[Resolved] Dell Insperion 530S, not working properly after virus removal

[bdunn0]

Ran MBAM to remove viruses. Computer still not operating properly.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.17.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Denise :: AARONS-PC [administrator]

6/17/2012 9:27:40 AM
mbam-log-2012-06-17 (09-27-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245490
Time elapsed: 30 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\hh52516.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Detected: 14
HKCR\CLSID\{C27AE7F1-2719-3F0C-B71B-18EE9CEF0D8C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\D.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\D (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C27AE7F1-2719-3F0C-B71B-18EE9CEF0D8C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\{C27AE7F1-2719-3F0C-B71B-18EE9CEF0D8C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C27AE7F1-2719-3F0C-B71B-18EE9CEF0D8C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C27AE7F1-2719-3F0C-B71B-18EE9CEF0D8C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{10F70095-3F7D-3B69-80D6-5C47FC260BC4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{6CC06D02-0679-3FC2-A701-7D8E60624874} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{5123CCA0-B3E7-3449-B275-F72C904C7A4D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5123CCA0-B3E7-3449-B275-F72C904C7A4D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5123CCA0-B3E7-3449-B275-F72C904C7A4D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{9CBF6174-6634-3079-8049-CDAA9ECC3316} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{A89658CF-AE75-340E-90EA-7A4B66FA9C01} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 46
C:\Windows\System32\hh52516.dll (Trojan.BHO) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Windows\System32\pu61003.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\msimg32.dll (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache4276.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache46530.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache47643.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache47819.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache48324.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache49883.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache5416.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache55435.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache25465.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache25944.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache27211.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache2852.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache29085.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache31086.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache10927.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache14538.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache14953.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache56965.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache60493.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache36865.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache40330.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache41460.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache42334.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache17702.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache1813.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache2169.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache21701.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache23400.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache42564.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache55966.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\B085.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\B90E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\C327.tmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\DE46.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\E02A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\err.log871889 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aaron's\AppData\Local\Temp\Low\jar_cache8268.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\n (Spyware.Password) -> Delete on reboot.
C:\Windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

[bdunn0]

ran CCleaner, Uninstalled expired McAfee software, Installed Microsoft Security Essentials, ran Windows Updade.

[Bear]

Hi bdunn0

Please read the instructions at http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 and post a DDS report so that we can help you.  Also best not to try anything else to fix your PC until one of us can look at your DDS post.
Thanks

[bdunn0]

Thanks for your help.

Here are the files that you requested:

DDS.TXT
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Denise at 17:36:49 on 2012-06-17
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\dlbacoms.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Denise\Desktop\dds.com
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://mystart.smilebox.com?a=6OyvU0GhP6
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090115
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll
mURLSearchHooks: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [CommunityTray] "c:\program files\vtech\community\system\Startup.exe"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{489E9936-2117-4680-AD68-95C627915A5D} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{7CA0A4D8-A6D4-4131-A13E-5503D989F2FF} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\denise\appdata\roaming\mozilla\firefox\profiles\m04f1ww0.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.smilebox.com?a=6OyvU0GhP6
FF - prefs.js: keyword.URL - hxxp://mystart.smilebox.com/?loc=SB_FF_AB&a=6OyvU0GhP6&search=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AERTFilters;Andrea RT Filters Service
S? dlba_device;dlba_device
S? DockLoginService;Dock Login Service
S? ElRawDisk;ElRawDisk
S? FontCache;Windows Font Cache Service
S? ioloFileInfoList;iolo FileInfoList Service
S? ioloSystemService;iolo System Service
S? MpFilter;Microsoft Malware Protection Driver
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-06-17 22:01:55   --------   d-----w-   c:\users\denise\appdata\roaming\Auslogics
2012-06-17 22:01:49   --------   d-----w-   c:\program files\Auslogics
2012-06-17 20:40:02   56200   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{b160f8a4-d526-40af-a25f-5b0150a02878}\offreg.dll
2012-06-17 19:20:07   --------   d-----w-   c:\program files\Microsoft ATS
2012-06-17 19:18:59   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-06-17 19:18:59   --------   d-----w-   c:\users\denise\appdata\local\ElevatedDiagnostics
2012-06-17 17:21:20   713784   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{0d4ddc5f-1b69-404b-b63d-e4551bb1bd02}\gapaengine.dll
2012-06-17 17:20:53   6737808   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{b160f8a4-d526-40af-a25f-5b0150a02878}\mpengine.dll
2012-06-17 17:16:06   --------   d-----w-   c:\program files\Microsoft Security Client
2012-06-17 17:15:09   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-06-17 16:50:06   --------   d-----w-   c:\users\denise\appdata\local\Stardock_Corporation
2012-06-17 16:28:09   --------   d-----w-   c:\program files\VS Revo Group
2012-06-17 14:26:41   --------   d-----w-   c:\users\denise\appdata\roaming\Malwarebytes
2012-06-17 14:26:29   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-17 14:26:29   --------   d-----w-   c:\programdata\Malwarebytes
2012-06-17 14:26:28   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-06-17 14:26:15   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-17 14:26:15   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-17 14:26:15   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-17 14:26:06   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-06-17 14:25:22   2045440   ----a-w-   c:\windows\system32\win32k.sys
2012-06-17 14:23:03   --------   d-----w-   c:\program files\CCleaner
2012-06-05 12:18:33   --------   d-----w-   c:\users\denise\appdata\local\{CD173CE8-C27B-4AA1-BBD4-2CFE7B217783}
2012-06-03 06:43:47   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2012-06-03 04:16:14   --------   d-----w-   c:\program files\Hidden Expedition - Amazon
2012-06-03 03:47:33   --------   d-----w-   c:\program files\Mystery Case Files - Ravenhearst
2012-06-03 03:47:15   --------   d-----w-   c:\program files\bfgclient
2012-06-03 03:46:41   --------   d-----w-   C:\BigFishGamesCache
2012-06-01 02:58:37   --------   d-----w-   c:\users\denise\appdata\local\{F97FD8DC-E1DC-4EFB-B24C-50EC5A8C248C}
2012-05-24 04:18:46   --------   d-----w-   c:\users\denise\appdata\local\{9DC0D148-2E23-4A2D-B405-340271A5EEDE}
2012-05-24 04:12:39   --------   d-----w-   c:\users\denise\appdata\local\{B6E858CF-B645-4F6A-BA78-09B12798F6B9}
.
==================== Find3M  ====================
.
2012-05-17 22:45:37   1800192   ----a-w-   c:\windows\system32\jscript9.dll
2012-05-17 22:35:47   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-05-17 22:35:39   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-04-03 08:16:12   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11   914304   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 01:44:12   74112   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12   171064   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28:50   53120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 17:40:58.27 ===============

ATTACH.TXT
.
==== Installed Programs ======================
.
.
Aarons 2007 In store
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.1
Amaya
Amazon MP3 Downloader 1.0.10
Auslogics Disk Defrag
Banctec Service Agreement
Big Fish Games Client
BookSmart® 2.5.1 2.5.1
Brother MFL-Pro Suite MFC-295CN
Browser Address Error Redirector
CareBears Catch A Star (remove only)
CCleaner
Click Box Utilities
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant D850 PCI V.92 Modem
D3DX10
Dell-eBay
Dell Best of Web
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Deluxe Bible Collection
Digital Line Detect
EDocs
Elf 1.15 Toolbar
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hidden Expedition: Amazon ™
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
iolo technologies' System Mechanic Professional
iSEEK AnswerWorks English Runtime
Java(TM) 6 Update 7
Junk Mail filter update
LimeWire 5.3.6
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Office Excel 2003
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Diagnostic Tool
Mozilla Firefox (3.5.16)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files: Ravenhearst ®
NetWaiting
OGA Notifier 2.0.0048.0
PaperPort Image Printer
Print Workshop 2009 LE
Puppy Luv Adventures 1.0
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Smilebox
SmileBox EN Toolbar
Spelling Dictionaries Support For Adobe Reader 9
The Bible Collection Installer
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wsciper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Toolbar
.
==== End Of File ===========================

[Hoov]

My name is Hoov and I have helped you before. You know how I work so I am going to skip all of the preamble.

While I am looking over your logs, could you tell me what your computer is doing or not doing that is wrong? "Not working properly" covers a broad range of problems.

[bdunn0]

Can not turn on Windows Firewall.

USB ports on back of computer are not working. USB ports on front of computer work ok. There are two ports on the front & four on the back. Devise Manager does not show any errors.

System Mechanic Professional has expired. Keep getting error messaage. Have not figured out how to disable it.

Computer is running better since virus removal with MBAM & running Windows Updade.

Do I need to run additional Virus checks? Can you help with other problems?

Thanks in advance for your help.

[Hoov]

I am not familiar with the Iolo product, but if you suspect it is causing problems then try uninstalling it. There are instructions here on how to do a clean uninstall.

When was the last time you looked inside the computer? If the two ports on the back are connected to the motherboard thru a cable, it could just need to be unplugged and plugged back in. That there are no errors in the Device manager says there is nothing electronically wrong.

Before running a virus scan, can you attach a set of event viewer logs?

I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

[bdunn0]

The ziped event files are to large to send.

System Mechanic has been removed.

USB ports do not use a cable. They connect direct to the motherboard.

[Hoov]

I am going to send you a PM on what to do with the logs.

About your other problems it is possible that you have what is being called the zero access rootkit. I am giving you instructions on how to run combofix, go ahead and run it, but do not uninstall it until I tell you how.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

[bdunn0]

Combofix has detected RootkitZeroAccess and is trying to fix it. I will let you know what happens.

[Hoov]

If I don't answer tonight I will answer in the AM.

[bdunn0]

Here is the combofix log

[bdunn0]

windows update has stoped working. Error Code 80096001.

[Hoov]

In the future please paste logs into your response. Don't attach them.

About the windows update, once we are sure your computer is clean, we will tackle that if it has not been resolved.

ComboFix 12-06-16.02 - Denise 06/17/2012   0:46.1.1 - x86
Running from: c:\users\Denise\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Denise\Documents\~WRL0004.tmp
c:\users\Denise\Documents\~WRL0516.tmp
c:\users\Denise\Documents\~WRL0907.tmp
c:\users\Denise\Documents\~WRL1252.tmp
c:\users\Denise\Documents\~WRL1818.tmp
c:\windows\$NtUninstallKB8178$
c:\windows\$NtUninstallKB8178$\1184207347
c:\windows\$NtUninstallKB8178$\766456413\@
c:\windows\$NtUninstallKB8178$\766456413\bckfg.tmp
c:\windows\$NtUninstallKB8178$\766456413\cfg.ini
c:\windows\$NtUninstallKB8178$\766456413\Desktop.ini
c:\windows\$NtUninstallKB8178$\766456413\keywords
c:\windows\$NtUninstallKB8178$\766456413\kwrd.dll
c:\windows\$NtUninstallKB8178$\766456413\L\ogejidap
c:\windows\$NtUninstallKB8178$\766456413\oemid
c:\windows\$NtUninstallKB8178$\766456413\U\00000001.@
c:\windows\$NtUninstallKB8178$\766456413\U\00000002.@
c:\windows\$NtUninstallKB8178$\766456413\U\00000004.@
c:\windows\$NtUninstallKB8178$\766456413\U\80000000.@
c:\windows\$NtUninstallKB8178$\766456413\U\80000004.@
c:\windows\$NtUninstallKB8178$\766456413\U\80000032.@
c:\windows\$NtUninstallKB8178$\766456413\version
c:\windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\@
c:\windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\L\00000004.@
c:\windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\L\1afb2d56
c:\windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\L\201d3dde
c:\windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\U\00000004.@
c:\windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\U\000000cb.@
c:\windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\U\80000032.@
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-17 to 2012-06-17  )))))))))))))))))))))))))))))))
.
.
2012-06-17 22:01 . 2012-06-17 22:01   --------   d-----w-   c:\users\Denise\AppData\Roaming\Auslogics
2012-06-17 22:01 . 2012-06-17 22:01   --------   d-----w-   c:\program files\Auslogics
2012-06-17 19:20 . 2012-06-17 19:20   --------   d-----w-   c:\program files\Microsoft ATS
2012-06-17 19:18 . 2012-06-17 19:21   --------   d-----w-   c:\users\Denise\AppData\Local\ElevatedDiagnostics
2012-06-17 17:21 . 2012-02-09 19:17   713784   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D4DDC5F-1B69-404B-B63D-E4551BB1BD02}\gapaengine.dll
2012-06-17 17:20 . 2012-05-15 06:43   6737808   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B160F8A4-D526-40AF-A25F-5B0150A02878}\mpengine.dll
2012-06-17 17:16 . 2012-06-17 17:16   --------   d-----w-   c:\program files\Microsoft Security Client
2012-06-17 17:15 . 2010-04-05 20:00   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-06-17 16:50 . 2012-06-17 16:50   --------   d-----w-   c:\users\Denise\AppData\Local\Stardock_Corporation
2012-06-17 16:28 . 2012-06-17 16:28   --------   d-----w-   c:\program files\VS Revo Group
2012-06-17 14:26 . 2012-06-17 14:26   --------   d-----w-   c:\users\Denise\AppData\Roaming\Malwarebytes
2012-06-17 14:26 . 2012-06-17 14:26   --------   d-----w-   c:\programdata\Malwarebytes
2012-06-17 14:26 . 2012-04-04 20:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-17 14:26 . 2012-06-17 14:26   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-06-17 14:26 . 2012-04-23 16:00   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-17 14:26 . 2012-04-23 16:00   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-17 14:26 . 2012-04-23 16:00   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-17 14:26 . 2012-05-01 14:03   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-06-17 14:25 . 2012-05-15 19:51   2045440   ----a-w-   c:\windows\system32\win32k.sys
2012-06-17 14:23 . 2012-06-17 14:23   --------   d-----w-   c:\program files\CCleaner
2012-06-17 05:07 . 2012-06-17 05:10   --------   d-----w-   c:\users\Denise\AppData\Local\temp
2012-06-17 05:07 . 2012-06-17 05:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-06-17 04:46 . 2012-06-17 04:47   29904   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B160F8A4-D526-40AF-A25F-5B0150A02878}\MpKsl60a42724.sys
2012-06-17 04:45 . 2012-06-17 04:46   56200   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B160F8A4-D526-40AF-A25F-5B0150A02878}\offreg.dll
2012-06-04 12:37 . 2012-06-04 12:37   --------   d-----w-   c:\windows\Sun
2012-06-03 06:43 . 2012-06-03 06:43   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2012-06-03 04:16 . 2012-06-03 04:17   --------   d-----w-   c:\program files\Hidden Expedition - Amazon
2012-06-03 03:47 . 2012-06-03 03:48   --------   d-----w-   c:\program files\Mystery Case Files - Ravenhearst
2012-06-03 03:47 . 2012-06-03 03:47   --------   d-----w-   c:\program files\bfgclient
2012-06-03 03:46 . 2012-06-03 04:30   --------   d-----w-   C:\BigFishGamesCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:16 . 2012-05-12 00:34   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 00:34   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-12 00:34   914304   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-12 00:34   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 01:44 . 2012-03-21 01:44   74112   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44   171064   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28 . 2012-05-12 00:34   53120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2010-06-19 16:18 . 2009-11-23 16:05   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51   3911776   ----a-w-   c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
2010-12-09 17:51   3911776   ----a-w-   c:\program files\Elf_1.15\tbElf_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
2011-05-09 08:49   176936   ----a-w-   c:\program files\SmileBox_EN\prxtbSmil.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{F897EB0E-A3A4-46C3-80EB-2729699D8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"CommunityTray"="c:\program files\VTech\Community\System\Startup.exe" [2008-03-15 11776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-15 06:09   10536   ----a-w-   c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2009-01-09 20:53   114688   ------w-   c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-23 05:47   4240760   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2012-05-15 15:06   325448   ----a-w-   c:\users\Denise\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-15 06:03   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.smilebox.com?a=6OyvU0GhP6
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\m04f1ww0.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.smilebox.com?a=6OyvU0GhP6
FF - prefs.js: keyword.URL - hxxp://mystart.smilebox.com/?loc=SB_FF_AB&a=6OyvU0GhP6&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-BookSmart® 2.5.1 2.5.1 - c:\users\Aaron's\Documents\BookSmart\uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,02,dc,2c,fa,0f,78,41,80,a3,6a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,02,dc,2c,fa,0f,78,41,80,a3,6a,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\system32\dlbacoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Dell\DellDock\DellDock.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\VTech\Community\System\PCTray.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-06-17  01:16:59 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-17 05:16
.
Pre-Run: 202,249,199,616 bytes free
Post-Run: 202,248,892,416 bytes free
.
- - End Of File - - 1158D8965FEA6219B98345E2D8AE052D

[Hoov]

How are the USB ports doing?

I will see you tomorrow. It is getting late here.