Search engines rerouting to different sites

[vikingkid3]

I've read pretty much everything and done pretty much everything about this problem. I have Norton Antivirus 2009, and have used Avast! antivirus, I have and have used spybot search and destroy, and have used Malwarebytes, I have used hijack this and killbox and all that other crap but nothing works. I am using windows vista business, and now everytime i restart my computer, there is a blue screen which says "error_page_nonpage_area" or something along those lines, and will not restart until i put in the windows vista business install cd. The black "start windows normally, etc" screen says 1)put in the OS install cd, 2) select language and click next, 3) click "repair my computer." I have not done that yet, as the  computer starts up when I put the cd into the drive. The reason I haven't done that yet is because I fear I will have to do it every time I attempt to get rid of this virus, since nothing works.

Can you help me?
What more information would you need?

[Allan]

Post the EXACT and complete error message please.

[vikingkid3]

I've restarted 4 times each a different way, and the message never came up again, and the vista business cd was not in the cd drive. However, something that i forgot about every time the computer starts up I get 2 messages reading 1

"Error Loading: C/users/PATRIC~1/ntload.dll
C/users/PATRIC~1/ntload.dll is not a valid Win32 application."

and 2 is the same format but the file is "C/windows/system32/notepad.dll"

Also, if it helps my computer is under a constant barrage of viruses, I get a message from norton saying my computer was just attacked by a virus, but everything is safe almost every 5 minutes.

[Allan]

Go to the malware forum on this site and follow the instructions at the top of that forum.

[vikingkid3]

C:\Windows\System32\Drivers\ucchpibq.sys

avast just found this file...what does it do? should i delete it?

[Allan]

Go to the malware forum on this site and follow the instructions at the top of that forum.

[vikingkid3]

SAS log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/26/2009 at 09:01 PM

Application Version : 4.32.1000

Core Rules Database Version : 4412
Trace Rules Database Version: 2243

Scan type       : Complete Scan
Total Scan Time : 06:43:55

Memory items scanned      : 745
Memory threats detected   : 0
Registry items scanned    : 7212
Registry threats detected : 9
File items scanned        : 469292
File threats detected     : 283

Rogue.AntiVirusPlus
   HKLM\Software\Classes\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}
   HKU\S-1-5-21-3593084958-1206254983-1428058218-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}
   HKCR\CLSID\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}
   HKCR\CLSID\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}\InProcServer32
   HKCR\CLSID\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}\InProcServer32#ThreadingModel

Adware.Tracking Cookie
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@invitemedia[1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@yellowlinebanner[1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@collective-media[1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@specificmedia[2].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@media6degrees[1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@clicksor[2].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@clicktorrent[1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@admarketplace[1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@ero-advertising[1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@admarketplace[1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@clicksor[2].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@clicktorrent[1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@collective-media[1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@ero-advertising[1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@invitemedia[1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@media6degrees[1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@specificmedia[2].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Cookies\patrick_mcmahon@yellowlinebanner[1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@admarketplace[1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@clicksor[2].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@clicktorrent[1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@collective-media[1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@ero-advertising[1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@invitemedia[1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@media6degrees[1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@specificmedia[2].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@yellowlinebanner[1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@admarketplace[1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@clicksor[2].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@clicktorrent[1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@collective-media[1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@ero-advertising[1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@invitemedia[1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@media6degrees[1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@specificmedia[2].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\[email protected][2].txt
   C:\Documents and Settings\Patrick McMahon\Cookies\patrick_mcmahon@yellowlinebanner[1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@admarketplace[1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@clicksor[2].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@clicktorrent[1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@collective-media[1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@ero-advertising[1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@invitemedia[1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@media6degrees[1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@specificmedia[2].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\Application Data\Microsoft\Windows\Cookies\patrick_mcmahon@yellowlinebanner[1].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@admarketplace[1].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@clicksor[2].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@clicktorrent[1].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@collective-media[1].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@ero-advertising[1].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@invitemedia[1].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@media6degrees[1].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@specificmedia[2].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][1].txt
   C:\Users\Patrick McMahon\Cookies\[email protected][2].txt
   C:\Users\Patrick McMahon\Cookies\patrick_mcmahon@yellowlinebanner[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@abyssteens[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adcloudmedia[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adinterax[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adprotraffic[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adrevolver[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultadworld[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultmoviegroup[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluestreak[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstbeacon[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@corkyteens[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@directtrack[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@downloadxpornmovies[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ero-advertising[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eyewonder[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fullsexmovies[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hitbox[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hotfuckbook[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hotpornshow[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@icityfind[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lfstmedia[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@livesex-paradise[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@livesexlist[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mafioporno[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mafioporno[3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@maturesexclipz[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@maturesexi[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mongoporn[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pornhost[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pornless[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sex-hot-pics[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sex9[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sexlist[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sextracker[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@streamsexclips[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@technoratimedia[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@teenyclips[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@toplist[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficholder[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tsprotraffic[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wilyteens[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xxxbaron[2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yadro[1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt

Trojan.Agent/Gen
   C:\Windows\system32\critical_warning.html
   C:\Windows\system32\winhelper86.dll

Rogue.InternetSecurity2010
   HKU\S-1-5-21-3593084958-1206254983-1428058218-1000\Software\IS2010
   C:\Program Files\InternetSecurity2010
   C:\Users\Patrick McMahon\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security 2010.lnk
   C:\Users\Patrick McMahon\Start Menu\Internet Security 2010.lnk

Rogue.Agent/Gen-Nullo[DLL]
   C:\WINDOWS\SYSTEM32\BIBOSUYI.DLL
   C:\WINDOWS\SYSTEM32\BOFUJIDE.DLL
   C:\WINDOWS\SYSTEM32\DASULELO.DLL
   C:\WINDOWS\SYSTEM32\DUMOPIPE.DLL
   C:\WINDOWS\SYSTEM32\DURIBEGI.DLL
   C:\WINDOWS\SYSTEM32\FOSINOWA.DLL
   C:\WINDOWS\SYSTEM32\HEGUYAZO.DLL
   C:\WINDOWS\SYSTEM32\HIGEWOMU.DLL
   C:\WINDOWS\SYSTEM32\HOGUDARU.DLL
   C:\WINDOWS\SYSTEM32\HOVIVUYI.DLL
   C:\WINDOWS\SYSTEM32\HUVOMIFI.DLL
   C:\WINDOWS\SYSTEM32\JUBATEYA.DLL
   C:\WINDOWS\SYSTEM32\KANAGULE.DLL
   C:\WINDOWS\SYSTEM32\KUFOMAHI.DLL
   C:\WINDOWS\SYSTEM32\LABESUFI.DLL
   C:\WINDOWS\SYSTEM32\LIMOWUYU.DLL
   C:\WINDOWS\SYSTEM32\LIRUTOGA.DLL
   C:\WINDOWS\SYSTEM32\LITABIRU.DLL
   C:\WINDOWS\SYSTEM32\LIVIWEGU.DLL
   C:\WINDOWS\SYSTEM32\NAKUWIYI.DLL
   C:\WINDOWS\SYSTEM32\NAWEMONA.DLL
   C:\WINDOWS\SYSTEM32\PEFEPISA.DLL
   C:\WINDOWS\SYSTEM32\POHUNAZI.DLL
   C:\WINDOWS\SYSTEM32\RIYIGABU.DLL
   C:\WINDOWS\SYSTEM32\SAFIMUSI.DLL
   C:\WINDOWS\SYSTEM32\SANITUTU.DLL
   C:\WINDOWS\SYSTEM32\SULEKIPI.DLL
   C:\WINDOWS\SYSTEM32\TILAKIPU.DLL
   C:\WINDOWS\SYSTEM32\VAKAKAYU.DLL
   C:\WINDOWS\SYSTEM32\VETAGAMA.DLL
   C:\WINDOWS\SYSTEM32\VINOKUNI.DLL
   C:\WINDOWS\SYSTEM32\WELIMALA.DLL
   C:\WINDOWS\SYSTEM32\WIDUJUDA.DLL
   C:\WINDOWS\SYSTEM32\WUHELIDI.DLL
   C:\WINDOWS\SYSTEM32\YUZOKEWA.DLL
   C:\WINDOWS\SYSTEM32\ZOKEFAFO.DLL

Rogue.Agent/Gen-Nullo[EXE]
   C:\WINDOWS\SYSTEM32\NULORAKU.EXE

Mbam log:
Malwarebytes' Anti-Malware 1.42
Database version: 3437
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/27/2009 12:34:02 AM
mbam-log-2009-12-27 (00-34-02).txt

Scan type: Quick Scan
Objects scanned: 96898
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\bazahabe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\bikobaka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\dobapoda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\fimijole.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\giniduna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\gitubazo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jiyegine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mifuwape.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nonituwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\papororo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pawehuhe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pinigati.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\winiyavi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\yewohosi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\zujedafu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\ucchpibq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Patrick McMahon\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\notepad.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Patrick McMahon\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:15 AM, on 12/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost127.0.0.1 thepiratebay.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {28134def-d748-436c-9fcb-e8af34670009} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O20 - AppInit_DLLs: jegofoto.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7046 bytes

[vikingkid3]

do you need anymore information?

[vikingkid3]

So i'm screwed?

[vikingkid3]

Now I have to reformat my computer because no one here was nice enough to actually help me with my problem. I only have one day left until I NEED this problem fixed, BUT I didn't post logs in the first post (even though I had done all you had said to do earlier, and none of it worked), so you decided I was just another little retarded punk who didn't know what was going on...thank you so very much for your time.

[Salmon Trout]

Now I have to reformat my computer because no one here was nice enough to actually help me with my problem.

... Please contact the accounts department. You are entitled to a full refund of your enrolment fee. However, did you read the instructions properly? If so, why have you bumped 3 times? (Over Christmas!) Like, duh!

We also request patience.  The Experts here are Volunteers and are not here 24/7.  This is not a live session either.  If it takes a few hours or overnight for them to get back to you, trust me it is worth the wait.  See here* why not to not bump your thread.

*WHEN YOU BUMP YOUR THREAD OR ADD UNNECESSARY POSTS YOU LENGTHEN THE TIME TO GET A RESPONSE!
 
It does not matter whether the bump is intentional or not. Each time you bump your thread by posting another message you do not bump to the top, you bump to the bottom of the list. You are better off posting once and waiting for an answer. Even starting another thread (which you should not do anyway) will not help because of the procedure we use to work through new threads. We work from oldest thread to newest. Bumping your thread could cost you hours or even days of additional waiting time. Also when a topic has multiple answers it looks as if someone is already helping you. Be patient.

[SuperDave]

vikingkid3, I'm sorry for the delay. It's been a very busy couple of weeks. Do you still need help?