Solved Possible rootkit and others?

D

DO6470

Posts: 24   +0
Seem to have contracted a virus. Can't do anything related to the interenet including email.
Ran combofix before I found this website and it mentioned something about rootkit sero access, but didnt seem to correct the problems. Thanks for any help you cn provide.

Here are the logs.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.03.01
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
dolsen :: TEST1 [administrator]
12/9/2012 1:13:25 PM
mbam-log-2012-12-09 (13-13-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322336
Time elapsed: 7 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/4/2007 4:12:11 PM
System Uptime: 12/9/2012 12:29:52 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FT292
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 981/166mhz
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 981/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 37.737 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Service: b57w2k
.
==== System Restore Points ===================
.
RP274: 9/10/2012 6:58:02 AM - System Checkpoint
RP275: 9/11/2012 4:28:10 PM - System Checkpoint
RP276: 9/13/2012 7:23:26 AM - System Checkpoint
RP277: 9/14/2012 10:13:41 PM - System Checkpoint
RP278: 9/15/2012 10:35:48 PM - System Checkpoint
RP279: 9/17/2012 8:12:34 AM - System Checkpoint
RP280: 9/18/2012 8:59:12 AM - System Checkpoint
RP281: 9/19/2012 4:44:14 PM - System Checkpoint
RP282: 9/20/2012 4:53:02 PM - System Checkpoint
RP283: 9/22/2012 8:05:05 AM - System Checkpoint
RP284: 9/23/2012 9:24:34 AM - System Checkpoint
RP285: 9/23/2012 10:36:33 PM - Installed Secop CapSel
RP286: 9/25/2012 12:34:20 AM - System Checkpoint
RP287: 9/26/2012 6:09:17 AM - System Checkpoint
RP288: 9/27/2012 12:10:20 PM - System Checkpoint
RP289: 9/28/2012 7:54:12 AM - Restore Operation
RP290: 9/29/2012 9:04:36 AM - System Checkpoint
RP291: 9/30/2012 10:05:33 AM - System Checkpoint
RP292: 10/1/2012 11:09:26 AM - Installed SolidWorks eDrawings 2012.
RP293: 10/2/2012 7:36:47 PM - System Checkpoint
RP294: 10/2/2012 8:33:07 PM - Logitech Webcam Software v12.10.1110
RP295: 10/3/2012 7:02:20 AM - Restore Operation
RP296: 10/3/2012 7:17:36 AM - Restore Operation
RP297: 10/4/2012 6:28:09 PM - System Checkpoint
RP298: 10/6/2012 9:23:53 AM - System Checkpoint
RP299: 10/7/2012 2:51:11 PM - System Checkpoint
RP300: 10/8/2012 5:26:06 PM - System Checkpoint
RP301: 10/9/2012 10:05:34 PM - System Checkpoint
RP302: 10/11/2012 3:33:46 AM - System Checkpoint
RP303: 10/12/2012 2:10:08 PM - System Checkpoint
RP304: 10/13/2012 4:18:40 PM - System Checkpoint
RP305: 10/16/2012 6:28:24 PM - System Checkpoint
RP306: 10/18/2012 6:27:42 PM - System Checkpoint
RP307: 10/19/2012 7:28:16 PM - System Checkpoint
RP308: 10/20/2012 8:28:00 PM - System Checkpoint
RP309: 10/22/2012 8:07:28 AM - System Checkpoint
RP310: 10/23/2012 8:48:39 AM - System Checkpoint
RP311: 10/24/2012 9:03:17 AM - System Checkpoint
RP312: 10/28/2012 11:28:45 AM - System Checkpoint
RP313: 10/29/2012 11:31:23 AM - System Checkpoint
RP314: 11/2/2012 6:56:24 PM - System Checkpoint
RP315: 11/4/2012 11:43:08 AM - System Checkpoint
RP316: 11/5/2012 4:48:41 PM - System Checkpoint
RP317: 11/7/2012 2:30:48 AM - System Checkpoint
RP318: 11/8/2012 8:00:41 AM - Restore Operation
RP319: 11/10/2012 6:40:02 AM - System Checkpoint
RP320: 11/10/2012 8:14:51 AM - System Checkpoint
RP321: 11/11/2012 9:00:52 PM - System Checkpoint
RP322: 11/13/2012 7:56:40 AM - System Checkpoint
RP323: 11/14/2012 10:43:39 PM - System Checkpoint
RP324: 11/16/2012 5:11:03 PM - System Checkpoint
RP325: 11/18/2012 1:47:59 PM - System Checkpoint
RP326: 11/19/2012 5:21:18 PM - System Checkpoint
RP327: 11/20/2012 5:44:36 PM - System Checkpoint
RP328: 11/22/2012 2:48:58 PM - System Checkpoint
RP329: 11/23/2012 6:37:15 PM - System Checkpoint
RP330: 11/24/2012 7:25:33 PM - System Checkpoint
RP331: 11/25/2012 10:55:28 PM - System Checkpoint
RP332: 11/27/2012 7:46:20 AM - System Checkpoint
RP333: 11/28/2012 12:36:04 PM - System Checkpoint
RP334: 11/29/2012 6:36:06 PM - System Checkpoint
RP335: 12/1/2012 2:21:10 AM - System Checkpoint
RP336: 12/3/2012 8:24:07 AM - System Checkpoint
RP337: 12/4/2012 8:52:03 AM - System Checkpoint
RP338: 12/5/2012 11:01:23 AM - System Checkpoint
RP339: 12/5/2012 2:49:49 PM - Installed SolidWorks eDrawings 2013.
RP340: 12/7/2012 6:41:59 PM - System Checkpoint
RP341: 12/8/2012 11:23:19 PM - System Checkpoint
RP342: 12/9/2012 7:58:39 AM - Restore Operation
RP343: 12/9/2012 8:11:39 AM - Restore Operation
RP344: 12/9/2012 8:21:53 AM - Restore Operation
RP345: 12/9/2012 8:53:47 AM - Restore Operation
RP346: 12/9/2012 9:06:09 AM - Restore Operation
RP347: 12/9/2012 9:12:19 AM - Restore Operation
RP348: 12/9/2012 10:43:07 AM - Restore Operation
.
==== Installed Programs ======================
.
Add/Remove Pro (Freeware)
Adobe Acrobat 9 Standard
Adobe Acrobat 9.3.4 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.1
AESPcLink
ALPS Touch Pad Driver
American Greetings CreataCard Select 6
AnswerWorks Runtime
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
AutoCAD LT 2002
Bonjour
Broadcom Gigabit Integrated Controller
Broadcom TPM Driver Installer
Canon CanoScan Toolbox 4.1
Cartwheel Shopping
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Creative Live! Cam Center
Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
Creative Software AutoUpdate
Creative System Information
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Line Detect
EMBASSY Trust Suite by Wave Systems
ESET Online Scanner v3
ETS Launch Pad
Final Media Player 2010
FreePriceAlerts 2.3.5
Google Chrome
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2011
H&R Block Massachusetts 2011
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB971276-v3)
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 30
LibUSB-Win32-0.1.10.1
LiveUpdate 2.0 (Symantec Corporation)
Logitech High Quality Video
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Launcher
LWS Motion Detection
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 ??? Language Pack
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Language Pack - JPN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Visio Viewer 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Modem Helper
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
MPLAB Tools v8.46
MSXML 6.0 Parser (KB933579)
NetWaiting
NTRU Hybrid TSS v2.0.25
PowerDVD 5.7
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Secure Update
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
SolidWorks eDrawings 2010
SolidWorks eDrawings 2011
SolidWorks eDrawings 2013
Sonic Update Manager
StarCraft II
Symantec AntiVirus
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Tweak UI
Uninstall AOL Emergency Connect Utility 1.0
Update for Windows XP (KB912945)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
URL Assistant
Viewpoint Media Player
Volo View Express
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip Driver Updater
XPS Essentials Pack
XPS Essentials Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/9/2012 9:38:20 AM, error: Service Control Manager [7022] - The Yahoo! Updater service hung on starting.
12/9/2012 9:28:51 AM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).
12/9/2012 9:28:51 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
12/9/2012 9:20:29 AM, error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).
12/9/2012 1:28:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the libusbd service.
12/8/2012 8:14:51 AM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 86f78948, parameter3 86f78988, parameter4 0a080018.
12/6/2012 2:14:07 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00197D995577 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
12/5/2012 8:47:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/4/2012 9:04:31 PM, error: System Error [1003] - Error code 1000000a, parameter1 00004ff0, parameter2 00000002, parameter3 00000000, parameter4 804e30ca.
12/3/2012 8:05:22 AM, error: Dhcp [1002] - The IP address lease 192.168.1.166 for the Network Card with network address 00197D995577 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/3/2012 6:03:22 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Not enough storage is available to process this command.
12/3/2012 6:03:22 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Not enough storage is available to process this command.
12/3/2012 6:02:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
12/3/2012 6:02:04 PM, error: Service Control Manager [7023] - The Symantec AntiVirus service terminated with the following error: The environment is incorrect.
12/3/2012 6:02:04 PM, error: Service Control Manager [7000] - The Microchip MPLAB PM3 Firmware Client Driver (PM3W2K.SYS) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/3/2012 6:02:04 PM, error: Service Control Manager [7000] - The Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/3/2012 6:02:04 PM, error: Service Control Manager [7000] - The DataSvr2 service failed to start due to the following error: The system cannot find the file specified.
12/3/2012 6:01:37 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ASPENTHERMAL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
12/3/2012 5:50:41 PM, error: Srv [2020] - The server was unable to allocate from the system paged pool because the pool was empty.
12/3/2012 5:35:10 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{42B39CB8-08E9-402D-AABB-D369E8FDC8C8} because another computer on the network has the same name. The server could not start.
12/3/2012 5:35:10 PM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
12/3/2012 3:38:28 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address D0:23:DB:0E:56:DE. Network operations on this system may be disrupted as a result.
12/2/2012 6:36:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT SBRE
12/2/2012 6:34:37 PM, error: SAVRT [20] - Unable to initialize the virus scanning engine database files.
12/2/2012 11:49:17 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 00197D995577 has been denied by the DHCP server 192.168.208.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by dolsen at 13:29:34 on 2012-12-09
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.567 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.weather.com/weather/right-now/USMA0273
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070424
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Cartwheel: {B50DF051-E1D4-439C-B94E-F4DE82B56542} - c:\documents and settings\dolsen\application data\cartwheel\Cartwheel.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178310621687
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{42B39CB8-08E9-402D-AABB-D369E8FDC8C8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{528D6902-83EA-4BF9-BE9E-6330E3C55526} : DHCPNameServer = 192.168.2.12
TCP: Interfaces\{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E} : DHCPNameServer = 192.168.2.12 192.168.2.11
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-5-6 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-5-6 212568]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-7-24 33792]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100823.002\naveng.sys [2010-8-24 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100823.002\navex15.sys [2010-8-24 1362608]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-5-6 69208]
S0 mtjjs;mtjjs;c:\windows\system32\drivers\mvoxailg.sys --> c:\windows\system32\drivers\mvoxailg.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\drivers\icd2w2k.sys [2004-3-22 12427]
S2 MCUSBPM3;Microchip MPLAB PM3 Firmware Client Driver (PM3W2K.SYS);c:\windows\system32\drivers\PM3w2k.sys [2004-3-22 12447]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
S3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.SYS [2010-11-23 12160]
S3 nicsrkw;nicsrkw;c:\windows\system32\drivers\nicsrkw.sys --> c:\windows\system32\drivers\nicsrkw.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-5-6 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-5-6 94040]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2010-3-31 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2010-3-31 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2010-3-31 170368]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
.
=============== Created Last 30 ================
.
2012-12-09 13:19:26 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro
2012-12-08 19:36:18 -------- d-----w- c:\documents and settings\dolsen\application data\DefaultTab
2012-12-08 19:35:51 -------- d-----w- c:\documents and settings\dolsen\application data\Cartwheel
2012-12-05 19:49:53 -------- d-----w- c:\program files\common files\eDrawings2013
2012-12-05 11:41:16 -------- d-----w- c:\documents and settings\dolsen\application data\Paltalk
2012-12-02 18:45:04 -------- d-----w- c:\documents and settings\dolsen\application data\FreePriceAlerts
2012-12-02 18:40:46 -------- d-----w- c:\program files\common files\xing shared
2012-12-02 18:39:47 -------- d-----w- c:\program files\FreePriceAlerts
2012-12-02 18:39:46 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
.
==================== Find3M ====================
.
2012-11-09 16:59:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 16:59:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-14 16:55:40 368128 ----a-w- c:\program files\EModelViewer.exe
2010-06-14 16:55:14 97280 ----a-w- c:\program files\EModelEx
2010-06-14 16:55:12 27648 ----a-w- c:\program files\edrwthumbnailprovider.dll
2010-06-14 16:54:20 1149952 ----a-w- c:\program files\eDrawingOfficeAutomator.exe
2010-06-14 16:53:54 835584 ----a-w- c:\program files\EModelSWDisplayLists.dll
2010-06-14 16:52:50 91136 ----a-w- c:\program files\EModelExport.dll
2010-06-14 16:52:28 143360 ----a-w- c:\program files\EModelMDReader.dll
2010-06-14 16:52:08 8760832 ----a-w- c:\program files\EModelXlator.dll
2010-06-14 16:51:16 72192 ----a-w- c:\program files\EModelEventLog.dll
2010-06-14 16:49:52 868352 ----a-w- c:\program files\EModelReviewer.dll
2010-06-14 16:46:36 4797952 ----a-w- c:\program files\EModelView.dll
2010-06-14 16:38:48 61440 ----a-w- c:\program files\EModelUtilsVista.dll
2010-06-14 16:38:38 216576 ----a-w- c:\program files\EModelUtils.dll
2010-06-14 16:38:06 3385344 ----a-w- c:\program files\EModelAddIn_libFNP.dll
2010-06-14 16:38:04 2938383 ----a-w- c:\program files\EModelAddIn.dll
2010-06-14 16:37:50 53248 ----a-w- c:\program files\eDrawingsGraphicsCardClient.dll
2010-06-14 16:37:42 4483584 ----a-w- c:\program files\HoopsManager.dll
2010-06-14 15:52:34 299288 ----a-w- c:\program files\solidworkslicenseservice.dll
2010-06-14 15:52:34 263464 ----a-w- c:\program files\swlicservinst.exe
2010-06-14 15:50:52 17920 ----a-w- c:\program files\IMPLODE.DLL
.
============= FINISH: 13:30:19.32 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Thanks for the help.
Here are the logs....

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : dolsen [Admin rights]
Mode : Scan -- Date : 12/09/2012 15:08:35
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[31] : NtConnectPort @ 0x805A2FF8 -> HOOKED (Unknown @ 0xE20D7350)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM080HI +++++
--- User ---
[MBR] 03e6c4b3764b75623803fa693ef38f13
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 76253 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++
--- User ---
[MBR] f79f5803595832f0c6704585222401b6
[BSP] 2b77affaf341f6210c9dfd7e8ac49fe8 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 34 | Size: 3898 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_12092012_02d1508.txt >>
RKreport[1]_S_12092012_02d1508.txt


RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : dolsen [Admin rights]
Mode : Remove -- Date : 12/09/2012 15:12:43
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[31] : NtConnectPort @ 0x805A2FF8 -> HOOKED (Unknown @ 0xE20D7350)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM080HI +++++
--- User ---
[MBR] 03e6c4b3764b75623803fa693ef38f13
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 76253 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++
--- User ---
[MBR] f79f5803595832f0c6704585222401b6
[BSP] 2b77affaf341f6210c9dfd7e8ac49fe8 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 34 | Size: 3898 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_12092012_02d1512.txt >>
RKreport[1]_S_12092012_02d1508.txt ; RKreport[2]_D_12092012_02d1512.txt


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-09 15:17:06
-----------------------------
15:17:06.625 OS Version: Windows 5.1.2600 Service Pack 2
15:17:06.625 Number of processors: 2 586 0xF02
15:17:06.625 ComputerName: TEST1 UserName:
15:17:08.968 Initialize success
15:31:23.875 AVAST engine defs: 12120901
15:31:32.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:31:32.718 Disk 0 Vendor: SAMSUNG_HM080HI AB100-12 Size: 76319MB BusType: 3
15:31:32.750 Disk 0 MBR read successfully
15:31:32.750 Disk 0 MBR scan
15:31:32.812 Disk 0 Windows XP default MBR code
15:31:32.812 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
15:31:32.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 112455
15:31:32.859 Disk 0 scanning sectors +156280320
15:31:32.953 Disk 0 scanning C:\WINDOWS\system32\drivers
15:31:47.750 Service scanning
15:32:17.078 Modules scanning
15:32:33.359 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
15:32:34.578 Disk 0 trace - called modules:
15:32:34.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:32:34.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874e5ab8]
15:32:34.625 3 CLASSPNP.SYS[f76bf05b] -> nt!IofCallDriver -> \Device\0000008e[0x875d5f18]
15:32:34.625 5 ACPI.sys[f7555620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x875c9940]
15:32:34.953 AVAST engine scan C:\WINDOWS
15:32:53.515 AVAST engine scan C:\WINDOWS\system32
15:33:41.390 File: C:\WINDOWS\system32\Iasv32(2).dll **INFECTED** Win32:Sirefef-UQ [Trj]
15:37:01.953 AVAST engine scan C:\WINDOWS\system32\drivers
15:37:18.578 AVAST engine scan C:\Documents and Settings\dolsen
15:41:06.140 AVAST engine scan C:\Documents and Settings\All Users
15:46:19.921 Scan finished successfully
15:48:54.390 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
15:48:54.421 The log file has been saved successfully to "F:\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

********************************************

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Here are the logs:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 2 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.664000 GHz
Memory total: 1063305216, free: 574533632
------------ Kernel report ------------
12/09/2012 16:45:13
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\libusb0.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\??\C:\Program Files\Symantec AntiVirus\savrt.sys
\??\C:\Program Files\Symantec\SYMEVENT.SYS
\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100823.002\navex15.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100823.002\naveng.sys
\SystemRoot\System32\Drivers\oz776.sys
\SystemRoot\System32\Drivers\SMCLIB.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\sbtis.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\Ip6Fw.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\DOCUME~1\dolsen\LOCALS~1\Temp\aswMBR.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR5
Upper Device Object: 0xffffffff8688f748
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a9\
Lower Device Object: 0xffffffff86cd2c90
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff874e5ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff875c9940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.09.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff874e5ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff875c7930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff874e5ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff875d5f18, DeviceName: \Device\0000008e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff875c9940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1155528, 0xffffffff874e5ab8, 0xffffffff87187ab8
Lower DeviceData: 0xffffffffe973a570, 0xffffffff875c9940, 0xffffffff85c142a0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
File kernel read failed: C:\WINDOWS\system32\drivers\ialmnt5.sys
File kernel read failed: C:\WINDOWS\system32\drivers\nv4_mini.sys
File kernel read failed: C:\WINDOWS\system32\drivers\sthda.sys
File kernel read failed: C:\WINDOWS\system32\drivers\gm.dls
File kernel read failed: C:\WINDOWS\system32\drivers\lvuvc.sys
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 112392
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 112455 Numsec = 156167865
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 80026361856 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8688f748, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85c0f180, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8688f748, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86896ed0, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
DevicePointer: 0xffffffff86cd2c90, DeviceName: \Device\000000a9\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe21d55c0, 0xffffffff8688f748, 0xffffffff86e83040
Lower DeviceData: 0xffffffffe9566bd0, 0xffffffff86cd2c90, 0xffffffff85c1c040
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C2ABDD84
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4103937024 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Infected: C:\WINDOWS\$NtUninstallKB24815$\3417484125 --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB24815$\3417484125\L(2) --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB24815$\3417484125\U(2) --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB24815$\4074954809 --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================


Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.09.05
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
dolsen :: TEST1 [administrator]
12/9/2012 5:02:14 PM
mbar-log-2012-12-09 (17-02-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27216
Time elapsed: 14 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\WINDOWS\$NtUninstallKB24815$\3417484125 (Backdoor.0Access) -> Delete on reboot.
C:\WINDOWS\$NtUninstallKB24815$\3417484125\L(2) (Backdoor.0Access) -> Delete on reboot.
C:\WINDOWS\$NtUninstallKB24815$\3417484125\U(2) (Backdoor.0Access) -> Delete on reboot.
C:\WINDOWS\$NtUninstallKB24815$\4074954809 (Backdoor.0Access) -> Delete on reboot.
Files Detected: 0
(No malicious items detected)
(end)
 
Here is the latest:

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.09.05
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
dolsen :: TEST1 [administrator]
12/9/2012 6:17:24 PM
mbar-log-2012-12-09 (18-17-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27211
Time elapsed: 14 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
An update on the machine behavior.
When I try to open internet explorer it opens for about 15 seconds and then closes automatically before it goes to the home page.

Also,when I open Outlook, I get an Internet Explorer Script Error that says:
line: 298
char: 1
code: 0
URL: outlook today
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
The combofix log

ComboFix 12-12-07.01 - dolsen 12/09/2012 19:14:38.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.649 [GMT -5:00]
Running from: c:\documents and settings\dolsen\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))
.
.
2012-12-09 21:45 . 2012-12-09 21:45 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-09 13:19 . 2012-12-09 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-12-08 19:36 . 2012-12-09 18:46 -------- d-----w- c:\documents and settings\dolsen\Application Data\DefaultTab
2012-12-08 19:35 . 2012-12-09 13:19 -------- d-----w- c:\documents and settings\dolsen\Application Data\Cartwheel
2012-12-08 19:35 . 2012-12-09 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2012-12-05 19:49 . 2012-12-09 13:19 -------- d-----w- c:\program files\Common Files\eDrawings2013
2012-12-05 11:41 . 2012-12-09 13:19 -------- d-----w- c:\documents and settings\dolsen\Application Data\Paltalk
2012-12-02 18:45 . 2012-12-02 18:45 -------- d-----w- c:\documents and settings\dolsen\Application Data\FreePriceAlerts
2012-12-02 18:40 . 2012-12-02 18:40 -------- d-----w- c:\program files\Common Files\xing shared
2012-12-02 18:39 . 2012-12-03 04:16 -------- d-----w- c:\program files\FreePriceAlerts
2012-12-02 18:39 . 2012-12-02 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 16:59 . 2012-11-09 16:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 16:59 . 2012-11-09 16:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 00:54 . 2010-12-23 20:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-14 16:55 . 2010-06-14 16:55 368128 ----a-w- c:\program files\EModelViewer.exe
2010-06-14 16:55 . 2010-06-14 16:55 97280 ----a-w- c:\program files\EModelEx
2010-06-14 16:55 . 2010-06-14 16:55 27648 ----a-w- c:\program files\edrwthumbnailprovider.dll
2010-06-14 16:54 . 2010-06-14 16:54 1149952 ----a-w- c:\program files\eDrawingOfficeAutomator.exe
2010-06-14 16:53 . 2010-06-14 16:53 835584 ----a-w- c:\program files\EModelSWDisplayLists.dll
2010-06-14 16:52 . 2010-06-14 16:52 91136 ----a-w- c:\program files\EModelExport.dll
2010-06-14 16:52 . 2010-06-14 16:52 143360 ----a-w- c:\program files\EModelMDReader.dll
2010-06-14 16:52 . 2010-06-14 16:52 8760832 ----a-w- c:\program files\EModelXlator.dll
2010-06-14 16:51 . 2010-06-14 16:51 72192 ----a-w- c:\program files\EModelEventLog.dll
2010-06-14 16:49 . 2010-06-14 16:49 868352 ----a-w- c:\program files\EModelReviewer.dll
2010-06-14 16:46 . 2010-06-14 16:46 4797952 ----a-w- c:\program files\EModelView.dll
2010-06-14 16:38 . 2010-06-14 16:38 61440 ----a-w- c:\program files\EModelUtilsVista.dll
2010-06-14 16:38 . 2010-06-14 16:38 216576 ----a-w- c:\program files\EModelUtils.dll
2010-06-14 16:38 . 2010-06-14 16:38 3385344 ----a-w- c:\program files\EModelAddIn_libFNP.dll
2010-06-14 16:38 . 2010-06-14 16:38 2938383 ----a-w- c:\program files\EModelAddIn.dll
2010-06-14 16:37 . 2010-06-14 16:37 53248 ----a-w- c:\program files\eDrawingsGraphicsCardClient.dll
2010-06-14 16:37 . 2010-06-14 16:37 4483584 ----a-w- c:\program files\HoopsManager.dll
2010-06-14 15:52 . 2010-06-14 15:52 299288 ----a-w- c:\program files\solidworkslicenseservice.dll
2010-06-14 15:52 . 2010-06-14 15:52 263464 ----a-w- c:\program files\swlicservinst.exe
2010-06-14 15:50 . 2010-06-14 15:50 17920 ----a-w- c:\program files\IMPLODE.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542}]
2012-10-17 21:18 231432 ----a-w- c:\documents and settings\dolsen\Application Data\Cartwheel\Cartwheel.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\documents and settings\dolsen\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2012-12-04 1342312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-179605362-725345543-1608\Scripts\Logon\0\0]
"Script"=defaultLogon.vbs
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=c:\windows\pss\Forget Me Not.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dolsen^Start Menu^Programs^Startup^Epson Home Theater Registration.lnk]
path=c:\documents and settings\dolsen\Start Menu\Programs\Startup\Epson Home Theater Registration.lnk
backup=c:\windows\pss\Epson Home Theater Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dolsen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\dolsen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-19 16:36 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-06-19 23:04 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2011-04-25 21:52 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 17:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-11-22 22:35 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2004-02-29 22:44 66680 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 02:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\aol\1285799699\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-13 21:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 21:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 21:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 18:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 00:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-03 18:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-02 18:40 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0350Mon.exe]
2007-06-04 17:02 32768 ----a-r- c:\windows\V0350Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2004-03-12 21:18 124128 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINZIPDUDriverUpdater]
2011-11-10 15:02 1825608 ----a-w- c:\program files\WinZip Driver Updater\winzipdu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\aol\\1285799699\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [5/6/2012 6:57 PM 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [5/6/2012 6:57 PM 212568]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 4:18 PM 169192]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [7/24/2011 8:39 PM 33792]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [5/6/2012 6:57 PM 69208]
S0 mtjjs;mtjjs;c:\windows\system32\drivers\mvoxailg.sys --> c:\windows\system32\drivers\mvoxailg.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\drivers\icd2w2k.sys [3/22/2004 3:43 AM 12427]
S2 MCUSBPM3;Microchip MPLAB PM3 Firmware Client Driver (PM3W2K.SYS);c:\windows\system32\drivers\PM3w2k.sys [3/22/2004 1:45 AM 12447]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/9/2012 4:45 PM 35144]
S3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.SYS [11/23/2010 4:25 PM 12160]
S3 nicsrkw;nicsrkw;c:\windows\system32\DRIVERS\nicsrkw.sys --> c:\windows\system32\DRIVERS\nicsrkw.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [5/6/2012 6:57 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [5/6/2012 6:57 PM 94040]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [3/31/2010 7:08 AM 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [3/31/2010 7:08 AM 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [3/31/2010 7:08 AM 170368]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 14:10]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 14:10]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1608Core.job
- c:\documents and settings\dolsen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 23:24]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1608UA.job
- c:\documents and settings\dolsen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 23:24]
.
2012-12-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-179605362-725345543-1608.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-179605362-725345543-1608.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 19:42
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-09 19:48:04
ComboFix-quarantined-files.txt 2012-12-10 00:47
ComboFix2.txt 2012-12-09 18:08
ComboFix3.txt 2012-12-09 16:59
ComboFix4.txt 2012-06-03 20:32
ComboFix5.txt 2012-12-09 23:52
.
Pre-Run: 40,376,430,592 bytes free
Post-Run: 40,451,854,336 bytes free
.
- - End Of File - - 776FA711BB0E4A543D9DD6F1E706A301
 
Looks good.

Any current issues?

=======================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Still having similar issues.
Internet explorer opens and then closes after about 10 seconds before it has a chance to open the home page.
Still getting Internet Explorer Script error when I open Outlook and outlook isnt sending or receiving messages
Shortcuts dont seem to work either.
Did try using AOL to make sure internet connection is working and it seems to work ok.

OTL only generated 1 log.

Here are the other logs:
# AdwCleaner v2.100 - Logfile created 12/09/2012 at 23:01:55
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : dolsen - TEST1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\dolsen\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\do\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\do\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\dolsen\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\dolsen\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\dolsen\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Viewpoint
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v16.0.912.63
File : C:\Documents and Settings\dolsen\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [3414 octets] - [09/12/2012 23:01:55]
########## EOF - C:\AdwCleaner[S1].txt - [3474 octets] ##########

OTL logfile created on: 12/9/2012 11:14:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\dolsen\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 580.92 Mb Available Physical Memory | 57.29% Memory free
2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.38% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 37.72 Gb Free Space | 50.65% Space Free | Partition Type: NTFS

Computer Name: TEST1 | User Name: dolsen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\dolsen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AOL Desktop 9.6\waol.exe (AOL Inc.)
PRC - C:\Program Files\AOL Desktop 9.6\shellmon.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\aol\1285799699\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Program Files\AOL Desktop 9.6\zlib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()


========== Services (SafeList) ==========

SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe File not found
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (nicsrkw) -- system32\DRIVERS\nicsrkw.sys File not found
DRV - (mtjjs) -- System32\drivers\mvoxailg.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\dolsen\LOCALS~1\Temp\catchme.sys File not found
DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCLMP) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100823.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100823.002\NAVENG.SYS (Symantec Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (VF0350Afx) -- C:\WINDOWS\system32\drivers\V0350Afx.sys (Creative Technology Ltd.)
DRV - (VF0350Vid) -- C:\WINDOWS\system32\drivers\V0350Vid.sys (Creative Technology Ltd.)
DRV - (NCBULK) -- C:\WINDOWS\system32\drivers\RealICEBulk.SYS (PLX Technology, Inc. (visit www.PlxTech.com))
DRV - (VF0350Vfx) -- C:\WINDOWS\system32\drivers\V0350Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (MCUSBICD2) -- C:\WINDOWS\system32\drivers\icd2w2k.sys (Microchip Technology, Inc.)
DRV - (MCUSBPM3) -- C:\WINDOWS\system32\drivers\PM3w2k.sys (Microchip Technology, Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070424
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070424
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/right-now/USMA0273
IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7DMUS_enUS221
IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\SearchScopes\{B463F17E-B2C5-478F-B26C-43F94F4A5594}: "URL" = http://www.mysearchresults.com/search?&c=2649&t=03&q={searchTerms}
IE - HKU\S-1-5-21-1390067357-179605362-725345543-1608\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\dolsen\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\dolsen\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/02 13:40:44 | 000,000,000 | ---D | M]

[2010/09/30 07:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dolsen\Application Data\Mozilla\Extensions
[2010/09/30 07:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dolsen\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/07/19 13:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dolsen\Application Data\Mozilla\Firefox\extensions
[2012/07/19 13:00:22 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\dolsen\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Documents and Settings\dolsen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\dolsen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\dolsen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/12/09 10:20:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Cartwheel) - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Documents and Settings\dolsen\Application Data\Cartwheel\Cartwheel.dll (Cartwheel, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1390067357-179605362-725345543-1608..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178310621687 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aspenthermal.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B39CB8-08E9-402D-AABB-D369E8FDC8C8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{528D6902-83EA-4BF9-BE9E-6330E3C55526}: DhcpNameServer = 192.168.2.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}: DhcpNameServer = 192.168.2.12 192.168.2.11
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/09 23:01:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dolsen\Desktop\OTL.exe
[2012/12/09 18:49:58 | 005,010,414 | R--- | C] (Swearware) -- C:\Documents and Settings\dolsen\Desktop\ComboFix.exe
[2012/12/09 16:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dolsen\Desktop\mbar-1.01.0.1011
[2012/12/09 15:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dolsen\Desktop\RK_Quarantine
[2012/12/09 15:06:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\dolsen\Desktop\aswMBR.exe
[2012/12/09 13:29:10 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\dolsen\Desktop\dds.com
[2012/12/09 08:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/12/09 08:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SolidWorks 2013
[2012/12/08 14:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dolsen\Application Data\Cartwheel
[2012/12/08 14:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/12/05 14:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eDrawings2013
[2012/12/05 06:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dolsen\Application Data\Paltalk
[2012/12/02 13:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dolsen\Application Data\FreePriceAlerts
[2012/12/02 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/12/02 13:40:24 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/02 13:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/12/02 13:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\FreePriceAlerts
[2012/11/30 18:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dolsen\Desktop\Desktop 113012
[2010/06/14 11:55:40 | 000,368,128 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelViewer.exe
[2010/06/14 11:55:14 | 000,097,280 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelEx
[2010/06/14 11:55:12 | 000,027,648 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\edrwthumbnailprovider.dll
[2010/06/14 11:54:20 | 001,149,952 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\eDrawingOfficeAutomator.exe
[2010/06/14 11:53:54 | 000,835,584 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelSWDisplayLists.dll
[2010/06/14 11:52:50 | 000,091,136 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelExport.dll
[2010/06/14 11:52:28 | 000,143,360 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelMDReader.dll
[2010/06/14 11:52:08 | 008,760,832 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelXlator.dll
[2010/06/14 11:51:16 | 000,072,192 | ---- | C] (Solidworks) -- C:\Program Files\EModelEventLog.dll
[2010/06/14 11:49:52 | 000,868,352 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelReviewer.dll
[2010/06/14 11:46:36 | 004,797,952 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelView.dll
[2010/06/14 11:38:48 | 000,061,440 | ---- | C] (Solidworks) -- C:\Program Files\EModelUtilsVista.dll
[2010/06/14 11:38:38 | 000,216,576 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\EModelUtils.dll
[2010/06/14 11:38:06 | 003,385,344 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\EModelAddIn_libFNP.dll
[2010/06/14 11:38:04 | 002,938,383 | ---- | C] (Solidworks) -- C:\Program Files\EModelAddIn.dll
[2010/06/14 11:37:50 | 000,053,248 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\eDrawingsGraphicsCardClient.dll
[2010/06/14 11:37:42 | 004,483,584 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\HoopsManager.dll
[2010/06/14 10:52:34 | 000,299,288 | ---- | C] (SolidWorks) -- C:\Program Files\solidworkslicenseservice.dll
[2010/06/14 10:52:34 | 000,263,464 | ---- | C] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\swlicservinst.exe

========== Files - Modified Within 30 Days ==========

[2012/12/09 23:10:26 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-179605362-725345543-1608.job
[2012/12/09 23:10:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 23:09:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/09 23:09:34 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/09 23:01:13 | 000,068,523 | ---- | M] () -- C:\VETlog.dmp
[2012/12/09 22:56:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1608UA.job
[2012/12/09 22:52:41 | 166,609,920 | ---- | M] () -- C:\archive.pst
[2012/12/09 22:48:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dolsen\Desktop\OTL.exe
[2012/12/09 22:46:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/09 22:36:48 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\Shortcut to aol.exe.lnk
[2012/12/09 18:44:20 | 005,010,414 | R--- | M] (Swearware) -- C:\Documents and Settings\dolsen\Desktop\ComboFix.exe
[2012/12/09 16:37:38 | 013,485,902 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\mbar-1.01.0.1011.zip
[2012/12/09 14:57:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\dolsen\Desktop\aswMBR.exe
[2012/12/09 14:56:06 | 000,753,664 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\RogueKiller.exe
[2012/12/09 13:42:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-179605362-725345543-1608.job
[2012/12/09 11:25:38 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\dolsen\Desktop\dds.com
[2012/12/09 10:20:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/09 08:13:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/12/09 00:56:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1608Core.job
[2012/12/05 20:07:40 | 000,411,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/05 14:58:00 | 000,146,661 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\Low Cost Drive Assy 11_21_12.easm
[2012/12/05 14:50:12 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks eDrawings 2013.lnk
[2012/12/05 14:48:55 | 035,863,560 | ---- | M] (Dassault Systèmes SolidWorks Corp. ) -- C:\Documents and Settings\dolsen\Desktop\eDrawingsEnglish.exe
[2012/12/05 08:46:44 | 000,006,544 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\Test Data.pdf
[2012/12/05 06:41:20 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\dolsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2012/12/05 06:41:19 | 000,001,212 | ---- | M] () -- C:\Documents and Settings\dolsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2012/12/02 21:33:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/12/02 21:33:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/12/02 13:40:59 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/12/02 13:40:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/11/30 18:40:07 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\Shortcut to AspenCompressorRemote.lnk
[2012/11/30 18:34:38 | 000,001,178 | -H-- | M] () -- C:\Documents and Settings\dolsen\My Documents\Default.rdp
[2012/11/30 18:31:48 | 000,001,178 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\Aspen Remote.RDP
[2012/11/24 17:41:24 | 000,149,389 | ---- | M] () -- C:\Documents and Settings\dolsen\Desktop\F6 Green.pdf

========== Files Created - No Company Name ==========

[2012/12/09 22:36:48 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\Shortcut to aol.exe.lnk
[2012/12/09 16:43:13 | 013,485,902 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\mbar-1.01.0.1011.zip
[2012/12/09 15:06:50 | 000,753,664 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\RogueKiller.exe
[2012/12/05 14:57:59 | 000,146,661 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\Low Cost Drive Assy 11_21_12.easm
[2012/12/05 14:50:12 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks eDrawings 2013.lnk
[2012/12/05 09:05:47 | 000,519,699 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\XX00072 (Rev D) repairedSuctionCollar.dwg
[2012/12/05 09:04:42 | 000,260,450 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\XX00072 (Rev D) SuctionCollar.dwg
[2012/12/05 08:46:44 | 000,006,544 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\Test Data.pdf
[2012/12/05 06:41:20 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\dolsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2012/12/05 06:41:19 | 000,001,212 | ---- | C] () -- C:\Documents and Settings\dolsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2012/12/02 13:41:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-179605362-725345543-1608.job
[2012/12/02 13:41:44 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-179605362-725345543-1608.job
[2012/12/02 13:40:59 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/11/30 18:40:07 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\Shortcut to AspenCompressorRemote.lnk
[2012/11/30 18:31:48 | 000,001,178 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\Aspen Remote.RDP
[2012/11/24 17:41:24 | 000,149,389 | ---- | C] () -- C:\Documents and Settings\dolsen\Desktop\F6 Green.pdf
[2012/06/03 14:37:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/03 14:37:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/03 14:37:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/03 14:37:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/03 14:37:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/23 18:32:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Iasv32(2).dll
[2012/04/23 17:23:54 | 000,105,324 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/04/23 17:23:54 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/03/03 14:00:54 | 000,238,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/25 17:32:56 | 000,000,027 | ---- | C] () -- C:\WINDOWS\PHC705HD.ini
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/24 20:39:00 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/07/15 06:29:26 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\dolsen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 11:53:02 | 001,785,416 | ---- | C] () -- C:\Program Files\GraphicsCardInfo.xml
[2010/06/14 11:37:52 | 000,002,796 | ---- | C] () -- C:\Program Files\eDrawingsGraphicsCardClient.tlb
[2010/06/14 10:55:10 | 000,004,072 | ---- | C] () -- C:\Program Files\emodelviewer.exe.config
[2010/06/14 10:54:46 | 000,161,412 | ---- | C] () -- C:\Program Files\GTOL.SYM
[2010/06/14 10:50:52 | 000,017,920 | ---- | C] () -- C:\Program Files\IMPLODE.DLL
[2010/03/17 08:46:21 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\dolsen\Local Settings\Application Data\fusioncache.dat
[2007/06/07 14:33:46 | 000,003,484 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007/04/24 09:38:35 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/01/04 08:37:03 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004/08/04 05:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/11 16:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2010/07/17 11:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/04/04 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D55EDB00052BCF000071D92830AC72
[2010/10/04 09:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2012/12/09 08:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/03/03 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/04/24 09:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/06/03 20:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/06 19:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Ad-Aware Antivirus
[2010/11/23 16:24:59 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\do\Application Data\Microchip
[2011/08/14 07:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\.minecraft
[2011/11/11 16:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\Armagetron
[2010/04/12 13:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\Autodesk
[2010/11/22 11:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\Canon
[2012/12/09 08:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\Cartwheel
[2010/09/23 10:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\EDrawings
[2010/06/18 11:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\Eltima Software
[2010/07/15 07:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\FinalMediaPlayer
[2012/12/02 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\FreePriceAlerts
[2011/01/21 18:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\Leadertech
[2010/12/10 12:42:35 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\dolsen\Application Data\Microchip
[2012/12/09 08:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\Paltalk
[2012/03/03 12:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\TaxCut
[2012/07/19 13:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dolsen\Application Data\WinZip
[2012/05/06 19:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Ad-Aware Antivirus
[2012/05/25 07:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Viewpoint
[2012/05/06 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012/05/06 19:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nateit\Application Data\Ad-Aware Antivirus
[2012/05/06 19:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Ad-Aware Antivirus
[2007/05/09 14:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WaveRxClinical\Application Data\Leadertech
[2007/05/23 14:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WaveRxClinical\Application Data\TextPad

========== Purity Check ==========


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (nicsrkw) -- system32\DRIVERS\nicsrkw.sys File not found
DRV - (mtjjs) -- System32\drivers\mvoxailg.sys File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1390067357-179605362-725345543-1608\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=================================

Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
Make sure you follow ALL steps listed there.
See if IE will work better afterwards.

==================================

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Still no luck with internet explorer
Still getting internet explorer script error when opening outlook

Here are the logs:
All processes killed
========== OTL ==========
Service SBRE stopped successfully!
Service SBRE deleted successfully!
File C:\WINDOWS\system32\drivers\SBREdrv.sys File not found not found.
Service nicsrkw stopped successfully!
Service nicsrkw deleted successfully!
File system32\DRIVERS\nicsrkw.sys File not found not found.
Service mtjjs stopped successfully!
Service mtjjs deleted successfully!
File System32\drivers\mvoxailg.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1390067357-179605362-725345543-1608\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Registry value HKEY_USERS\S-1-5-21-1390067357-179605362-725345543-1608\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-179605362-725345543-1608\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1390067357-179605362-725345543-1608\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: do
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 820 bytes

User: dolsen
->Temp folder emptied: 1517 bytes
->Temporary Internet Files folder emptied: 8804465 bytes
->Java cache emptied: 1457303 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6393 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1200 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: nateit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: WaveRxClinical
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 8667194 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: do

User: dolsen
->Java cache emptied: 0 bytes

User: Guest

User: LocalService

User: nateit

User: NetworkService
->Java cache emptied: 0 bytes

User: TEMP

User: WaveRxClinical

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 0 bytes

User: Default User

User: do
->Flash cache emptied: 0 bytes

User: dolsen
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: nateit

User: NetworkService
->Flash cache emptied: 0 bytes

User: TEMP

User: WaveRxClinical

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12102012_002605
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
Java(TM) 6 Update 30
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus SavRoam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Sorry for the delayed response.
Here are the other logs

Farbar Service Scanner Version: 10-12-2012 Ran by dolsen (administrator) on 11-12-2012 at 08:05:40 Running from "C:\Documents and Settings\dolsen\Desktop" Microsoft Windows XP Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Attempt to access Google.com returned error: Google.com is offline Attempt to access Yahoo IP returned error. Yahoo IP is offline Attempt to access Yahoo.com returned error: Yahoo.com is offline Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2004-08-11 17:00] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys [2012-05-17 06:31] - [2004-08-04 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B C:\WINDOWS\system32\Drivers\tcpip.sys [2004-08-11 17:00] - [2004-08-04 05:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C C:\WINDOWS\system32\Drivers\ipsec.sys [2004-08-11 17:00] - [2004-08-04 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\system32\dnsrslvr.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D C:\WINDOWS\system32\ipnathlp.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF C:\WINDOWS\system32\netman.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565 C:\WINDOWS\system32\wbem\WMIsvc.dll [2004-08-11 17:11] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E C:\WINDOWS\system32\srsvc.dll [2004-08-11 17:12] - [2004-08-04 05:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838 C:\WINDOWS\system32\Drivers\sr.sys [2004-08-11 17:12] - [2004-08-04 05:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24 C:\WINDOWS\system32\wscsvc.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A C:\WINDOWS\system32\wbem\WMIsvc.dll [2004-08-11 17:11] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E C:\WINDOWS\system32\wuauserv.dll [2004-08-11 17:12] - [2004-08-04 05:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8 C:\WINDOWS\system32\qmgr.dll [2004-08-11 17:12] - [2004-08-04 05:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA C:\WINDOWS\system32\es.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63 C:\WINDOWS\system32\cryptsvc.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B C:\WINDOWS\system32\svchost.exe [2004-08-11 17:00] - [2004-08-04 05:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716 C:\WINDOWS\system32\rpcss.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680 C:\WINDOWS\system32\services.exe [2004-08-11 17:00] - [2004-08-04 05:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4 Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) SbFw(9) SBFWIMCLMP(10) SbTis(11) SYMTDI(8) Tcpip(3) Tcpip6(12) 0x0C00000004000000010000000200000003000000080000000900000006000000070000000B0000000A000000050000000C000000 IpSec Tag value is correct. **** End of log


**** C:\Qoobox\Quarantine\C\WINDOWS\system32\usbniw32.dll.vir a variant of Win32/Wimpixo.AV trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Win32/Sirefef.DA trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP295\A0202757.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP296\A0203006.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined C:\WINDOWS\system32\Iasv32(2).dll a variant of Win32/Wimpixo.AU trojan cleaned by deleting - quarantined
 
We have some issue with Security Center but let's take care of some other issues.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

===========================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

========================

Make sure your Windows updates are current.
For instance you don't have Service Pack 3 installed.

When dome with updating post new FSS log.
 
Adobe would not install all the way.
Received an error that read "cannot contact reliable source"

Java would also not update.
Received an error that read " windows installer services could not be accessed. This can occur if the windows installer is not correctly installed"

Here is the latest FSS log:

Farbar Service Scanner Version: 10-12-2012 Ran by dolsen (administrator) on 11-12-2012 at 17:22:22 Running from "C:\Documents and Settings\dolsen\Desktop" Microsoft Windows XP Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Attempt to access Google.com returned error: Google.com is offline Attempt to access Yahoo IP returned error. Yahoo IP is offline Attempt to access Yahoo.com returned error: Yahoo.com is offline Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2004-08-11 17:00] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys [2012-05-17 06:31] - [2004-08-04 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B C:\WINDOWS\system32\Drivers\tcpip.sys [2004-08-11 17:00] - [2004-08-04 05:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C C:\WINDOWS\system32\Drivers\ipsec.sys [2004-08-11 17:00] - [2004-08-04 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\system32\dnsrslvr.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D C:\WINDOWS\system32\ipnathlp.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF C:\WINDOWS\system32\netman.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565 C:\WINDOWS\system32\wbem\WMIsvc.dll [2004-08-11 17:11] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E C:\WINDOWS\system32\srsvc.dll [2004-08-11 17:12] - [2004-08-04 05:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838 C:\WINDOWS\system32\Drivers\sr.sys [2004-08-11 17:12] - [2004-08-04 05:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24 C:\WINDOWS\system32\wscsvc.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A C:\WINDOWS\system32\wbem\WMIsvc.dll [2004-08-11 17:11] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E C:\WINDOWS\system32\wuauserv.dll [2004-08-11 17:12] - [2004-08-04 05:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8 C:\WINDOWS\system32\qmgr.dll [2004-08-11 17:12] - [2004-08-04 05:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA C:\WINDOWS\system32\es.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63 C:\WINDOWS\system32\cryptsvc.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B C:\WINDOWS\system32\svchost.exe [2004-08-11 17:00] - [2004-08-04 05:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716 C:\WINDOWS\system32\rpcss.dll [2004-08-11 17:00] - [2004-08-04 05:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680 C:\WINDOWS\system32\services.exe [2004-08-11 17:00] - [2004-08-04 05:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4 Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) SbFw(9) SBFWIMCLMP(10) SbTis(11) SYMTDI(8) Tcpip(3) Tcpip6(12) 0x0C00000004000000010000000200000003000000080000000900000006000000070000000B0000000A000000050000000C000000 IpSec Tag value is correct. **** End of log ****
 
Also, forgot to mention.
When I go to update windows it hangs at "Checking your internet connection"

Much thanks for all your help with this!
 
Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif



Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif



Go to Start Repairs tab and click Start button.

p22001166.gif



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif


Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.
 
Things are looking up.
Internet Explorer is now working.

Many shortcuts don't work but can be opened by right clicking and then pressing open.
Outlook is still giving internet explorer script error and not sending or receiving.

Here is the latest log file:

Farbar Service Scanner Version: 10-12-2012
Ran by dolsen (administrator) on 11-12-2012 at 22:19:16
Running from "C:\Documents and Settings\dolsen\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-11 17:00] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2012-05-17 06:31] - [2004-08-04 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-11 17:00] - [2004-08-04 05:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-11 17:00] - [2004-08-04 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-11 17:00] - [2004-08-04 05:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-11 17:00] - [2004-08-04 05:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF
C:\WINDOWS\system32\netman.dll
[2004-08-11 17:00] - [2004-08-04 05:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-11 17:11] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\srsvc.dll
[2004-08-11 17:12] - [2004-08-04 05:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838
C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-11 17:12] - [2004-08-04 05:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24
C:\WINDOWS\system32\wscsvc.dll
[2004-08-11 17:00] - [2004-08-04 05:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-11 17:11] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\wuauserv.dll
[2004-08-11 17:12] - [2004-08-04 05:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8
C:\WINDOWS\system32\qmgr.dll
[2004-08-11 17:12] - [2004-08-04 05:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA
C:\WINDOWS\system32\es.dll
[2004-08-11 17:00] - [2004-08-04 05:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63
C:\WINDOWS\system32\cryptsvc.dll
[2004-08-11 17:00] - [2004-08-04 05:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B
C:\WINDOWS\system32\svchost.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\rpcss.dll
[2004-08-11 17:00] - [2004-08-04 05:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680
C:\WINDOWS\system32\services.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SbFw(9) SBFWIMCLMP(10) SbTis(11) SYMTDI(8) Tcpip(3) Tcpip6(12)
0x0C00000004000000010000000200000003000000080000000900000006000000070000000B0000000A000000050000000C000000
IpSec Tag value is correct.
**** End of log ****
 
Also, forgot to mention, I keep getting a prompt for installing Viewpoint Media PLayer.
Seems to be related to open AOL.
I have been responding no.
Any thoughts?
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
795
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back