Tqeba.bin
c:\documents and settings\Logan\Local Settings\Application Data\Qnoyuqejakokupu.dat
c:\documents and settings\Logan\Local Settings\Application Data\Tqeba.bin
c:\windows\Qnoyuqejakokupu.dat
c:\windows\Tqeba.bin

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-25 02:17 . 2010-06-25 02:17 42624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 01:52 . 2010-06-25 01:52 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-25 01:40 . 2010-06-25 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-24 23:35 . 2010-06-24 23:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-24 23:30 . 2010-06-24 23:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-24 21:28 . 2010-06-24 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-14 17:36 . 2010-06-14 17:36 323716 ----a-w- c:\documents and settings\Logan\Application Data\InstallShield\Professional\RunTime\10\50\Inte l32\setup.dll
2010-06-14 17:36 . 2010-06-14 17:36 192644 ----a-w- c:\documents and settings\Logan\Application Data\InstallShield\Professional\RunTime\10\50\Inte l32\iGdi.dll
2010-06-14 17:36 . 2010-06-14 17:36 -------- d-----w- c:\documents and settings\Logan\Application Data\InstallShield
2010-06-12 15:58 . 2010-06-13 21:54 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-12 15:58 . 2010-06-12 15:58 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-06-08 22:14 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-05 05:14 . 2010-06-05 05:14 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-26 17:31 . 2005-01-16 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-25 21:14 . 2010-05-14 13:55 63488 ----a-w- c:\documents and settings\Noel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-25 21:14 . 2009-05-01 02:17 117760 ----a-w- c:\documents and settings\Noel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-25 01:41 . 2007-11-26 22:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-25 01:39 . 2007-11-26 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-24 02:07 . 2008-03-12 01:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 02:07 . 2008-02-14 01:50 -------- d-----w- c:\program files\SpywareBlaster
2010-06-16 01:00 . 2009-11-10 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-13 21:53 . 2009-04-10 23:31 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-11 02:43 . 2010-05-15 23:12 43 ----a-w- c:\documents and settings\Owner\jagex__preferences3.dat
2010-06-11 02:43 . 2009-10-03 15:57 45 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-11 02:30 . 2009-10-03 15:57 87 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-05 11:34 . 2008-08-10 02:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 22:34 . 2009-10-04 04:48 42 ----a-w- c:\documents and settings\Griffen\jagex_runescape_preferences.dat
2010-05-30 22:25 . 2009-10-04 04:49 87 ----a-w- c:\documents and settings\Griffen\jagex_runescape_preferences2.dat
2010-05-26 01:39 . 2010-05-26 01:39 16 ----a-w- c:\documents and settings\Owner\Application Data\vqdlkr.dat
2010-05-22 19:03 . 2006-05-07 22:19 42624 -c--a-w- c:\documents and settings\Isabel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-22 01:42 . 2010-05-22 01:42 0 ----a-w- c:\documents and settings\Griffen\jagex__preferences3.dat
2010-05-21 18:14 . 2009-10-03 13:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 22:32 . 2009-10-15 22:49 75 ----a-w- c:\documents and settings\Logan\jagex_runescape_preferences2.dat
2010-05-16 22:31 . 2009-10-15 22:49 42 ----a-w- c:\documents and settings\Logan\jagex_runescape_preferences.dat
2010-05-16 22:30 . 2010-05-16 22:30 0 ----a-w- c:\documents and settings\Logan\jagex__preferences3.dat
2010-05-06 10:41 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 22:46 . 2010-05-05 22:45 -------- d-----w- c:\program files\iTunes
2010-05-05 22:45 . 2010-05-05 22:45 -------- d-----w- c:\program files\iPod
2010-05-05 22:45 . 2010-04-17 21:17 -------- d-----w- c:\program files\Common Files\Apple
2010-05-05 22:40 . 2007-11-02 03:05 -------- d-----w- c:\program files\Bonjour
2010-05-05 22:39 . 2010-05-05 22:39 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2002-09-03 17:11 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:25 . 2010-04-29 22:25 -------- d-----w- c:\documents and settings\Griffen\Application Data\Apple Computer
2010-04-29 19:39 . 2009-11-10 03:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-10 03:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-09-03 16:27 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 20:38 . 2010-04-17 20:38 3584 ----a-r- c:\documents and settings\Noel\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-17 00:16 . 2010-04-17 00:16 13107200 ----a-w- c:\documents and settings\Griffen\Application Data\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardGr aphicalClient.exe
2010-04-17 00:16 . 2010-04-17 00:16 13107200 ----a-w- c:\documents and settings\Griffen\Application Data\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardGr aphicalClient.exe
2010-04-11 02:39 . 2010-04-11 02:40 555520 ------w- c:\documents and settings\Griffen\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\ISSetup.dll
2010-04-11 02:39 . 2010-04-11 02:40 393216 ----a-w- c:\documents and settings\Griffen\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
2010-04-11 02:39 . 2010-04-11 02:40 148792 ----a-w- c:\documents and settings\Griffen\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\_Setup.dll
2010-04-09 20:14 . 2006-08-14 22:11 42624 ----a-w- c:\documents and settings\Griffen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 21:23 . 2006-05-07 22:18 42624 ----a-w- c:\documents and settings\Logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-11-20 21:09 . 2009-11-20 21:09 812344 ----a-w- c:\program files\HJTInstall.exe
2006-12-02 03:53 . 2007-09-12 01:02 1663036 ------w- c:\program files\LineRider_beta.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Owner\Start Menu\Programs\Startup\~Disabled
Cuyahoga County Tray App.lnk - c:\program files\PermissionTV\bin\dmtray.exe [2009-7-23 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\~Disabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 20:28 684032 -c----w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ------w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 09:01 135264 ------w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 -c----w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 16:06 11776 -c----w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 16:06 110592 -c----w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UserAccess7"=2 (0x2)
"TabletServicePen"=2 (0x2)
"sprtsvc_medicsp2"=2 (0x2)
"ScsiAccess"=2 (0x2)
"PermissionTVDownloadManager"=2 (0x2)
"LightScribeService"=2 (0x2)
"LexBceS"=2 (0x2)
"KodakCCS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPodService"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Civilization4.exe"=
"f:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58007:TCP"= 58007:TCP:Pando Media Booster
"58007:UDP"= 58007:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 7:01 PM 135664]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:\windows\system32\drivers\atinttxx. sys [8/4/2004 1:29 AM 13824]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/9/2009 9:13 PM 108289]
S4 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\PERMIS~1\bin\dm.exe [7/23/2009 9:37 PM 213053]
S4 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [8/20/2007 7:27 PM 202280]
S4 TabletServicePen;TabletServicePen;c:\windows\syste m32\Pen_Tablet.exe [11/29/2008 11:48 PM 1373480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-21 c:\windows\Tasks\book.job
- c:\windows\system32\ntbackup.exe [2001-08-18 02:36]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 23:01]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 23:01]

2010-06-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-06-17 c:\windows\Tasks\Windows Defender.job
- c:\progra~1\WINDOW~4\MSASCui.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: d-a-l.com
Trusted Zone: download.com
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: turbotax.com
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} - hxxp://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-27 20:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\�•€|ÿÿÿÿ"•€|ù•Ôw*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Progra m Files\\Alias\\Maya7.0\\presets\\Ashli\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-27 20:46:28
ComboFix-quarantined-files.txt 2010-06-28 00:46
ComboFix2.txt 2010-06-26 05:27

Pre-Run: 33,577,304,064 bytes free
Post-Run: 33,633,832,960 bytes free

- - End Of File - - F20C8FB095B996B0C7A671B2C4BEF507
It did not ask for a reboot.

Thank you.

How is computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

================================================== =======

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Hi, the computer is running well now. Earlier today the Explorer toolbar was clear. No problems now and everything is smooth. I've deinstalled Combo.

Here is the OTD log;
OTL logfile created on: 6/27/2010 9:28:16 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Noel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 31.43 Gb Free Space | 42.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Unable to calculate disk information.
Drive F: | 128.00 Gb Total Space | 68.50 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 149.01 Gb Total Space | 110.60 Gb Free Space | 74.23% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: HOME-86UR589197
Current User Name: Noel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/26 13:45:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.exe
PRC - [2010/06/07 13:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2010/06/26 13:45:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (IDriverT)
SRV - File not found [Disabled | Stopped] -- -- (FLEXnet Licensing Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/09/07 14:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/08/07 17:07:22 | 000,213,053 | ---- | M] (PermissionTV) [Disabled | Stopped] -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/19 20:51:51 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2003/06/18 13:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 12:22:30 | 000,181,312 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/07 16:33:22 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/10 10:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 10:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 10:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008/06/03 02:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 14:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 20:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/03/31 17:28:49 | 000,453,632 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/03/31 17:28:47 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/11/01 23:04:59 | 000,075,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinesxx.sys -- (ATIXSAudio)
DRV - [2005/11/01 23:02:53 | 000,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/11/01 23:01:59 | 000,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2005/11/01 23:01:49 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005/11/01 23:01:19 | 000,055,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2005/03/03 13:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 11:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/12 19:17:30 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2005/01/12 19:17:30 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2005/01/12 19:17:30 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2005/01/12 19:17:30 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 01:29:31 | 000,073,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP) ATI WDM TV Tuner (Microsoft Corporation)
DRV - [2004/08/04 01:29:30 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) ATI WDM Rage Theater Video (Microsoft Corporation)
DRV - [2004/08/04 01:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinttxx.sys -- (TTDec) ATI WDM Teletext Decoder (Microsoft Corporation)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/18 13:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 13:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 13:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 13:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 13:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 13:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2002/12/17 16:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 16:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 16:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/06/21 22:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 22:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1999/12/17 05:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [1998/07/10 05:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = localhost;*.local



O1 HOSTS File: ([2010/06/27 20:42:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (LastWinDet Class) - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll (UnH Solutions, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\~Disabled [2010/03/15 19:46:41 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: d-a-l.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: download.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/...trol_en_US.cab (DjVuCtl Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/...?1257818441429 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1257828927484 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/sof...iveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} http://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx (SketchCtl.Pic1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/11 19:28:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 17:37:23 | 000,000,000 | ---D | M] - F:\AUTORECORD -- [ NTFS ]
O32 - AutoRun File - [2006/08/08 09:59:46 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/01/11 19:27:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - ATIYUV12.DLL File not found
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/27 20:46:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/26 13:57:17 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\TFC.exe
[2010/06/26 13:45:06 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.exe
[2010/06/26 13:31:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Noel\Recent
[2010/06/24 21:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/24 21:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/24 17:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/05 18:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/05 18:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/17 17:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/17 17:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/17 17:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/17 17:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/17 16:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/10 22:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2005/01/12 21:46:34 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\Documents and Settings\Noel\My Documents\*.tmp files -> C:\Documents and Settings\Noel\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/27 21:26:27 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/27 21:23:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/27 21:23:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/27 21:23:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/27 21:23:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/27 21:22:24 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Noel\ntuser.dat
[2010/06/27 21:22:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Noel\ntuser.ini
[2010/06/27 21:18:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\Click the Quick Scan button.doc
[2010/06/27 20:42:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/27 20:42:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/27 20:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/27 19:28:04 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\ica.doc
[2010/06/27 19:26:58 | 000,013,985 | ---- | M] () -- C:\Documents and Settings\Noel\My Documents\oji[1]objfs1099.pdf
[2010/06/27 14:10:51 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\Welcome to Facebook.url
[2010/06/26 23:48:09 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\Gmail Email from Google.url
[2010/06/26 20:22:57 | 000,003,058 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\kaspersky.html
[2010/06/26 13:57:20 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\TFC.exe
[2010/06/26 13:45:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.exe
[2010/06/26 10:39:23 | 000,000,729 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/26 10:39:23 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2010/06/26 01:40:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\gmer.exe
[2010/06/24 22:48:19 | 000,501,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 22:48:19 | 000,441,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 22:48:19 | 000,071,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/24 21:40:12 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/23 17:02:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/21 20:45:31 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\ConceptArt.org Version 3.0.url
[2010/06/21 20:41:36 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\Digital Webbing Forums.url
[2010/06/21 18:30:00 | 000,000,678 | ---- | M] () -- C:\WINDOWS\tasks\book.job
[2010/06/16 22:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Windows Defender.job
[2010/06/09 03:32:02 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/01 23:16:26 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Noel\My Documents\Rescued document 1.doc
[2010/06/01 23:10:41 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Noel\My Documents\Rescued document.doc
[2010/06/01 23:06:21 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\Noel\My Documents\cc_20100601_230613.reg
[2010/06/01 22:50:55 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\Important This sectiontoolbar.doc
[2010/05/07 20:49:56 | 005,105,129 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\vamp0410.psd
[2010/05/05 18:46:44 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 17:18:56 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/17 17:10:40 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\Trouble installing iTunes or QuickTime for Windows.url
[2010/04/17 17:05:32 | 000,002,642 | ---- | M] () -- C:\Documents and Settings\Noel\My Documents\cc_20100417_170511backup0417102.reg
[2010/04/17 17:04:34 | 001,221,244 | ---- | M] () -- C:\Documents and Settings\Noel\My Documents\cc_20100417_170349backup041710.reg
[2010/04/17 15:10:11 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/04/13 19:59:53 | 001,071,468 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\vamp0410 copy.psd
[2010/04/10 22:49:35 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/04/08 20:49:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[3 C:\Documents and Settings\Noel\My Documents\*.tmp files -> C:\Documents and Settings\Noel\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/27 21:18:58 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Noel\Desktop\Click the Quick Scan button.doc
[2010/06/27 19:28:03 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Noel\Desktop\ica.doc
[2010/06/27 19:26:58 | 000,013,985 | ---- | C] () -- C:\Documents and Settings\Noel\My Documents\oji[1]objfs1099.pdf
[2010/06/26 20:22:56 | 000,003,058 | ---- | C] () -- C:\Documents and Settings\Noel\Desktop\kaspersky.html
[2010/06/26 01:40:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Noel\Desktop\gmer.exe
[2010/06/24 21:40:12 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/01 23:16:26 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Noel\My Documents\Rescued document 1.doc
[2010/06/01 23:10:40 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Noel\My Documents\Rescued document.doc
[2010/06/01 23:06:15 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\Noel\My Documents\cc_20100601_230613.reg
[2010/06/01 22:50:54 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Noel\Desktop\Important This sectiontoolbar.doc
[2010/05/05 18:46:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/17 17:18:56 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/17 17:18:14 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/17 17:05:29 | 000,002,642 | ---- | C] () -- C:\Documents and Settings\Noel\My Documents\cc_20100417_170511backup0417102.reg
[2010/04/17 17:04:15 | 001,221,244 | ---- | C] () -- C:\Documents and Settings\Noel\My Documents\cc_20100417_170349backup041710.reg
[2010/04/13 19:59:53 | 001,071,468 | ---- | C] () -- C:\Documents and Settings\Noel\Desktop\vamp0410 copy.psd
[2010/04/12 22:17:44 | 005,105,129 | ---- | C] () -- C:\Documents and Settings\Noel\Desktop\vamp0410.psd
[2010/04/10 22:49:35 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2009/12/26 1432 | 000,000,552 | ---- | C] () -- C:\WINDOWS\cerscr3.ini
[2009/02/22 18:37:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/10/23 19:44:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/07/08 08:59:36 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/12 17:29:54 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Spiderman.INI
[2008/02/10 15:37:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/11/01 23:07:23 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/05/13 18:05:27 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2006/12/29 15:35:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/12/28 00:57:29 | 000,000,121 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/17 14:57:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/13 19:46:07 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/04/25 20:51:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2006/04/08 16:32:01 | 000,000,816 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/03/31 17:28:47 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/03/31 17:28:07 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2006/02/20 11:29:39 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2005/11/14 17:48:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\7thlevel.ini
[2005/11/14 17:05:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/11/06 16:29:59 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/10/03 08:42:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/05/19 19:51:09 | 000,000,478 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2005/05/10 21:09:45 | 000,000,892 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/14 12:25:02 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/01/14 12:24:58 | 000,000,845 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/01/12 21:47:13 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/12 21:46:35 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2005/01/12 21:46:35 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2005/01/12 21:46:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/12 21:46:32 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2005/01/12 21:46:32 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2005/01/12 21:46:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2005/01/12 21:45:40 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/12 21:44:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/12 21:41:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/12 20:39:05 | 000,000,492 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2003/01/07 17:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2002/01/25 09:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2002/01/25 09:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2002/01/25 09:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2002/01/25 09:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2002/01/25 09:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[2001/11/19 19:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2000/09/08 20:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2008/02/15 18:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2008/02/02 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Praise
[2008/02/01 16:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/02/25 21:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/01/15 1958 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/01/28 22:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/03/06 19:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/10/04 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/08/20 19:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/23 22:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/07 14:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UnH Solutions
[2010/04/17 1709 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/24 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/06/30 20:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/02/14 01:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\AquaNox
[2008/01/15 19:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\Grisoft
[2006/12/06 00:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\iScreensaver
[2008/02/24 15:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\Leadertech
[2006/06/19 21:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\LucasArts
[2008/03/30 12:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\My Games
[2009/11/11 21:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\Petroglyph
[2006/06/13 22:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\Windows Live Safety Center
[2010/01/20 17:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel\Application Data\Windows Search
[2010/06/21 18:30:00 | 000,000,678 | ---- | M] () -- C:\WINDOWS\Tasks\book.job
[2010/06/27 21:26:27 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/16 22:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Defender.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/24 00:30:33 | 000,000,000 | ---- | M] () -- C:\AnalysisLog.sr0
[2005/01/11 19:28:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/22 16:52:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/26 10:39:23 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2002/08/29 02:05:52 | 000,245,920 | ---- | M] () -- C:\cmldr
[2010/06/27 20:46:29 | 000,019,441 | ---- | M] () -- C:\ComboFix.txt
[2005/01/11 19:28:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/02/15 22:44:02 | 000,000,281 | ---- | M] () -- C:\debugInstaller.txt
[2009/11/30 18:23:18 | 000,002,256 | ---- | M] () -- C:\devicetable.log
[2007/10/29 22:57:12 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2006/11/10 23:44:30 | 000,063,192 | ---- | M] () -- C:\EasyShare.dmp
[2005/12/11 15:16:15 | 000,000,011 | ---- | M] () -- C:\error.txt
[2005/01/11 19:28:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/15 21:00:10 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/07/28 23:57:36 | 000,000,574 | ---- | M] () -- C:\mmcInst.log
[2008/02/08 22:31:53 | 000,000,024 | ---- | M] () -- C:\moduleName.txt
[2005/01/11 19:28:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/23 20:49:15 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/23 2216 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/01/12 21:37:38 | 000,000,000 | ---- | M] () -- C:\nvlog.txt
[2010/06/27 21:23:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/10/04 11:26:16 | 000,000,204 | ---- | M] () -- C:\Plugins
[2009/11/29 00:08:46 | 000,034,440 | ---- | M] () -- C:\WinxError.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/05/12 15:02:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C .DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/11/18 14:40:21 | 003,665,920 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/18 19:28:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/11/18 14:40:21 | 034,865,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/18 14:40:21 | 008,912,896 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< >

< >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0s6gav2zj >
Invalid Switch: 68715-active-trojan-dnschanger.html#ixzz0s6gav2zj

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >

I have not found the "extras" file yet. I have one from yesterday, but not the most recent.
I'll keep looking.
Thanks for your help.

Here is the 'Extra's' file from Saturday, I hope it's helpful. I did not see a new one when OTL finished.
OTL Extras logfile created on: 6/26/2010 1:46:55 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Noel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 31.40 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Unable to calculate disk information.
Drive F: | 128.00 Gb Total Space | 68.50 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 149.01 Gb Total Space | 110.60 Gb Free Space | 74.23% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: HOME-86UR589197
Current User Name: Noel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"58007:TCP" = 58007:TCP:*:Enabled:Pando Media Booster
"58007:UDP" = 58007:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"58007:TCP" = 58007:TCP:*:Enabled:Pando Media Booster
"58007:UDP" = 58007:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNetisabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNetisabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"F:\Civilization4.exe" = F:\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"F:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" = F:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*: Enabled:Star Wars(TM): Republic Commando(TM) -- ()
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:Turbo Tax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04BBDC01-8EFB-4A1F-A0D3-E3F5598FB3B2}_is1" = 'I Luv' House Pets
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}" = Dell Picture Studio - Dell Image Expert
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1319A9A7-C690-285F-FB22-FC6172DF3DB9}" = ccc-core-static
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16105864-23F0-6242-A1D7-06DCB32244B6}" = Catalyst Control Center Graphics Full New
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{190772CB-88C3-BC16-D9F4-29ED96EA070F}" = Catalyst Control Center Graphics Previews Common
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"{22944268-4375-294B-219A-08A9288142FC}" = CCC Help English
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4C9DC3EF-B9BA-B15E-5670-D6FA8762AEA8}" = Catalyst Control Center Graphics Full Existing
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58DAB779-003D-47B7-969B-811A21846719}" = Evil Islands
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E3CEC6E-D5CD-32E7-110E-F34EB5004D26}" = Skins
"{6E4B4026-92AD-46D3-AD73-6D6F23943871}" = Alias DirectConnect 2.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B6BE53-4C89-4ECC-AEA0-F1C64B60C319}" = Giant Eagle Photo Center - Windows XP Online Order Wizard
"{7501D933-23C3-400F-92C7-0FAD97819B48}" = Catalyst Control Center Core Implementation
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799F774D-7D7B-4B5B-BCA4-E69F5BEEFC7B}" = Microsoft DirectX SDK (June 2006)
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88A10DC1-C11C-45F7-AB65-B014D18B774F}" = Harry Potter Print Studio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB000D9F-3BBA-4361-A550-7DCCED1409AC}" = MapleStory
"{CB0D4901-BF3B-4599-6148-642E17D748CF}" = ccc-utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D563054D-307E-45B6-D349-1F5BFE0380A0}" = ccc-core-preinstall
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E343CA30-9714-FA47-1D4F-D874B82D2404}" = Catalyst Control Center Graphics Light
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Age of Mythology 1.0" = Age of Mythology
"All ATI Software" = ATI - Software Uninstall Utility
"AquaNox" = AquaNox
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Cuyahoga County Player_is1" = PermissionTV Cuyahoga County Player 3.15
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DXTXTRA" = Microsoft DirectX Transform optional components
"Finale NotePad 2007" = Finale NotePad 2007
"Free Realms Installer" = Free Realms Installer
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"HCA - The Ugly Prince Duckling_is1" = HCA - The Ugly Prince Duckling
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE Privacy Keeper" = IE Privacy Keeper
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Measurement Services Client" = Futuremark Measurement Services Client
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PANZERS - Phase2" = PANZERS - Phase2
"Pen Tablet Driver" = Pen Tablet
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"Pet Pals Animal Doctor" = Pet Pals Animal Doctor
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"Road Runner Install_is1" = Road Runner Install
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StartupRun" = StartupRun
"TurboTax 2009" = TurboTax 2009
"TurboTax Basic 2006" = TurboTax Basic 2006
"TurboTax Basic 2007" = TurboTax Basic 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2009 8:38:05 AM | Computer Name = HOME-86UR589197 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/18/2009 10:03:31 AM | Computer Name = HOME-86UR589197 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/18/2009 10:10:41 AM | Computer Name = HOME-86UR589197 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Small Business -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Small Business. The Windows
installer cannot continue.

Error - 12/19/2009 10:25:16 AM | Computer Name = HOME-86UR589197 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 6/25/2010 8:13:48 PM | Computer Name = HOME-86UR589197 | Source = sfsync02 | ID = 262156
Description =

Error - 6/25/2010 8:14:17 PM | Computer Name = HOME-86UR589197 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/25/2010 8:15:18 PM | Computer Name = HOME-86UR589197 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb eeCtrl Fips OMCI Processor SABKUTIL SASDIFSV SASKUTIL ssmdrv

Error - 6/25/2010 8:17:54 PM | Computer Name = HOME-86UR589197 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/25/2010 835 PM | Computer Name = HOME-86UR589197 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 6/25/2010 846 PM | Computer Name = HOME-86UR589197 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SABKUTIL

Error - 6/26/2010 10:33:45 AM | Computer Name = HOME-86UR589197 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 6/26/2010 10:33:50 AM | Computer Name = HOME-86UR589197 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SABKUTIL

Error - 6/26/2010 1:33:06 PM | Computer Name = HOME-86UR589197 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 6/26/2010 1:33:25 PM | Computer Name = HOME-86UR589197 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SABKUTIL


< End of report >

Update your Java version here: Verify Java Version
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

================================================== =============

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  SRV - File not found [Disabled | Stopped] -- -- (IDriverT)
  SRV - File not found [Disabled | Stopped] -- -- (FLEXnet Licensing Service)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
  O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab  (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found
  @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
  @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
  @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.