Infected by iliti virus & possible others...

Both scans done - awaiting your review - thank you.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
Sorry for getting you to run aswMBR.exe again. I missed it the first time.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

ComboFix 12-08-25.04 - FabFrommFamily 08/26/2012 16:58:37.1.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16366.14806 [GMT -5:00]
Running from: c:\virus removal 001\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30FC4FC8-4857-4ADC-9930-0A1B2CB4D363}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56192587-B613-4639-8042-29AE150CF355}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{78D41CE3-86DE-4991-BC21-5671B1679DFD}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5FCCB6E-512B-43E2-9CA2-D0634DDD6FFD}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C3CEA727-92DC-4AAD-ADB5-68AB1163F94F}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8013E1E-581D-4AA1-9EE9-D7099D9D17FC}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F907BC74-1FD6-4313-9ADD-B95A9DBD0471}.xps
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\bing.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\google.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\yahoo.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\Microsoft\Microsoft
c:\users\FabFrommFamily\gotomypc_635.exe
J:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-24 03:00 . 2012-08-24 03:00 -------- d-----w- C:\_OTL
2012-08-24 02:56 . 2012-08-24 02:56 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-24 01:20 . 2012-08-24 01:20 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\Malwarebytes
2012-08-24 01:20 . 2012-08-24 01:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-24 01:20 . 2012-08-24 01:20 -------- d-----w- c:\programdata\Malwarebytes
2012-08-24 01:20 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 23:50 . 2012-08-23 23:50 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\SUPERAntiSpyware.com
2012-08-23 23:50 . 2012-08-23 23:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-23 23:50 . 2012-08-23 23:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-23 00:48 . 2012-08-26 21:53 -------- d-----w- C:\Virus Removal 001
2012-08-15 23:08 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 23:08 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 23:08 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 23:08 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 23:08 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 23:08 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 23:08 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 23:08 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 23:08 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 23:08 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 23:08 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 23:08 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-07 14:09 . 2012-08-07 14:09 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\Smart PC Cleaner
2012-08-07 13:39 . 2012-08-07 13:39 -------- d-----w- c:\users\FabFrommFamily\AppData\Local\visi_coupon
2012-08-07 13:39 . 2012-08-07 13:39 -------- d-----w- c:\program files (x86)\mefeediatest
2012-08-07 13:39 . 2012-08-07 13:39 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\program files (x86)\Yontoo
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\programdata\Tarma Installer
2012-08-07 13:38 . 2012-08-26 22:06 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\DefaultTab
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\program files (x86)\Smart PC Cleaner
2012-08-07 13:38 . 2012-08-24 01:11 -------- d-----w- c:\users\FabFrommFamily\AppData\Local\RivalGaming
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\programdata\Yahoo!
2012-08-07 13:38 . 2012-08-08 03:13 -------- d-----w- c:\programdata\Yahoo! Companion
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\Yahoo!
2012-08-07 13:08 . 2012-08-07 13:08 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\RealNetworks
2012-07-28 02:10 . 2012-08-03 20:15 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-28 02:10 . 2012-08-26 21:49 -------- d-----w- c:\program files (x86)\Steam
2012-07-28 02:09 . 2012-07-28 02:09 -------- d-----w- c:\users\FabFrommFamily\AppData\Local\AVG Secure Search
2012-07-28 02:09 . 2012-07-30 00:02 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-28 02:09 . 2012-07-28 02:09 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-28 02:09 . 2012-07-28 02:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-28 02:09 . 2012-07-28 02:09 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-28 02:09 . 2012-07-28 02:09 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 02:56 . 2011-09-21 01:57 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-16 08:00 . 2012-04-25 14:00 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 20:11 . 2012-06-20 12:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 20:11 . 2011-09-21 01:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 02:02 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 13:49 . 2012-06-06 13:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 02:02 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 02:02 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 02:01 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 02:02 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 02:02 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 02:01 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 08:08 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 08:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:08 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 08:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 08:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 08:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 08:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 02:02 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 02:02 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 02:02 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 02:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 02:02 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 02:02 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 02:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 02:02 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 02:02 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
2011-05-04 16:04 81920 ----a-w- c:\program files (x86)\mefeediatest\w3itemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2012-02-01 23:18 136192 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{154d932f-dc51-4a4f-9d52-b78b1419d3b4}"= "c:\program files (x86)\mefeediatest\w3itemplateX.dll" [2011-05-04 81920]
.
[HKEY_CLASSES_ROOT\clsid\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"Smart PC Cleaner"="c:\program files (x86)\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-02-05 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-28 1147488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe [2011-09-29 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2011-09-29 126392]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-07-28 830048]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-14 113120]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-28 31080]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 20:11]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 15:23]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 15:23]
.
2012-08-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-22 c:\windows\Tasks\RGames Updater.job
- c:\users\FabFrommFamily\AppData\Local\RivalGaming\Updater.exe [2012-08-07 13:38]
.
2012-08-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task dd4ca465-1386-4d51-8bdf-6edab67a1ec4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f1550eca-662b-4fb5-9390-9723ac7b6bd6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF29688.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF29688.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 28164389-3bd8-47ec-b28f-095faa61849e
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,easyinline,trafficvanceads
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-DefaultTab - c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-26 17:30:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 22:30
.
Pre-Run: 1,794,406,866,944 bytes free
Post-Run: 1,794,610,548,736 bytes free
.
- - End Of File - - 44C48B3CDF8FE9D8029AA37F4C8EF7FE

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 14.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:1840 Go - Free:1671 Go )
D:\ [CD_Rom]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Fixed-FAT32] .. ( Total:93 Go - Free:24 Go )
K:\ [Removable]
.
Scan : 18:50.06
Path : C:\Virus Removal 001\Rooter.exe
User : FabFrommFamily ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ???R?????? (384)
______ ???R?????? (500)
______ ???R?????? (528)
______ ???R?????? (548)
______ ???R?????? (584)
______ ???R?????? (628)
______ ???R?????? (648)
______ ???R?????? (656)
______ ???R?????? (756)
______ ???R?????? (828)
______ ???R?????? (904)
______ ???R?????? (940)
______ ???R?????? (996)
______ ???R?????? (160)
______ ???R?????? (368)
______ ???R?????? (652)
______ ???R?????? (1148)
______ ???R?????? (1192)
______ ???R?????? (1300)
______ ???R?????? (1420)
______ ???R?????? (1584)
______ ???R?????? (956)
______ ???R?????? (1576)
______ ???R?????? (2036)
______ C:\Virus Removal 001\Rooter.exe (1352)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41943040 | Length:24387780608)
\Device\Harddisk0\Partition3 (Start_Offset:24429723648 | Length:1975968071680)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\Tasks\RGames Updater.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dd4ca465-1386-4d51-8bdf-6edab67a1ec4.job
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1550eca-662b-4fb5-9390-9723ac7b6bd6.job
C:\Windows\Tasks\SystemToolsDailyTest.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:50.34
.
C:\Rooter$\Rooter_1.txt - (26/08/2012 | 18:50.34)

Also, I was not able to update Java as I'm having to work in safe mode & the "windows installer" will not run in safe mode. I tried working in normal windows but both Iexplorer & firefox are hijacked to the point where they are unusable. Cannot open any URL address at all.

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• List content of Hosts
  
• List IP Configuration
  
• Lst Last 10 Event Viewer Errors
  
• List Users, Partitions and Memory Size
  

Click Go and copy/paste the log (Result.txt) into your next post.
**************************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
  
• Please copy and paste the log to your reply.
  

MiniToolBox by Farbar Version: 23-07-2012
Ran by FabFrommFamily (administrator) on 26-08-2012 at 20:49:22
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Library
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 78-2B-CB-B7-51-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25e5:8f60:f471:c188%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 5:27:38 PM
Lease Expires . . . . . . . . . . : Monday, August 27, 2012 5:29:09 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 188242425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0B-16-94-78-2B-CB-B7-51-DF
DNS Servers . . . . . . . . . . . : 208.180.42.68
208.180.42.100
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: google.com
Addresses: 2001:4860:4002:802::1000
74.125.227.72
74.125.227.73
74.125.227.78
74.125.227.64
74.125.227.65
74.125.227.66
74.125.227.67
74.125.227.68
74.125.227.69
74.125.227.70
74.125.227.71


Pinging google.com [74.125.227.73] with 32 bytes of data:
Reply from 74.125.227.73: bytes=32 time=49ms TTL=53
Reply from 74.125.227.73: bytes=32 time=48ms TTL=53

Ping statistics for 74.125.227.73:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 49ms, Average = 48ms
Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=94ms TTL=48
Reply from 98.139.183.24: bytes=32 time=131ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 94ms, Maximum = 131ms, Average = 112ms
Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...38 59 f9 bb db 37 ......Microsoft Virtual WiFi Miniport Adapter
12...78 2b cb b7 51 df ......Broadcom NetLink (TM) Gigabit Ethernet
11...38 59 f9 bb db 37 ......DW1520 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.120 276
192.168.1.120 255.255.255.255 On-link 192.168.1.120 276
192.168.1.255 255.255.255.255 On-link 192.168.1.120 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.120 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.120 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::25e5:8f60:f471:c188/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:59:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:56:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:48:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/26/2012 05:31:19 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/26/2012 05:29:17 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:59:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:56:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:48:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


========================= Memory info: ===================================

Percentage of memory in use: 7%
Total physical RAM: 16366.45 MB
Available physical RAM: 15065.31 MB
Total Pagefile: 32731.08 MB
Available Pagefile: 31519.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.67 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1840.26 GB) (Free:1671.47 GB) NTFS
8 Drive j: () (Fixed) (Total:93.33 GB) (Free:24.57 GB) FAT32

========================= Users: ========================================

User accounts for \\LIBRARY

Administrator FabFrommFamily Guest


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by FabFrommFamily (administrator) on 26-08-2012 at 20:50:14
Running from "C:\Virus Removal 001"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Still having problems in Normal Mode with your browsers?

Superdave wrote:

Still having problems in Normal Mode with your browsers?

Yes - still having problems - but here is why & I guess I didn't realize it before...
In normal mode I have "no internet access"
Ran "windows network diagnostics" as it was an option when hovering over the "internet connectivity" icon in the status bar.
"diagnostics" returned the following statement:
"Windows cannot communicate with device or resource (primary DNS server)"

I'm not sure how to troubleshoot this any further in normal mode to come to any conclusions or solutions.

I'm able to boot the computer into "safe mode with networking" and I have internet access, if I boot into normal mode, internet access is totally disabled or at least not functioning.

Please let me know if you have some ideas or solutions. Thanks in advance.

Can you run those two previous scans in Normal Mode?

Superdave: the following 2 posts are the results of running MiniToolbar and FSS in Normal Mode...

MiniToolBox by Farbar Version: 23-07-2012
Ran by FabFrommFamily (administrator) on 28-08-2012 at 21:09:31
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Library
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 78-2B-CB-B7-51-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25e5:8f60:f471:c188%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 28, 2012 9:08:02 PM
Lease Expires . . . . . . . . . . : Wednesday, August 29, 2012 9:08:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 188242425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0B-16-94-78-2B-CB-B7-51-DF
DNS Servers . . . . . . . . . . . : 208.180.42.68
208.180.42.100
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ECE4C237-C1BF-47D8-B66E-E19BDFC76428}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.180.42.68

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.180.42.68

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.180.42.68

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...38 59 f9 bb db 37 ......Microsoft Virtual WiFi Miniport Adapter
12...78 2b cb b7 51 df ......Broadcom NetLink (TM) Gigabit Ethernet
11...38 59 f9 bb db 37 ......DW1520 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.120 276
192.168.1.120 255.255.255.255 On-link 192.168.1.120 276
192.168.1.255 255.255.255.255 On-link 192.168.1.120 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.120 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.120 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::25e5:8f60:f471:c188/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2012 09:09:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:10:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:04:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/28/2012 09:10:35 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/28/2012 09:10:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/28/2012 08:08:31 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/27/2012 08:12:29 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/27/2012 08:10:28 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/28/2012 09:09:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:10:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:04:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


========================= Memory info: ===================================

Percentage of memory in use: 13%
Total physical RAM: 16366.45 MB
Available physical RAM: 14218.99 MB
Total Pagefile: 32731.08 MB
Available Pagefile: 30328.15 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.67 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1840.26 GB) (Free:1671.27 GB) NTFS
8 Drive j: () (Fixed) (Total:93.33 GB) (Free:24.57 GB) FAT32

========================= Users: ========================================

User accounts for \\LIBRARY

Administrator FabFrommFamily Guest


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by FabFrommFamily (administrator) on 28-08-2012 at 21:11:38
Running from "C:\Virus Removal 001"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Other errors


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

At this time, internet access is still non-functional in Normal Mode. I have not changed any settings to try to repair myself so as not to screw anything up.

Ok. Let's try a couple of things. All this in Normal Mode, please.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.
****************************************
If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

I was able to perform all of the ipconfig commands in normal mode, and each time after rebooting, still did not have internet access in normal mode.

Not sure if this helped, but the only way to perform the ESET scanner was to be in safe mode with networking.

Here are the results.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be8a50e175914a45aea6bd7fd457e190
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-30 01:29:37
# local_time=2012-08-29 08:29:37 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777214 100 75 0 10564783 0 0
# compatibility_mode=5893 16776574 100 94 55044876 97829537 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=288635
# found=11
# cleaned=11
# scan_time=4090
C:\Program Files (x86)\Laplink\PCmover\ThirdParty\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Smart PC Cleaner\SmartPCCleaner.exe a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Local\Downloaded Installations\{1975FDD5-4BDD-4257-8D27-D8A4DA128159}\PCmover Professional.msi a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Local\RivalGaming\Uninstaller.exe a variant of Win32/Adware.Gamevance.CJ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\Installer\3d3c8754.msi a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
J:\old computer files\My Documents\speeditupfree-ultimate.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

staying in safe mode so I can read next instructions...

Not sure if this helped, but the only way to perform the ESET scanner was to be in safe mode with networking.

That's what I was thinking. I just thought I would give it a shot.
Here's some information that may help with that connection problem. Please give it a try and let me know.