[RESOLVED] ThinkPoint hijack

Computer definately is better, Like I said I went to windows updates but didn't d/l them. Since Sunday all I got was IE or Firefox cannot connect, diagnose connection. The add popups have stopped. Seems really good.
Anyway would have gotten back sooner but had a phone call.

OTL logfile created on: 11/16/2010 7:38:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\imadreamer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 602.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 31.17 Gb Free Space | 79.80% Space Free | Partition Type: NTFS
Drive D: | 44.93 Gb Total Space | 44.52 Gb Free Space | 99.09% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 34.20 Gb Free Space | 70.04% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 30.01 Gb Free Space | 61.47% Space Free | Partition Type: NTFS
Drive G: | 48.83 Gb Total Space | 47.54 Gb Free Space | 97.36% Space Free | Partition Type: NTFS
Drive H: | 48.99 Gb Total Space | 48.60 Gb Free Space | 99.22% Space Free | Partition Type: NTFS

Computer Name: IMADREAMER2 | User Name: imadreamer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 19:37:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\imadreamer\Desktop\OTL.exe
PRC - [2009/08/05 23:47:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/13 18:05:56 | 002,532,576 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/16 19:37:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\imadreamer\Desktop\OTL.exe
MOD - [2004/08/10 16:05:30 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/05 23:47:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2004/08/13 18:05:56 | 002,532,576 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- J:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- J:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- J:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2009/12/07 10:51:20 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/22 03:01:47 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/16 02:40:06 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/06/10 05:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/17 06:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 06:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/28 09:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/10 16:05:44 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/08/10 16:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/08/10 16:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/08/10 16:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/08/10 15:53:14 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/08/10 15:51:30 | 000,059,984 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2003/12/19 06:07:50 | 000,541,548 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/11 09:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lurkhere.com/forums/start.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.lurkhere.com/forums/start.php"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/13 04:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/13 04:25:26 | 000,000,000 | ---D | M]

[2010/11/11 03:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imadreamer\Application Data\Mozilla\Extensions
[2010/11/11 03:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imadreamer\Application Data\Mozilla\Firefox\Profiles\d8se87jy.default\extensions
[2010/11/13 04:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/16 18:38:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ncponline.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1246235174421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.179.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\imadreamer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\imadreamer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 17:16:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/29 10:08:03 | 000,000,000 | ---D | M] - F:\Auto Tag Cleaner -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 19:37:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\imadreamer\Desktop\OTL.exe
[2010/11/16 19:02:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/16 18:33:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/16 18:32:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/16 18:32:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/16 18:32:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/16 18:32:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/16 18:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/16 18:32:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/16 00:59:22 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\imadreamer\Desktop\TDSSKiller.exe
[2010/11/14 20:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\imadreamer\Local Settings\Application Data\Threat Expert
[2010/11/13 04:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/13 04:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/13 03:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/11/13 02:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/12 14:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/12 14:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/11 03:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\imadreamer\My Documents\Downloads
[2010/11/11 03:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\imadreamer\Local Settings\Application Data\Mozilla
[2010/11/11 03:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\imadreamer\Application Data\Mozilla
[2010/11/11 03:41:28 | 008,567,280 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.12.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 19:37:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\imadreamer\Desktop\OTL.exe
[2010/11/16 18:38:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/16 18:33:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/16 18:20:07 | 003,910,384 | R--- | M] () -- C:\Documents and Settings\imadreamer\Desktop\ComboFix.exe
[2010/11/16 11:36:30 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/16 11:36:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 03:33:56 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\imadreamer\Desktop\football10.xls
[2010/11/16 01:02:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 00:56:44 | 001,215,581 | ---- | M] () -- C:\Documents and Settings\imadreamer\Desktop\tdsskiller.zip
[2010/11/15 03:15:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/15 02:02:41 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\imadreamer\Desktop\dds.scr
[2010/11/15 01:09:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\imadreamer\Desktop\MBRCheck.exe
[2010/11/15 01:08:04 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\imadreamer\Desktop\5hh7vd71.exe
[2010/11/13 04:25:28 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\imadreamer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/13 04:25:28 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/11 03:46:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\imadreamer\Desktop\TDSSKiller.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 21:57:19 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 21:57:19 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 01:06:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\imadreamer\Desktop\picks.doc
[2010/10/28 00:26:25 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\imadreamer\My Documents\Church birthdays.xls
[2010/10/28 00:08:16 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\imadreamer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 00:08:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 18:33:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/16 18:33:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/16 18:32:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/16 18:32:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/16 18:32:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/16 18:32:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/16 18:32:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/16 18:20:04 | 003,910,384 | R--- | C] () -- C:\Documents and Settings\imadreamer\Desktop\ComboFix.exe
[2010/11/16 00:56:42 | 001,215,581 | ---- | C] () -- C:\Documents and Settings\imadreamer\Desktop\tdsskiller.zip
[2010/11/15 02:02:39 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\imadreamer\Desktop\dds.scr
[2010/11/15 02:01:25 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\imadreamer\Desktop\5hh7vd71.exe
[2010/11/15 02:01:15 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\imadreamer\Desktop\MBRCheck.exe
[2010/11/15 00:34:05 | 000,195,584 | ---- | C] () -- C:\Documents and Settings\imadreamer\My Documents\levels.doc
[2010/11/13 04:25:28 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\imadreamer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/13 04:25:28 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/13 03:06:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 03:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/14 03:36:53 | 000,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/07/12 14:45:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/07/12 14:44:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX400.ini
[2009/07/08 01:15:59 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009/07/04 13:56:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/30 15:27:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/06/29 11:56:16 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\imadreamer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 11:36:02 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/06/29 11:36:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\99A8FE3570.sys
[2009/06/28 22:04:30 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009/06/28 22:04:29 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/06/28 22:00:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gwspro.ini
[2009/06/28 20:45:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/28 20:19:54 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/06/28 17:43:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/06/28 17:43:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/06/28 12:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/10 07:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/08/10 19:39:04 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/06/06 16:00:00 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/06/06 16:00:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/07/02 00:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
[2009/07/12 14:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/05/11 23:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/07/08 01:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/07/19 23:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/26 22:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/11/16 18:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/11 23:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/07/25 01:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imadreamer\Application Data\Foxit
[2009/07/12 14:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imadreamer\Application Data\Leadertech
[2009/06/28 23:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imadreamer\Application Data\UnH Solutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 11/16/2010 7:38:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\imadreamer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 602.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 31.17 Gb Free Space | 79.80% Space Free | Partition Type: NTFS
Drive D: | 44.93 Gb Total Space | 44.52 Gb Free Space | 99.09% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 34.20 Gb Free Space | 70.04% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 30.01 Gb Free Space | 61.47% Space Free | Partition Type: NTFS
Drive G: | 48.83 Gb Total Space | 47.54 Gb Free Space | 97.36% Space Free | Partition Type: NTFS
Drive H: | 48.99 Gb Total Space | 48.60 Gb Free Space | 99.22% Space Free | Partition Type: NTFS

Computer Name: IMADREAMER2 | User Name: imadreamer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LeapFTP\LeapFTP.exe" = C:\Program Files\LeapFTP\LeapFTP.exe:*:Enabled:File Transfer Protocol (FTP) Client -- (LeapWare)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{7CEB5AC4-B6F8-414C-845D-4295C125D17B}" = NCP Internet Transporter
"{92BF38A8-5616-4209-87A3-D910B45A1D98}" = Internet Transporter - NCP Link
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DE187864-A381-4602-8823-1024D4CE4370}" = Sygate Personal Firewall
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Coda" = Coda codec pack
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"EPSON Scanner" = EPSON Scan
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.00
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"Foxit Reader" = Foxit Reader
"FreeZip" = FreeZip
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Graphic Workshop Professional" = Graphic Workshop Professional
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.26
"LeapFTP" = LeapFTP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SysInfo" = Creative System Information
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2010 1:44:22 AM | Computer Name = IMADREAMER2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/22/2010 2:29:40 AM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/29/2010 2:33:48 AM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/29/2010 11:02:03 AM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/30/2010 2:28:11 AM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/30/2010 2:42:47 PM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/30/2010 3:14:59 PM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/30/2010 10:46:23 PM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/31/2010 2:40:07 AM | Computer Name = IMADREAMER2 | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <ThreadInit> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0x18

Error - 6/7/2010 12:10:53 PM | Computer Name = IMADREAMER2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 11/14/2010 10:34:07 PM | Computer Name = IMADREAMER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/14/2010 10:34:25 PM | Computer Name = IMADREAMER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/14/2010 10:35:05 PM | Computer Name = IMADREAMER2 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 11/14/2010 10:35:05 PM | Computer Name = IMADREAMER2 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 11/14/2010 10:35:05 PM | Computer Name = IMADREAMER2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 11/14/2010 10:35:05 PM | Computer Name = IMADREAMER2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/14/2010 10:35:05 PM | Computer Name = IMADREAMER2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv
Tcpip
wpsdrvnt

Error - 11/14/2010 10:35:08 PM | Computer Name = IMADREAMER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/14/2010 10:40:23 PM | Computer Name = IMADREAMER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/15/2010 4:01:28 AM | Computer Name = IMADREAMER2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Good news then :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
C:\WINDOWS\002564_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: imadreamer
->Temp folder emptied: 9252201 bytes
->Temporary Internet Files folder emptied: 7733554 bytes
->Java cache emptied: 75130686 bytes
->FireFox cache emptied: 44485907 bytes
->Flash cache emptied: 1919305 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2703427 bytes
->Flash cache emptied: 45796 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4980803 bytes
->Java cache emptied: 290983 bytes
->Flash cache emptied: 47442 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 10068 bytes

Total Files Cleaned = 140.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: imadreamer
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11162010_202216

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Sygate Personal Firewall
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Looks good :)
Go on....

tfc ran but didn't give me a log, so will go do the online scan

No log from TFC...

Eset found nothing.

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

---

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Do I go on or wait on you?

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: imadreamer
->Temp folder emptied: 1941 bytes
->Temporary Internet Files folder emptied: 11507032 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: imadreamer
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 11162010_213936

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Yes, complete all steps and give me a final word....

Done!!! Well almost. The WOT comes with the bing toolbar is says. Do I have to take the bing toolbar, I never did like tool bars. And the PSI program downloaded but when I click it says the Installer Integrity check failed. I deleted that file and d/l it three different times all with the same warning, so I figure I will try again tomorrow on that one.

You are a genius. I knew I could format and reinstall but that usually takes me a lot longer and I always forget something.

It sure is cured. No more ugly popups, my task manager is back intact, windows updates worked, and windows firewall is enabled again.

I'm guessing spyware blaster failed, is it not that good anymore? I thought is was real time protection, LOL.

I actually also had spyware guard on here but when I ran gmer to get the first logs I posed, I uninstalled it since it doesn't have an enable or disable button. It supposedly just runs in the background but I guess it actually failed too so I don't think I will reinstall it anyway.

I haven't heard sygate beep and when I checked the security log it is only showing the java update thing. Of course it calls it an application hijacking. Sygate log shows on 11-14 when I got the hotfix hijacking but doesn't show anything before 11-3 which is kind of wierd since it should be 30 days worth of logs. It even shows the date I installed firefox, but what I don't see after 11-4 is any avira updates,, yet it ran every night.

It is also a good thing this was my day off so once I got started I could stick with it. Normally I am on an hour or two sometimes less in the morning before I go to work and then till I feel I can sleep after work. Since I don't get home till after midnight, I would have had to post and wait till next time I got to get on, so it worked out.

It does seem to me that you got it fixed. Thanks so much Broni.

Way to go!! https://discussions.virtualdr.com/
Good luck and stay safe :)

I don't like toolbars either. You can safely uninstall it.

You said to defrag . When I went to the computer managment admin tools, it analyzed c drive and said I don't need to defraag at this time. Should I anyway?