Virus suspecte, but not showing up on scan

[Thanatos95]

Hi again.  My homes other computer is acting like it is infected.  Windows defender and firewall are shut down and cannot restart and the network card is completely offline, so i am having to post this on another computer.  Both Malware and Nortons cant find anything though, however they are out of date in their definitions.  I ran the DDS scan and here are the results:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.25.2
Run by Canaday Family at 15:25:54 on 2013-08-22
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4095.3188 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Canaday Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\PhotoStudio Expressions\PMMonitor.exe
C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - <orphaned>
uURLSearchHooks: {2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Canaday Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN2733H05X05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [Google Update] "C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [lxdnmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [shopAtHomeWatcher] C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\CANADA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\CANADA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Monitor.lnk - C:\Program Files (x86)\PhotoStudio Expressions\PMMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ULEADP~1.LNK - C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll



x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-16 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-6-24 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-6-24 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-6-24 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSviA64.sys [2013-8-13 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-6-24 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-24 433752]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-16 13336]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-6-24 144368]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-16 689472]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-4-8 149544]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-4-8 148008]
R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-4-8 205352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-19 139864]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 OV550I;35mm Film Scanner;C:\Windows\System32\drivers\FilmScan.sys [2008-2-21 196992]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-07-24 17:26:30    1316    --sha-w-    C:\Windows\SysWow64\KGyGaAvL.sys
2013-06-24 22:44:26    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-19 21:02:12    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 21:02:11    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-06-19 21:02:11    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-12 05:18:40    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 05:18:40    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 15:26:31.97 ===============
 

 

 

and the other

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2011 5:09:07 PM
System Uptime: 8/22/2013 10:55:37 AM (5 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium® Dual-Core  CPU      E5700  @ 3.00GHz | CPU 1 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 353.866 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: HTTP
Device ID: ROOT\LEGACY_HTTP\0000
Manufacturer:
Name: HTTP
PNP Device ID: ROOT\LEGACY_HTTP\0000
Service: HTTP
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: TCP/IP Protocol Driver
Device ID: ROOT\LEGACY_TCPIP\0000
Manufacturer:
Name: TCP/IP Protocol Driver
PNP Device ID: ROOT\LEGACY_TCPIP\0000
Service: Tcpip
.
==== System Restore Points ===================
.
RP200: 7/24/2013 12:00:01 AM - Scheduled Checkpoint
RP201: 8/1/2013 11:35:26 AM - Scheduled Checkpoint
RP202: 8/8/2013 5:00:53 PM - Scheduled Checkpoint
RP203: 8/16/2013 12:17:52 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
35mm Film Scanner X64
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator 10
Adobe Reader XI (11.0.03)
Adobe SVG Viewer 3.0
Amazon Kindle
ArcSoft CD&DVD LabelMaker
ArcSoft PhotoImpression 6
Audacity 1.2.6
AVSDK5
Calendar Creator 12
Catalina Savings Printer
Civilization III
Civilization III Play the World
Consumer In-Home Service Agreement
Corel Paint Shop Pro Photo XI
Coupon Printer for Windows
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
DirectX 9 Runtime
eBay
Endless Space
Facebook Video Calling 1.2.0.287
Google Chrome
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
HP FWUpdateEDO2
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Photo Creations
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Intel® Control Center
Intel® Rapid Storage Technology
Internet Explorer
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 22 (64-bit)
Junk Mail filter update
LDS Scriptures CD-ROM Resource Edition
Legacy 7.5
Lexmark 2600 Series
Logitech Webcam Software
LWS Launcher
LWS Motion Detection
LWS Video Mask Maker
LWS VideoEffects
Malwarebytes Anti-Malware version 1.75.0.1300
Memorex exPressit Label Design Studio
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Naval War: Arctic Circle Demo
Norton Internet Security
NVIDIA Drivers
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
Personal Ancestral File 5
PhotoShowExpress
PhotoStudio Expressions
PMB
QuickTime
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
ShopAtHome.com Helper
ShopAtHome.com Toolbar
Sid Meier's Civilization 4
Sid Meier's Civilization V
Skype Click to Call
Skype™ 6.3
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Steam
Tropico 3 - Demo
Ulead Photo Express 4.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/22/2013 3:24:58 PM, Error: Service Control Manager [7001]  - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error:  The network location cannot be reached. For information about network troubleshooting, see Windows Help.
8/22/2013 3:24:58 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  Network Location Awareness is not a valid Win32 application.
8/22/2013 3:24:58 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/22/2013 3:24:58 PM, Error: Service Control Manager [7001]  - The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error:  The network location cannot be reached. For information about network troubleshooting, see Windows Help.
8/22/2013 3:24:58 PM, Error: Service Control Manager [7000]  - The TCP/IP Protocol Driver service failed to start due to the following error:  TCP/IP Protocol Driver is not a valid Win32 application.
8/22/2013 3:24:58 PM, Error: Service Control Manager [7000]  - The HTTP service failed to start due to the following error:  The network location cannot be reached. For information about network troubleshooting, see Windows Help.
8/22/2013 3:24:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/22/2013 3:24:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/22/2013 3:18:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/21/2013 8:37:21 PM, Error: Service Control Manager [7023]  - The DHCP Client service terminated with the following error:  Element not found.
8/21/2013 8:37:21 PM, Error: Microsoft-Windows-DHCPv6-Client [1004]  - Error occurred in stopping the Dhcpv6 client service. ErrorCode is 0x32.ShutDown Flag value is 0.
8/21/2013 8:37:21 PM, Error: Microsoft-Windows-Dhcp-Client [1004]  - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x490. ShutDown Flag value is 0
8/21/2013 5:42:23 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
8/21/2013 5:42:23 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x80072742.
8/21/2013 4:25:45 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147014846
8/21/2013 4:25:44 PM, Error: Service Control Manager [7001]  - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error:  The network location cannot be reached. For information about network troubleshooting, see Windows Help.
8/21/2013 4:23:42 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
8/21/2013 4:23:41 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The request is not supported.
8/21/2013 4:23:40 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Tcpip TfFsMon TFSysMon
8/21/2013 4:23:36 PM, Error: Service Control Manager [7001]  - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/21/2013 4:23:35 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.
8/21/2013 4:23:35 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/21/2013 4:23:35 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/21/2013 4:23:35 PM, Error: Service Control Manager [7001]  - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  The system cannot find the file specified.
8/21/2013 4:23:35 PM, Error: Service Control Manager [7001]  - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error:  The network location cannot be reached. For information about network troubleshooting, see Windows Help.
8/21/2013 4:23:35 PM, Error: Service Control Manager [7000]  - The lxdnCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/21/2013 4:23:34 PM, Error: Service Control Manager [7023]  - The Base Filtering Engine service terminated with the following error:  The system cannot find the file specified.
8/21/2013 4:23:34 PM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  The system cannot find the file specified.
8/21/2013 4:23:34 PM, Error: Service Control Manager [7001]  - The Print Spooler service depends on the HTTP service which failed to start because of the following error:  The network location cannot be reached. For information about network troubleshooting, see Windows Help.
8/21/2013 10:47:23 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/21/2013 10:47:23 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/21/2013 10:47:20 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/21/2013 10:47:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/21/2013 10:47:08 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Tcpip TfFsMon TFSysMon Wanarpv6
8/20/2013 7:20:05 PM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the HTTP service which failed to start because of the following error:  The network location cannot be reached. For information about network troubleshooting, see Windows Help.
8/20/2013 7:20:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/17/2013 3:59:44 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The pipe has been ended.
8/17/2013 3:59:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
8/15/2013 12:56:37 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR22.
.
==== End Of File ===========================
 

 

 

If this is a virus, please help.  If not, any advice on where to go?

 

 

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Thanatos95]

Here is the report from rogue killer:

 

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Canaday Family [Admin rights]
Mode : Scan -- Date : 08/25/2013 19:17:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] GoogleUpdate.exe -- C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe [7] -> KILLED [TermProc]
[sUSP PATH] ShopAtHomeWatcher.exe -- C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2838458837-2090948747-2063743716-1001\[...]\Run : Google Update ("C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : ShopAtHomeWatcher (C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [7]) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001UA.job : C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001Core.job : C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 +++++
--- User ---
[MBR] 47206d553744656d7e01a7642fa40872
[bSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12342 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25358336 | Size: 464557 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08252013_191726.txt >>



 

[MrCharlie]

I would suggest you uninstall these:

ShopAtHome.com Helper
ShopAtHome.com Toolbar

Then.........

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

MrC

[Thanatos95]

This is my mothers computer, so i cant say for sure about these files, but they all look like adware that should be removed.  She didnt even know what they were.

 

# AdwCleaner v3.000 - Report created 25/08/2013 at 20:59:50
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Canaday Family - CANADAYFAMILY
# Running from : C:\Users\Canaday Family\Desktop\Virus Check Programs\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\TotalRecipeSearch_14EI
Folder Found C:\Users\Canaday Family\AppData\Local\Conduit
Folder Found C:\Users\Canaday Family\AppData\LocalLow\Conduit
Folder Found C:\Users\Canaday Family\AppData\LocalLow\PriceGong
Folder Found C:\Users\Canaday Family\AppData\LocalLow\TotalRecipeSearch_14EI

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Canaday Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3739 octets] - [25/08/2013 20:59:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3799 octets] ##########
 

[MrCharlie]

Yes, they're all adware, is this want the complaint is about??

Double click on AdwCleaner.exe to run the tool again.

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Thanatos95]

Unfortunately, i don't think this is as simple as adware.  even after the removal, the problems are still there.  the network card is still disabled, and windows defender is still offline.  When i open the network and sharing center for that machine, it says the services or group failed to start.  Malware's scan came up empty, and that is making me suspicious.  It didn't even show the adware that the adware cleaner found and removed.

 

here is the adware cleaner log:

 

# AdwCleaner v3.000 - Report created 25/08/2013 at 21:37:17
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Canaday Family - CANADAYFAMILY
# Running from : C:\Users\Canaday Family\Desktop\Virus Check Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\TotalRecipeSearch_14EI
Folder Deleted : C:\Users\Canaday Family\AppData\Local\Conduit
Folder Deleted : C:\Users\Canaday Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Canaday Family\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Canaday Family\AppData\LocalLow\TotalRecipeSearch_14EI

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Canaday Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3903 octets] - [25/08/2013 20:59:50]
AdwCleaner[R1].txt - [3963 octets] - [25/08/2013 21:36:28]
AdwCleaner[s0].txt - [3667 octets] - [25/08/2013 21:37:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3727 octets] ##########
 

 

and here is the malware scan log after the cleaner was run(be advised, the program is 140 days out of date due to the network card being disabled)

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Canaday Family :: CANADAYFAMILY [administrator]

8/25/2013 9:43:38 PM
mbam-log-2013-08-25 (21-43-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283407
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[MrCharlie]

It would have been helpful if you stated all of this right up front rather then have me speculate on what the problems are.

Please download Farbar Recovery Scan Tool and save it to a folder. (64bit version)

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[Thanatos95]

I'm sorry, I guess i was not clear enough in my initial post.  I though i did mention the offline stuff and malware not seeing anything.

 

here are the logs from FRST:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Canaday Family :: CANADAYFAMILY [administrator]

8/25/2013 9:43:38 PM
mbam-log-2013-08-25 (21-43-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283407
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Addition.zip

[MrCharlie]

I need the FRST log.     MrC

[Thanatos95]

oops, i opened the wrong txt file, im sorry.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013
Ran by Canaday Family (administrator) on 25-08-2013 22:28:18
Running from C:\Users\Canaday Family\Desktop\Virus Check Programs
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
( ) C:\Windows\system32\lxdncoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PSIService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Facebook Inc.) C:\Users\Canaday Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe
(ArcSoft) C:\Program Files (x86)\PhotoStudio Expressions\PMMonitor.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Lexmark International Inc.) C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [18240 2010-07-21] (Dell)
HKLM-x32\...\RunOnce: [sTToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-26] (Valve Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Canaday Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKCU\...\Run: [Google Update] - C:\Users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-06] (Google Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {86bf64ee-3a00-11e0-ae5b-806e6f6e6963} - D:\autorun.exe
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [lxdnmon.exe] - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM-x32\...\Run: [EzPrint] - C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-02] ()
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [shopAtHomeWatcher] - C:\Users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [119672 2013-01-29] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Alex\...\Policies\system: [LogonHoursAction] 2
HKU\Alex\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor.lnk
ShortcutTarget: Monitor.lnk -> C:\Program Files (x86)\PhotoStudio Expressions\PMMonitor.exe (ArcSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ulead Photo Express Calendar Checker.lnk
ShortcutTarget: Ulead Photo Express Calendar Checker.lnk -> C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe (Ulead Systems, Inc.)
Startup: C:\Users\Canaday Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Canaday Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: (No Name) - {ffb11c0c-da90-4969-a995-8dca2e0fc10a} -  No File
URLSearchHook: (No Name) - {2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {93AE2388-06D3-4784-A802-4383512A46A0} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {93AE2388-06D3-4784-A802-4383512A46A0} URL =
SearchScopes: HKCU - {E590C23A-9DA2-43D4-ABCD-09AFC5FCC12E} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {FFB11C0C-DA90-4969-A995-8DCA2E0FC10A} -  No File
Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Norton Identity Protection) - C:\Users\CANADA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [149544 2010-04-08] (Authentium, Inc)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [148008 2010-04-08] (Authentium, Inc)
R2 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [205352 2010-04-08] (Authentium, Inc)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-21] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-19] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [139864 2013-08-19] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-06-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-06-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\ENG64.SYS [126040 2013-07-26] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\ENG64.SYS [126040 2013-07-26] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\EX64.SYS [2098776 2013-07-26] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\EX64.SYS [2098776 2013-07-26] (Symantec Corporation)
S3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-21] (Omnivision Technologies, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S1 Tcpip; C:\Windows\System32\drivers\tcpip.sys [0 2013-07-27] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [0 2013-07-27] ()
S3 pfc; system32\drivers\pfc.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TFSysMon; system32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 20:59 - 2013-08-25 21:37 - 00000000 ____D C:\AdwCleaner
2013-08-25 20:59 - 2013-08-25 20:59 - 00002661 _____ C:\Users\Canaday Family\Desktop\RKreport[0]_S_08252013_205937.txt
2013-08-25 19:17 - 2013-08-25 19:17 - 00002908 _____ C:\Users\Canaday Family\Desktop\RKreport[0]_S_08252013_191726.txt
2013-08-22 15:29 - 2013-08-22 15:31 - 00000000 ____D C:\Users\Canaday Family\Desktop\RK_Quarantine
2013-08-14 09:14 - 2013-08-14 09:14 - 00000000 ____D C:\Users\Canaday Family\Desktop\Definitions of speech types
2013-08-12 10:26 - 2013-08-12 10:26 - 00002648 _____ C:\{B1FB5FE6-4344-4277-B62A-0A3E663F4B74}
2013-08-12 10:25 - 2013-08-12 10:25 - 00002376 _____ C:\{1C0B5FE4-85F3-4815-9F41-04533B770922}
2013-08-12 10:24 - 2013-08-12 10:24 - 00002648 _____ C:\{B2070692-AE21-46E1-B66B-1F5FE6C49906}
2013-08-10 19:23 - 2013-08-10 19:23 - 00002648 _____ C:\{76253DF4-55A2-49CD-850B-0D03262492D9}
2013-08-10 19:21 - 2013-08-10 19:22 - 00002376 _____ C:\{5AE6F3C8-5454-4C54-BCEB-7099482119F8}
2013-08-10 19:20 - 2013-08-10 19:20 - 00002648 _____ C:\{5F8BD4E1-2CF2-4CDF-9899-30D5C255A72F}
2013-08-10 13:10 - 2013-08-11 00:20 - 00000000 ____D C:\Users\Canaday Family\Desktop\Ivy Tech speeches
2013-08-09 11:51 - 2013-08-09 11:51 - 00002248 _____ C:\{9CAFA7C2-ABB8-4B76-847C-270ADFC54BD2}
2013-08-09 11:50 - 2013-08-09 11:50 - 00002416 _____ C:\{A8C68EFB-C60D-4CE1-8776-924D020630AF}
2013-08-05 19:48 - 2013-08-19 21:50 - 00000000 ____D C:\Users\Canaday Family\Desktop\Ivy Tech 2013
2013-08-05 12:51 - 2013-08-05 12:51 - 00002648 _____ C:\{E6361208-A97F-4C82-972A-1DA59AD404DE}
2013-08-03 17:32 - 2013-08-03 17:32 - 00002648 _____ C:\{C253E334-7790-476D-84A7-04EFE9157DA4}
2013-08-02 16:36 - 2013-08-02 16:36 - 00002648 _____ C:\{71D33431-02F8-41DA-8636-3622043F416F}
2013-07-30 10:52 - 2013-07-30 10:52 - 00002416 _____ C:\{73FEF279-5792-4954-BA83-9C9BB3AD7B2C}
2013-07-29 03:53 - 2013-07-29 03:53 - 00002376 _____ C:\{9A356222-6C7F-40D0-8BB4-D082951A3281}
2013-07-29 03:52 - 2013-07-29 03:52 - 00002648 _____ C:\{62D957F1-6C27-493F-B108-49423529F3C9}
2013-07-27 18:24 - 2013-07-27 18:24 - 00002928 _____ C:\{353BA404-C257-4001-B42B-9EE9F991ED85}
2013-07-27 15:08 - 2013-07-27 15:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-07-27 15:08 - 2013-07-27 15:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf

==================== One Month Modified Files and Folders =======

2013-08-25 21:45 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 21:45 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 21:43 - 2009-07-14 01:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 21:40 - 2009-07-14 01:10 - 01348152 _____ C:\Windows\WindowsUpdate.log
2013-08-25 21:40 - 2009-07-14 01:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-25 21:40 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 21:39 - 2011-09-27 21:33 - 00000000 ____D C:\Users\CANADA~1\AppData\Local\CrashDumps
2013-08-25 21:39 - 2011-07-23 02:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-25 21:39 - 2011-02-16 13:26 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-25 21:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-25 21:38 - 2012-11-20 10:38 - 00000000 ____D C:\Users\Canaday Family\AppData\Roaming\ShopAtHome
2013-08-25 21:38 - 2011-02-23 18:13 - 00000072 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log
2013-08-25 21:38 - 2011-02-23 18:09 - 00000000 ____D C:\Users\CANADA~1\AppData\Local\SoftThinks
2013-08-25 21:38 - 2011-02-16 15:11 - 00794328 _____ C:\Windows\PFRO.log
2013-08-25 21:38 - 2009-07-14 00:51 - 00075329 _____ C:\Windows\setupact.log
2013-08-25 21:37 - 2013-08-25 20:59 - 00000000 ____D C:\AdwCleaner
2013-08-25 20:59 - 2013-08-25 20:59 - 00002661 _____ C:\Users\Canaday Family\Desktop\RKreport[0]_S_08252013_205937.txt
2013-08-25 19:17 - 2013-08-25 19:17 - 00002908 _____ C:\Users\Canaday Family\Desktop\RKreport[0]_S_08252013_191726.txt
2013-08-24 22:47 - 2011-04-21 09:32 - 00000000 ____D C:\Users\Canaday Family\Desktop\Foster Care
2013-08-22 19:29 - 2011-02-23 19:19 - 00000000 ____D C:\Users\Canaday Family\Desktop\Denise
2013-08-22 15:31 - 2013-08-22 15:29 - 00000000 ____D C:\Users\Canaday Family\Desktop\RK_Quarantine
2013-08-21 10:53 - 2012-03-05 23:50 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-21 10:53 - 2011-05-20 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 10:47 - 2011-07-12 09:50 - 00391168 ___SH C:\Users\Canaday Family\Desktop\Thumbs.db
2013-08-20 15:49 - 2011-02-16 13:35 - 00000000 ____D C:\ProgramData\Sonic
2013-08-19 21:50 - 2013-08-05 19:48 - 00000000 ____D C:\Users\Canaday Family\Desktop\Ivy Tech 2013
2013-08-19 21:37 - 2011-12-18 10:27 - 00000964 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001UA.job
2013-08-19 21:18 - 2012-04-09 06:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-19 21:13 - 2012-12-24 19:14 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001UA.job
2013-08-19 21:13 - 2012-10-06 09:47 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-19 20:48 - 2012-12-24 19:14 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001Core.job
2013-08-19 20:48 - 2012-10-06 09:46 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 20:47 - 2011-12-18 10:27 - 00000942 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001Core.job
2013-08-14 09:14 - 2013-08-14 09:14 - 00000000 ____D C:\Users\Canaday Family\Desktop\Definitions of speech types
2013-08-12 10:26 - 2013-08-12 10:26 - 00002648 _____ C:\{B1FB5FE6-4344-4277-B62A-0A3E663F4B74}
2013-08-12 10:25 - 2013-08-12 10:25 - 00002376 _____ C:\{1C0B5FE4-85F3-4815-9F41-04533B770922}
2013-08-12 10:24 - 2013-08-12 10:24 - 00002648 _____ C:\{B2070692-AE21-46E1-B66B-1F5FE6C49906}
2013-08-11 00:20 - 2013-08-10 13:10 - 00000000 ____D C:\Users\Canaday Family\Desktop\Ivy Tech speeches
2013-08-10 19:23 - 2013-08-10 19:23 - 00002648 _____ C:\{76253DF4-55A2-49CD-850B-0D03262492D9}
2013-08-10 19:22 - 2013-08-10 19:21 - 00002376 _____ C:\{5AE6F3C8-5454-4C54-BCEB-7099482119F8}
2013-08-10 19:20 - 2013-08-10 19:20 - 00002648 _____ C:\{5F8BD4E1-2CF2-4CDF-9899-30D5C255A72F}
2013-08-09 11:51 - 2013-08-09 11:51 - 00002248 _____ C:\{9CAFA7C2-ABB8-4B76-847C-270ADFC54BD2}
2013-08-09 11:50 - 2013-08-09 11:50 - 00002416 _____ C:\{A8C68EFB-C60D-4CE1-8776-924D020630AF}
2013-08-08 23:25 - 2011-07-06 16:18 - 00000000 ____D C:\Users\Canaday Family\AppData\Roaming\Skype
2013-08-07 09:18 - 2012-10-06 09:46 - 00000000 ____D C:\Users\CANADA~1\AppData\Local\Google
2013-08-07 09:18 - 2011-02-23 18:26 - 00000000 ____D C:\Users\Canaday Family\AppData\Roaming\Mozilla
2013-08-05 14:07 - 2012-04-11 09:43 - 00000000 ____D C:\Users\Canaday Family\Desktop\Bernice
2013-08-05 12:51 - 2013-08-05 12:51 - 00002648 _____ C:\{E6361208-A97F-4C82-972A-1DA59AD404DE}
2013-08-03 17:32 - 2013-08-03 17:32 - 00002648 _____ C:\{C253E334-7790-476D-84A7-04EFE9157DA4}
2013-08-02 16:36 - 2013-08-02 16:36 - 00002648 _____ C:\{71D33431-02F8-41DA-8636-3622043F416F}
2013-08-01 14:30 - 2012-01-27 15:50 - 00000000 ____D C:\Users\Canaday Family\.epaysol
2013-07-30 10:52 - 2013-07-30 10:52 - 00002416 _____ C:\{73FEF279-5792-4954-BA83-9C9BB3AD7B2C}
2013-07-29 03:53 - 2013-07-29 03:53 - 00002376 _____ C:\{9A356222-6C7F-40D0-8BB4-D082951A3281}
2013-07-29 03:52 - 2013-07-29 03:52 - 00002648 _____ C:\{62D957F1-6C27-493F-B108-49423529F3C9}
2013-07-27 18:24 - 2013-07-27 18:24 - 00002928 _____ C:\{353BA404-C257-4001-B42B-9EE9F991ED85}
2013-07-27 18:16 - 2013-02-27 17:21 - 00000000 _____ C:\Windows\system32\Drivers\tcpip.sys
2013-07-27 15:08 - 2013-07-27 15:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-07-27 15:08 - 2013-07-27 15:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-27 13:02 - 2011-02-23 19:21 - 00000000 ____D C:\Users\Canaday Family\Desktop\Desktop photos

Files to move or delete:
====================
C:\Users\Alex\AppData\Local\Temp\3cldhzxi.dll
C:\Users\Alex\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Alex\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Alex\AppData\Local\Temp\mism.exe
C:\Users\Alex\AppData\Local\Temp\SIntf16.dll
C:\Users\Alex\AppData\Local\Temp\SIntf32.dll
C:\Users\Alex\AppData\Local\Temp\SIntfNT.dll
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Canaday Family\GoToAssistDownloadHelper.exe
C:\Users\CANADA~1\AppData\Local\Temp\cdrun.exe
C:\Users\CANADA~1\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\CANADA~1\AppData\Local\Temp\contentDATs.exe
C:\Users\CANADA~1\AppData\Local\Temp\ffunzip.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\CANADA~1\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\CANADA~1\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\CANADA~1\AppData\Local\Temp\MSN6105.exe
C:\Users\CANADA~1\AppData\Local\Temp\mssinstaller.exe
C:\Users\CANADA~1\AppData\Local\Temp\ose00000.exe
C:\Users\CANADA~1\AppData\Local\Temp\qc_e3f0f3ef_27e6_4ca8_8a7c_a3d761aa54bb_64.exe
C:\Users\CANADA~1\AppData\Local\Temp\Quarantine.exe
C:\Users\CANADA~1\AppData\Local\Temp\RoxioBurn_0180_MPI_180B57E_RXD.exe
C:\Users\CANADA~1\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\CANADA~1\AppData\Local\Temp\SIntf16.dll
C:\Users\CANADA~1\AppData\Local\Temp\SIntf32.dll
C:\Users\CANADA~1\AppData\Local\Temp\SIntfNT.dll
C:\Users\CANADA~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CANADA~1\AppData\Local\Temp\tbCybe.dll
C:\Users\CANADA~1\AppData\Local\Temp\tbRadi.dll
C:\Users\CANADA~1\AppData\Local\Temp\~InstallCyberDefenderEDC-050662[1].exe
C:\Users\CANADA~1\AppData\Local\Temp\{EF56258E-0326-48C5-A86C-3BAC26FC15DF}_1175\rcscudec10.exe
C:\Users\CANADA~1\AppData\Local\Temp\{e8650c8d-ccb2-496e-816c-ecc54a7ee411}\{e8650c8d-ccb2-496e-816c-ecc54a7ee411}\INF1.EXE
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\GoogleCrashHandler.exe
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\GoogleCrashHandler64.exe
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\GoogleUpdate.exe
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\GoogleUpdateBroker.exe
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\GoogleUpdateOnDemand.exe
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\GoogleUpdateSetup.exe
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdate.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_am.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ar.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_bg.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_bn.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ca.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_cs.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_da.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_de.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_el.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_en-GB.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_en.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_es-419.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_es.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_et.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_fa.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_fi.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_fil.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_fr.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_gu.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_hi.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_hr.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_hu.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_id.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_is.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_it.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_iw.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ja.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_kn.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ko.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_lt.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_lv.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ml.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_mr.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ms.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_nl.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_no.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_pl.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_pt-BR.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_pt-PT.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ro.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ru.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_sk.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_sl.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_sr.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_sv.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_sw.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ta.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_te.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_th.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_tr.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_uk.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_ur.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_vi.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_zh-CN.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\goopdateres_zh-TW.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\npGoogleUpdate3.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\psmachine.dll
C:\Users\CANADA~1\AppData\Local\Temp\{1F945D55-91B8-4948-9107-E752EA0BA634}\psuser.dll
C:\Users\CANADA~1\AppData\Local\Temp\_ir_vp2_temp_0\vpatch.exe
C:\Users\CANADA~1\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll
C:\Users\CANADA~1\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll
C:\Users\CANADA~1\AppData\Local\Temp\NVIDIA1179871509\GPU_Reader.dll
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\MSetup.exe
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\Setup.exe
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\SetupDll.dll
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\PUninst\puninstc.exe
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\PUninst\puninstt.exe
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\plug-ins\hwsetup.dll
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\plug-ins\msiexprdll.dll
C:\Users\CANADA~1\AppData\Local\Temp\Logitech_Webcam_2.30.1396.0\plug-ins\videoc.dll
C:\Users\CANADA~1\AppData\Local\Temp\isp43AA.tmp\_Setup.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-V62F6.tmp\DownloadManagerAPI.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-V62F6.tmp\InnoMonitor2.exe
C:\Users\CANADA~1\AppData\Local\Temp\is-U86BK.tmp\_isetup\_shfoldr.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\DownloadManagerAPI.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\InnoHelpers.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\InnoUtils.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\isxdl.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\PCTWSC.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\SMEngine.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\TFCfg.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-U5M9N.tmp\_isetup\_shfoldr.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\DownloadManagerAPI.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\InnoHelpers.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\InnoUtils.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\isxdl.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\PCTWSC.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\SMEngine.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\TFCfg.dll
C:\Users\CANADA~1\AppData\Local\Temp\is-CGEL1.tmp\_isetup\_shfoldr.dll
C:\Users\CANADA~1\AppData\Local\Temp\HpUpdate\26593\hpusetup.exe
C:\Users\CANADA~1\AppData\Local\Temp\HpUpdate\26578\4250_DiagnosticAlert_000_000_010_000.exe
C:\Users\CANADA~1\AppData\Local\Temp\HpUpdate\26489\HPPCShorCutCreator_5810_000_002_hpu.exe
C:\Users\CANADA~1\AppData\Local\Temp\HpUpdate\26148\5541_FWEDO2_000_001_hpu.exe
C:\Users\CANADA~1\AppData\Local\Temp\HpUpdate\25545\hpusetup.exe
C:\Users\CANADA~1\AppData\Local\Temp\HPDiagnosticAlert\DiagnosticAlert.exe
C:\Users\CANADA~1\AppData\Local\Temp\DFA5.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\D60A.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\ct2953735\components\RadioWMPCore.dll
C:\Users\CANADA~1\AppData\Local\Temp\ct2953735\components\RadioWMPCoreGecko19.dll
C:\Users\CANADA~1\AppData\Local\Temp\cd1296.tmp\2009 Codebase\Installers\CDINSTALLER16\BIN\runtime\build_script\TEMPONLYSOURCE\MyBrand\StubInstall.exe
C:\Users\CANADA~1\AppData\Local\Temp\B386.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\AE49.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\9E04.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\7zS7DF1\InstallDiagnosticAlert.exe
C:\Users\CANADA~1\AppData\Local\Temp\7zS7BFA\bootstrap-ojp.exe
C:\Users\CANADA~1\AppData\Local\Temp\7zS16F6\DIFxAPI.dll
C:\Users\CANADA~1\AppData\Local\Temp\7zS16F6\HPPDU.exe
C:\Users\CANADA~1\AppData\Local\Temp\7zS16F6\DeviceManager\DeviceManager.exe
C:\Users\CANADA~1\AppData\Local\Temp\7zS16F6\DeviceManager\DIFxAPI.dll
C:\Users\CANADA~1\AppData\Local\Temp\42ED.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\3E11.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\3BBE.dir\InstallFlashPlayer.exe
C:\Users\CANADA~1\AppData\Local\Temp\3191.dir\InstallFlashPlayer.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 00:59

==================== End Of Log ============================

[MrCharlie]

I'm sorry, you did post about the problem, I got you confused with someone elses log I was working on.

 

It's late here, be back in the AM....MrC

[MrCharlie]

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

Then.......

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[Thanatos95]

OK, i ran the temp file remover, and it cleaned about 3 gigs of files.  Next i tried the MBAR.  However, when i tried, i got the blue screen of death, twice.  Each time when i tried installing the program.  Both times it mentioned a file called MBAMChameleon.Sys as an issue.  I finally got it to run in safe mode and it reported no issues found.  here are the logs:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v0000.00.00.00

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 8.0.7600.16385
Canaday Family :: CANADAYFAMILY [administrator]

8/26/2013 1:53:21 PM
mbar-log-2013-08-26 (13-53-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 1264
Time elapsed: 1 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

and system-log:

 

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 M a l w a r e b y t e s   A n t i - R o o t k i t   B E T A   1 . 0 7 . 0 . 1 0 0 5
 
 
 
 ( c )   M a l w a r e b y t e s   C o r p o r a t i o n   2 0 1 1 - 2 0 1 2
 
 
 
 O S   v e r s i o n :   6 . 1 . 7 6 0 0   W i n d o w s   7   x 6 4
 
 
 
 S y s t e m   i s   c u r r e n t l y   i n   a   s a f e   m o d e
 
 
 
 A c c o u n t   i s   A d m i n i s t r a t i v e
 
 
 
 I n t e r n e t   E x p l o r e r   v e r s i o n :   8 . 0 . 7 6 0 0 . 1 6 3 8 5
 
 
 
 F i l e   s y s t e m   i s :   N T F S
 
 D i s k   d r i v e s :   C : \   D R I V E _ F I X E D
 
 C P U   s p e e d :   2 . 9 9 2 0 0 0   G H z
 
 M e m o r y   t o t a l :   4 2 9 3 9 0 2 3 3 6 ,   f r e e :   3 0 8 5 0 2 1 1 8 4
 
 
 
 C o u l d   n o t   l o a d   p r o t e c t i o n   d r i v e r
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 I n i t i a l i z i n g . . .
 
 - - - - - - - - - - - -   K e r n e l   r e p o r t   - - - - - - - - - - - -
 
           0 8 / 2 6 / 2 0 1 3   1 3 : 5 3 : 2 0
 
 - - - - - - - - - - - -   L o a d e d   m o d u l e s   - - - - - - - - - - -
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ n t o s k r n l . e x e
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ h a l . d l l
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ k d c o m . d l l
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ m c u p d a t e _ G e n u i n e I n t e l . d l l
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ P S H E D . d l l
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ C L F S . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ C I . d l l
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ W d f 0 1 0 0 0 . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ W D F L D R . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ A C P I . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ W M I L I B . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ m s i s a d r v . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ p c i . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ v d r v r o o t . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ p a r t m g r . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ v o l m g r . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ v o l m g r x . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ m o u n t m g r . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ i a S t o r . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ a m d x a t a . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ f l t m g r . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ N I S x 6 4 \ 1 4 0 4 0 0 0 . 0 2 8 \ S Y M D S 6 4 . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ f i l e i n f o . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ N I S x 6 4 \ 1 4 0 4 0 0 0 . 0 2 8 \ S Y M E F A 6 4 . S Y S
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ P x H l p a 6 4 . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ N t f s . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ m s r p c . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ k s e c d d . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ c n g . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ p c w . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ F s _ R e c . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ n d i s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ N E T I O . S Y S
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ k s e c p k g . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ d r i v e r s \ v o l s n a p . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ r d y b o o s t . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ m u p . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ h w p o l i c y . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D R I V E R S \ f v e v o l . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ d i s k . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ C L A S S P N P . S Y S
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ N u l l . S Y S
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ B e e p . S Y S
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ v g a . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ V I D E O P R T . S Y S
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ w a t c h d o g . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ M s f s . S Y S
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ N p f s . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ H D A u d B u s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ u s b u h c i . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ U S B P O R T . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ u s b e h c i . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ c d r o m . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ b l b d r i v e . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ C o m p o s i t e B u s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ m s s m b i o s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ t e r m d d . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ k b d c l a s s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ m o u c l a s s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ s w e n u m . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ k s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ u m b u s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ u s b h u b . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ w i n 3 2 k . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ D x a p i . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ u s b c c g p . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ U S B D . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ h i d u s b . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ H I D C L A S S . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ H I D P A R S E . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ k b d h i d . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ U S B S T O R . S Y S
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ m o u h i d . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ d r i v e r s \ d x g . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ T S D D D . d l l
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ f r a m e b u f . d l l
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ u s b p r i n t . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ c d f s . s y s
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ d c 3 d . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ A T M F D . D L L
 
 \ S y s t e m R o o t \ s y s t e m 3 2 \ D R I V E R S \ p o i n t 6 4 . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ c r a s h d m p . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ d u m p _ i a S t o r . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ d u m p _ d u m p f v e . s y s
 
 \ S y s t e m R o o t \ S y s t e m 3 2 \ D r i v e r s \ f a s t f a t . S Y S
 
 \ ? ? \ C : \ W i n d o w s \ s y s t e m 3 2 \ d r i v e r s \ M B A M S w i s s A r m y . s y s
 
 \ W i n d o w s \ S y s t e m 3 2 \ n t d l l . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ s m s s . e x e
 
 \ W i n d o w s \ S y s t e m 3 2 \ a p i s e t s c h e m a . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ a u t o c h k . e x e
 
 \ W i n d o w s \ S y s t e m 3 2 \ l p k . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ m s c t f . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ d i f x a p i . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ o l e 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ a d v a p i 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ s h e l l 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ w i n i n e t . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ k e r n e l 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ o l e a u t 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ W l d a p 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ s e c h o s t . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ n s i . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ c l b c a t q . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ u r l m o n . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ m s v c r t . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ r p c r t 4 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ s e t u p a p i . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ c o m d l g 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ u s e r 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ u s p 1 0 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ i m a g e h l p . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ i m m 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ n o r m a l i z . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ w s 2 _ 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ s h l w a p i . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ i e r t u t i l . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ g d i 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ p s a p i . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ c r y p t 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ w i n t r u s t . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ K e r n e l B a s e . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ c f g m g r 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ d e v o b j . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ c o m c t l 3 2 . d l l
 
 \ W i n d o w s \ S y s t e m 3 2 \ m s a s n 1 . d l l
 
 \ W i n d o w s \ S y s W O W 6 4 \ n o r m a l i z . d l l
 
 - - - - - - - - - - -   E n d   - - - - - - - - - - -
 
 D o n e !
 
 < < < 1 > > >
 
 U p p e r   D e v i c e   N a m e :   \ D e v i c e \ H a r d d i s k 6 \ D R 6
 
 U p p e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 6 1 d 4 7 9 0
 
 U p p e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ D i s k \
 
 L o w e r   D e v i c e   N a m e :   \ D e v i c e \ 0 0 0 0 0 0 8 a \
 
 L o w e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f c 9 b 6 0
 
 L o w e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ U S B S T O R \
 
 < < < 1 > > >
 
 U p p e r   D e v i c e   N a m e :   \ D e v i c e \ H a r d d i s k 5 \ D R 5
 
 U p p e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 6 1 7 7 7 9 0
 
 U p p e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ D i s k \
 
 L o w e r   D e v i c e   N a m e :   \ D e v i c e \ 0 0 0 0 0 0 8 6 \
 
 L o w e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 4 7 0 6 0
 
 L o w e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ U S B S T O R \
 
 < < < 1 > > >
 
 U p p e r   D e v i c e   N a m e :   \ D e v i c e \ H a r d d i s k 4 \ D R 4
 
 U p p e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 3 5 0 6 0
 
 U p p e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ D i s k \
 
 L o w e r   D e v i c e   N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 e \
 
 L o w e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 2 9 b 6 0
 
 L o w e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ U S B S T O R \
 
 < < < 1 > > >
 
 U p p e r   D e v i c e   N a m e :   \ D e v i c e \ H a r d d i s k 3 \ D R 3
 
 U p p e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 3 4 0 6 0
 
 U p p e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ D i s k \
 
 L o w e r   D e v i c e   N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 d \
 
 L o w e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 2 7 b 6 0
 
 L o w e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ U S B S T O R \
 
 < < < 1 > > >
 
 U p p e r   D e v i c e   N a m e :   \ D e v i c e \ H a r d d i s k 2 \ D R 2
 
 U p p e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 3 3 0 6 0
 
 U p p e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ D i s k \
 
 L o w e r   D e v i c e   N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 c \
 
 L o w e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 2 6 b 6 0
 
 L o w e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ U S B S T O R \
 
 < < < 1 > > >
 
 U p p e r   D e v i c e   N a m e :   \ D e v i c e \ H a r d d i s k 1 \ D R 1
 
 U p p e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 3 2 0 6 0
 
 U p p e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ D i s k \
 
 L o w e r   D e v i c e   N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 b \
 
 L o w e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 5 f 1 f 0 6 0
 
 L o w e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ U S B S T O R \
 
 < < < 1 > > >
 
 U p p e r   D e v i c e   N a m e :   \ D e v i c e \ H a r d d i s k 0 \ D R 0
 
 U p p e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 4 7 9 2 6 d 0
 
 U p p e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ D i s k \
 
 L o w e r   D e v i c e   N a m e :   \ D e v i c e \ I d e \ I A A S t o r a g e D e v i c e - 1 \
 
 L o w e r   D e v i c e   O b j e c t :   0 x f f f f f a 8 0 0 3 c e 6 0 5 0
 
 L o w e r   D e v i c e   D r i v e r   N a m e :   \ D r i v e r \ i a S t o r \
 
 < < < 2 > > >
 
 P h y s i c a l   S e c t o r   S i z e :   5 1 2
 
 D r i v e :   0 ,   D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 4 7 9 2 6 d 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 0 \ D R 0 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 - - - - - - - - -   D i s k   S t a c k   - - - - - -
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 4 7 9 2 1 2 0 ,   D e v i c e N a m e :   U n k n o w n ,   D r i v e r N a m e :   \ D r i v e r \ p a r t m g r \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 4 7 9 2 6 d 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 0 \ D R 0 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 3 c e 6 0 5 0 ,   D e v i c e N a m e :   \ D e v i c e \ I d e \ I A A S t o r a g e D e v i c e - 1 \ ,   D r i v e r N a m e :   \ D r i v e r \ i a S t o r \
 
 - - - - - - - - - - - -   E n d   - - - - - - - - - -
 
 A l t e r n a t e   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 0 \ D R 0 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 U p p e r   D e v i c e D a t a :   0 x 0 ,   0 x 0 ,   0 x 0
 
 L o w e r   D e v i c e D a t a :   0 x 0 ,   0 x 0 ,   0 x 0
 
 < < < 3 > > >
 
 V o l u m e :   C :
 
 F i l e   s y s t e m   t y p e :   N T F S
 
 S e c t o r S i z e   =   5 1 2 ,   C l u s t e r S i z e   =   4 0 9 6 ,   M F T R e c o r d S i z e   =   1 0 2 4 ,   M F T I n d e x S i z e   =   4 0 9 6   b y t e s
 
 < < < 2 > > >
 
 < < < 3 > > >
 
 V o l u m e :   C :
 
 F i l e   s y s t e m   t y p e :   N T F S
 
 S e c t o r S i z e   =   5 1 2 ,   C l u s t e r S i z e   =   4 0 9 6 ,   M F T R e c o r d S i z e   =   1 0 2 4 ,   M F T I n d e x S i z e   =   4 0 9 6   b y t e s
 
 S c a n n i n g   d r i v e r s   d i r e c t o r y :   C : \ W I N D O W S \ S Y S T E M 3 2 \ d r i v e r s . . .
 
 < < < 2 > > >
 
 < < < 3 > > >
 
 V o l u m e :   C :
 
 F i l e   s y s t e m   t y p e :   N T F S
 
 S e c t o r S i z e   =   5 1 2 ,   C l u s t e r S i z e   =   4 0 9 6 ,   M F T R e c o r d S i z e   =   1 0 2 4 ,   M F T I n d e x S i z e   =   4 0 9 6   b y t e s
 
 D o n e !
 
 D r i v e   0
 
 S c a n n i n g   M B R   o n   d r i v e   0 . . .
 
 I n s p e c t i n g   p a r t i t i o n   t a b l e :
 
 M B R   S i g n a t u r e :   5 5 A A
 
 D i s k   S i g n a t u r e :   7 7 E 3 E D 4 1
 
 
 
 P a r t i t i o n   i n f o r m a t i o n :
 
 
 
         P a r t i t i o n   0   t y p e   i s   O t h e r   ( 0 x d e )
 
         P a r t i t i o n   i s   N O T   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   6 3     N u m s e c   =   8 0 2 6 2
 
 
 
         P a r t i t i o n   1   t y p e   i s   P r i m a r y   ( 0 x 7 )
 
         P a r t i t i o n   i s   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   8 1 9 2 0     N u m s e c   =   2 5 2 7 6 4 1 6
 
         P a r t i t i o n   f i l e   s y s t e m   i s   N T F S
 
         P a r t i t i o n   i s   b o o t a b l e
 
 
 
         P a r t i t i o n   2   t y p e   i s   P r i m a r y   ( 0 x 7 )
 
         P a r t i t i o n   i s   N O T   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   2 5 3 5 8 3 3 6     N u m s e c   =   9 5 1 4 1 2 7 3 6
 
 
 
         P a r t i t i o n   3   t y p e   i s   E m p t y   ( 0 x 0 )
 
         P a r t i t i o n   i s   N O T   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   0     N u m s e c   =   0
 
 
 
 D i s k   S i z e :   5 0 0 1 0 7 8 6 2 0 1 6   b y t e s
 
 S e c t o r   s i z e :   5 1 2   b y t e s
 
 
 
 S c a n n i n g   p h y s i c a l   s e c t o r s   o f   u n p a r t i t i o n e d   s p a c e   o n   d r i v e   0   ( 1 - 6 2 - 9 7 6 7 5 3 1 6 8 - 9 7 6 7 7 3 1 6 8 ) . . .
 
 D o n e !
 
 P h y s i c a l   S e c t o r   S i z e :   0
 
 D r i v e :   1 ,   D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 2 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 1 \ D R 1 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 - - - - - - - - -   D i s k   S t a c k   - - - - - -
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 2 b 9 0 ,   D e v i c e N a m e :   U n k n o w n ,   D r i v e r N a m e :   \ D r i v e r \ p a r t m g r \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 2 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 1 \ D R 1 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 1 f 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 b \ ,   D r i v e r N a m e :   \ D r i v e r \ U S B S T O R \
 
 - - - - - - - - - - - -   E n d   - - - - - - - - - -
 
 P h y s i c a l   S e c t o r   S i z e :   0
 
 D r i v e :   2 ,   D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 3 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 2 \ D R 2 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 - - - - - - - - -   D i s k   S t a c k   - - - - - -
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 3 b 9 0 ,   D e v i c e N a m e :   U n k n o w n ,   D r i v e r N a m e :   \ D r i v e r \ p a r t m g r \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 3 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 2 \ D R 2 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 2 6 b 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 c \ ,   D r i v e r N a m e :   \ D r i v e r \ U S B S T O R \
 
 - - - - - - - - - - - -   E n d   - - - - - - - - - -
 
 P h y s i c a l   S e c t o r   S i z e :   0
 
 D r i v e :   3 ,   D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 4 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 3 \ D R 3 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 - - - - - - - - -   D i s k   S t a c k   - - - - - -
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 4 b 9 0 ,   D e v i c e N a m e :   U n k n o w n ,   D r i v e r N a m e :   \ D r i v e r \ p a r t m g r \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 4 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 3 \ D R 3 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 2 7 b 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 d \ ,   D r i v e r N a m e :   \ D r i v e r \ U S B S T O R \
 
 - - - - - - - - - - - -   E n d   - - - - - - - - - -
 
 P h y s i c a l   S e c t o r   S i z e :   0
 
 D r i v e :   4 ,   D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 5 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 4 \ D R 4 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 - - - - - - - - -   D i s k   S t a c k   - - - - - -
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 5 b 9 0 ,   D e v i c e N a m e :   U n k n o w n ,   D r i v e r N a m e :   \ D r i v e r \ p a r t m g r \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 3 5 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 4 \ D R 4 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 2 9 b 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ 0 0 0 0 0 0 7 e \ ,   D r i v e r N a m e :   \ D r i v e r \ U S B S T O R \
 
 - - - - - - - - - - - -   E n d   - - - - - - - - - -
 
 P h y s i c a l   S e c t o r   S i z e :   0
 
 D r i v e :   5 ,   D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 6 1 7 7 7 9 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 5 \ D R 5 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 - - - - - - - - -   D i s k   S t a c k   - - - - - -
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 6 1 7 c 9 1 0 ,   D e v i c e N a m e :   U n k n o w n ,   D r i v e r N a m e :   \ D r i v e r \ p a r t m g r \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 6 1 7 7 7 9 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 5 \ D R 5 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f 4 7 0 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ 0 0 0 0 0 0 8 6 \ ,   D r i v e r N a m e :   \ D r i v e r \ U S B S T O R \
 
 - - - - - - - - - - - -   E n d   - - - - - - - - - -
 
 P h y s i c a l   S e c t o r   S i z e :   5 1 2
 
 D r i v e :   6 ,   D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 6 1 d 4 7 9 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 6 \ D R 6 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 - - - - - - - - -   D i s k   S t a c k   - - - - - -
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 6 1 f 2 0 4 0 ,   D e v i c e N a m e :   U n k n o w n ,   D r i v e r N a m e :   \ D r i v e r \ p a r t m g r \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 6 1 d 4 7 9 0 ,   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 6 \ D R 6 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 D e v i c e P o i n t e r :   0 x f f f f f a 8 0 0 5 f c 9 b 6 0 ,   D e v i c e N a m e :   \ D e v i c e \ 0 0 0 0 0 0 8 a \ ,   D r i v e r N a m e :   \ D r i v e r \ U S B S T O R \
 
 - - - - - - - - - - - -   E n d   - - - - - - - - - -
 
 A l t e r n a t e   D e v i c e N a m e :   \ D e v i c e \ H a r d d i s k 6 \ D R 6 \ ,   D r i v e r N a m e :   \ D r i v e r \ D i s k \
 
 U p p e r   D e v i c e D a t a :   0 x 0 ,   0 x 0 ,   0 x 0
 
 L o w e r   D e v i c e D a t a :   0 x 0 ,   0 x 0 ,   0 x 0
 
 D r i v e   6
 
 S c a n n i n g   M B R   o n   d r i v e   6 . . .
 
 I n s p e c t i n g   p a r t i t i o n   t a b l e :
 
 M B R   S i g n a t u r e :   5 5 A A
 
 D i s k   S i g n a t u r e :   0
 
 
 
 P a r t i t i o n   i n f o r m a t i o n :
 
 
 
         P a r t i t i o n   0   t y p e   i s   O t h e r   ( 0 x 6 )
 
         P a r t i t i o n   i s   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   3 2     N u m s e c   =   4 9 9 6 8 0
 
         P a r t i t i o n   f i l e   s y s t e m   i s   F A T
 
         P a r t i t i o n   i s   n o t   b o o t a b l e
 
 
 
         P a r t i t i o n   1   t y p e   i s   E m p t y   ( 0 x 0 )
 
         P a r t i t i o n   i s   N O T   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   0     N u m s e c   =   0
 
 
 
         P a r t i t i o n   2   t y p e   i s   E m p t y   ( 0 x 0 )
 
         P a r t i t i o n   i s   N O T   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   0     N u m s e c   =   0
 
 
 
         P a r t i t i o n   3   t y p e   i s   E m p t y   ( 0 x 0 )
 
         P a r t i t i o n   i s   N O T   A C T I V E .
 
         P a r t i t i o n   s t a r t s   a t   L B A :   0     N u m s e c   =   0
 
 
 
 D i s k   S i z e :   2 5 5 8 5 2 5 4 4   b y t e s
 
 S e c t o r   s i z e :   5 1 2   b y t e s
 
 
 
 D o n e !
 
 S c a n   f i n i s h e d
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 
 
 
 
 R e m o v a l   q u e u e   f o u n d ;   r e m o v a l   s t a r t e d
 
 R e m o v i n g   C : \ P r o g r a m D a t a \ M a l w a r e b y t e s '   A n t i - M a l w a r e   ( p o r t a b l e ) \ M B R _ 0 _ i . m b a m . . .
 
 R e m o v i n g   C : \ P r o g r a m D a t a \ M a l w a r e b y t e s '   A n t i - M a l w a r e   ( p o r t a b l e ) \ B o o t s t r a p _ 0 _ 1 _ 8 1 9 2 0 _ i . m b a m . . .
 
 R e m o v i n g   C : \ P r o g r a m D a t a \ M a l w a r e b y t e s '   A n t i - M a l w a r e   ( p o r t a b l e ) \ M B R _ 0 _ r . m b a m . . .
 
 R e m o v i n g   C : \ P r o g r a m D a t a \ M a l w a r e b y t e s '   A n t i - M a l w a r e   ( p o r t a b l e ) \ M B R _ 6 _ i . m b a m . . .
 
 R e m o v i n g   C : \ P r o g r a m D a t a \ M a l w a r e b y t e s '   A n t i - M a l w a r e   ( p o r t a b l e ) \ B o o t s t r a p _ 6 _ 0 _ 3 2 _ i . m b a m . . .
 
 R e m o v i n g   C : \ P r o g r a m D a t a \ M a l w a r e b y t e s '   A n t i - M a l w a r e   ( p o r t a b l e ) \ M B R _ 6 _ r . m b a m . . .
 
 R e m o v a l   f i n i s h e d
 
 

[Thanatos95]

Sorry, forgot to mention that the internet issues are still present. When i tried to run fixdamage, it said it was incompatible with my version of windows.  This computer has the 64 bit version of windows on it, do i need a differed version of fixdamage?

[MrCharlie]

Sorry, forgot to mention that the internet issues are still present. When i tried to run fixdamage, it said it was incompatible with my version of windows.  This computer has the 64 bit version of windows on it, do i need a differed version of fixdamage?

No it should have worked.

Do this next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Thanatos95]

Ok, I ran combofix and things have improved a bit.  Windows defender is apperently working now, and was able to scan.  windows firewall is offline, but that may be because of nortons.  The network card is still offline though.  here is the combo fix result log:

 

ComboFix 13-08-25.01 - Canaday Family 08/26/2013  15:06:09.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4095.2717 [GMT -4:00]
Running from: c:\users\Canaday Family\Desktop\Virus Check Programs\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\BOOTSTRAP.JS
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CREXT.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\users\Canaday Family\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-26 to 2013-08-26  )))))))))))))))))))))))))))))))
.
.
2013-08-26 17:53 . 2013-08-26 17:54    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-26 17:47 . 2013-08-26 17:53    92376    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-08-26 02:28 . 2013-08-26 02:28    --------    d-----w-    C:\FRST
2013-08-26 00:59 . 2013-08-26 01:37    --------    d-----w-    C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 22:44 . 2012-06-27 02:28    177312    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-06-19 21:02 . 2013-06-19 21:02    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 21:02 . 2012-09-11 18:11    867240    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-06-19 21:02 . 2011-02-16 17:17    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-19 12:35 . 2013-06-19 12:35    45056    ----a-r-    c:\users\Canaday Family\AppData\Roaming\Microsoft\Installer\{4956ACE3-F537-4418-BB45-FD52395275A7}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-06-19 12:35 . 2013-06-19 12:35    45056    ----a-r-    c:\users\Canaday Family\AppData\Roaming\Microsoft\Installer\{4956ACE3-F537-4418-BB45-FD52395275A7}\ARPPRODUCTICON.exe
2013-06-16 15:52 . 2011-02-23 22:25    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-12 05:18 . 2012-04-09 10:54    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 05:18 . 2011-05-18 09:03    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-07-27 22:16 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
"Facebook Update"="c:\users\Canaday Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"lxdnmon.exe"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 522736]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ShopAtHomeWatcher"="c:\users\Canaday Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2013-01-29 119672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
c:\users\Canaday Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2733H05X05RQ;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-24 110592]
Monitor.lnk - c:\program files (x86)\PhotoStudio Expressions\PMMonitor.exe [2011-4-9 118784]
Ulead Photo Express Calendar Checker.lnk - c:\program files (x86)\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe [2011-9-25 57344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 OV550I;35mm Film Scanner;c:\windows\system32\Drivers\FilmScan.sys;c:\windows\SYSNATIVE\Drivers\FilmScan.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [x]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [x]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 19:36    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 05:18]
.
2013-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001Core.job
- c:\users\Canaday Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-18 22:32]
.
2013-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001UA.job
- c:\users\Canaday Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-18 22:32]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 13:46]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 13:46]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001Core.job
- c:\users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-24 13:52]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2838458837-2090948747-2063743716-1001UA.job
- c:\users\Canaday Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-24 13:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ffb11c0c-da90-4969-a995-8dca2e0fc10a} - (no file)
URLSearchHooks-{2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mbamchameleon
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{FFB11C0C-DA90-4969-A995-8DCA2E0FC10A} - (no file)
WebBrowser-{2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - (no file)
AddRemove-Lexmark 2600 Series - c:\program files (x86)\Lexmark 2600 Series\Install\x64\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2013-08-26  15:54:29 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-26 19:54
.
Pre-Run: 381,246,169,088 bytes free
Post-Run: 380,757,037,056 bytes free
.
- - End Of File - - 5816435033B9B68EA5BC4036F49F4D1C
CDB4DE4BBD714F152979DA2DCBEF57EB
 

[MrCharlie]

ComboFix 13-08-25.01 - Canaday Family 08/26/2013 15:06:09.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2717 [GMT -4:00]

Running from: c:\users\Canaday Family\Desktop\Virus Check Programs\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

-----------------------------------------------

Why do you have Norton on the system??? It says disabled and outdated.

You can't have 2 anti-virus programs running at the same time, they only conflict with each other and provide spotty protection.

Same with firewalls.

-------------------------------------------------

Are there any alerts in the device manager??

MrC

[Thanatos95]

Nortons is the only active antivirus on the system, the MBAM is on there as a backup, but its not a subscribed version, so no active protection.  The outdated is probably because it hasnt been able to update its definitions since this started last week.  As for the device manager, I didnt see any alerts on it.  According to the properties tab there, the network card is working fine.  Ive double checked the lines and they are all plugged in.

[MrCharlie]

Nortons is the only active antivirus on the system

You have Defender running, it should be disabled:
http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/

-----------------------------------------------------------------

network card is still offline

What exactly do you mean by this?
Are you on a network and if so is it wireless?

MrC

[Thanatos95]

ok, i turned off defender so nortons is the only antivirus running.  The network card is a wired type, plugged directly into the router.  The network icon on the system tray says no network detected.  Troubleshooter finds nothing.  When i open the network and sharing senter, the spot that normaly shows the network map says "dependency or group failed to start".  I know the network router works fine as all other devices using it are working fine.  I figured this was some kind of virus when it started, as windows defender and firewall were shut down at the same time the network went out, and it happened at the same time my computer was infected with zaccess.

[MrCharlie]

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

MrC

[Thanatos95]

ok here are the results of the FSS scan.  i notice that it says tcpip.sys is infected

 

 

Farbar Service Scanner Version: 18-08-2013
Ran by Canaday Family (administrator) on 26-08-2013 at 22:04:48
Running from "C:\Users\Canaday Family\Desktop\Virus Check Programs"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-27 17:21] - [2013-07-27 18:16] - 0000000 ____A ()

ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys IS INFECTED.

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[MrCharlie]

ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys IS INFECTED.

Combofix also check it and the version you have is OK:

https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/

----------------------------------------------

All these services are stopped and should be running.

Please start them all:
http://www.sevenforums.com/tutorials/2495-services-start-disable.html


Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

 

Let me know and rescan with FSS when done....MrC

[Thanatos95]

ok, I wented into Services and attempted to start the programs you listed.  I ran into problems though

 

DHCP:Error 1168 element not found
that is what it said when i attempted to manually start DHCP

 

tcpip netbios helper was was the only entry i saw named tcpip, and it was already on.

 

BFE: error 2 the system cannot find the file specified

got this on the BFE entry

 

and i cannot find something called BITS, or Wuauserv.  I thought the windows update entry might be the Wuauserv, but it wouldnt turn on either.

 

I reran FSS after my attempts, but the results look the same:

 

Farbar Service Scanner Version: 18-08-2013
Ran by Canaday Family (administrator) on 27-08-2013 at 00:14:08
Running from "C:\Users\Canaday Family\Desktop\Virus Check Programs"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-27 17:21] - [2013-07-27 18:16] - 0000000 ____A ()

ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys IS INFECTED.

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****