Glad you bumped this because I totally forgot about this thread. Sorry.
Please do the following.
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box
Code:
Folder::
c:\documents and settings\xxxxx\Local Settings\Application Data\SearchProtect
c:\program files\pcreg
File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\pcreg.job
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Then uninstall the following programs.
Adobe Flash Player 11 ActiveX
J2SE Runtime Environment 5.0 Update 19
Then download the latest flash player from here.
http://get.adobe.com/flashplayer/
Then I need you to rerun OTL but this time copy and paste the following into the custom scan/fixes box at the bottom.
Code:
:OTL
DRV - (WDICA) -- File not found
DRV - (smsmdd) -- system32\DRIVERS\smsmdm.sys File not found
DRV - (PnSson) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O15 - HKLM\..Trusted Domains: 0-monitor01-w2k ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 3m.com ([*.hiscc1] * in Trusted sites)
O15 - HKLM\..Trusted Domains: 3m.com ([*.hiscc3] * in Trusted sites)
O15 - HKLM\..Trusted Domains: 3m.com ([hiscc1] http in Trusted sites)
O15 - HKLM\..Trusted Domains: 3m.com ([hiscc3] * in Trusted sites)
O15 - HKLM\..Trusted Domains: 3MCustomerCare.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 3MCustomerCare.com ([www] * in Trusted sites)
O15 - HKLM\..Trusted Domains: adobe.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: apple.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: apple.com ([phobos] * in Trusted sites)
O15 - HKLM\..Trusted Domains: appnts264ph ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: awardpresenter.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: cardiolite.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: dell.com ([*.premier] * in Trusted sites)
O15 - HKLM\..Trusted Domains: edgate.org ([*.rss] * in Trusted sites)
O15 - HKLM\..Trusted Domains: efileshare.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: efileshare.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: efileshare.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: emedcon.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: emedcon.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: e-mtsonline.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: ewebhealth.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: exuberawebcasts.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: ibm.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: icanotes.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: ihealthbeat.org ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: impac.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: impac.com ([www] * in Trusted sites)
O15 - HKLM\..Trusted Domains: isweb ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: jhmi.edu ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: k12.nc.us ([*.rss] * in Trusted sites)
O15 - HKLM\..Trusted Domains: live.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: macromedia.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: mckesson.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: medai.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: medkinetics.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: mhrpt02 ([]file in Trusted sites)
O15 - HKLM\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: microsoft.com ([dgl] http in Trusted sites)
O15 - HKLM\..Trusted Domains: microsoft.com ([search.officeupdate] http in Trusted sites)
O15 - HKLM\..Trusted Domains: microsoft.com ([www] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mimosa01 ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: misys.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: misysimentor.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: misysimentor.com ([www] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mrnc.org ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mrnc.org ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: netlearning.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: netlearning.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: net-learning.com ([client1] http in Trusted sites)
O15 - HKLM\..Trusted Domains: netlearning.net ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: netlearning.us ([sis] http in Trusted sites)
O15 - HKLM\..Trusted Domains: newsstand.com ([modernphysician] http in Trusted sites)
O15 - HKLM\..Trusted Domains: nursingquality.org ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: nxtbook.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: nxtbookmedia.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: on24.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: optiosoftware.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: palmettogba.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: practicematch.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: premierinc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: qcnet.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: qnetexchange.org ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: questdiagnostics.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: questdiagnostics.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: redwood.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: robinsmorton.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: rwweb01 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: seebeyond.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: sgasp.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: state.nc.us ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: streamlinehealth.net ([maxim] http in Trusted sites)
O15 - HKLM\..Trusted Domains: sun.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: sunaro2.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: suntrust.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: surveymonkey.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: thomsonhc.com ([healthcare] http in Trusted sites)
O15 - HKLM\..Trusted Domains: trend.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: va.gov ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: va.gov ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: verge-solutions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: verge-solutions.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: vha.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: wachovia.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: wachovia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: webex.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: webex.com ([netlearning] https in Trusted sites)
O15 - HKLM\..Trusted Domains: yahoo.com ([*.launch] * in Trusted sites)
O15 - HKLM\..Trusted Domains: zoho.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: zohom.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range10 ([https] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range11 ([*] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range12 ([*] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range13 ([*] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range13 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range14 ([*] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range4 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range5 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range6 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range7 ([https] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range8 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range9 ([https] in Trusted sites)
O15 - HKCU\..Trusted Domains: novant.net ([nh] * in Local intranet)
O15 - HKCU\..Trusted Domains: novanthealth.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: novanthealth.org ([*.fm] * in Local intranet)
Then click on the run fix button up top.