[Resolved] Google Search Results Redirection Problem

[derekpw]

Kevin,

You worked on my desktop and laptop computers and both are running great!  However, the laptop continues to have to redirection problem on the Google search results.  Here are the DDS logs.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Derek at 16:46:51 on 2012-05-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3831.1557 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.ebay.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"                                                                                                                                                                                                          
uRun: [2C628806C8122DE3602F3FBE803DEA7C493D935E._service_run] "C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun                                                                                                                                                                                  
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60                                                                                                                                                                              
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6C9126D8-7804-4974-BF8F-532B197D8AA1} : DhcpNameServer = 70.10.0.20 70.10.0.21
TCP: Interfaces\{B7EF17E6-32CC-4DE1-9A5C-4B8A587D943A} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B7EF17E6-32CC-4DE1-9A5C-4B8A587D943A}\D69636861656C637D27657563747 : DhcpNameServer = 205.171.3.65
TCP: Interfaces\{F1E3BF27-F067-4B56-8AB6-C6F66B9613F5} : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{F1E3BF27-F067-4B56-8AB6-C6F66B9613F5}\37D636F5D656273656279637C616E646 : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{F1E3BF27-F067-4B56-8AB6-C6F66B9613F5}\D69636861656C637D27657563747 : DhcpNameServer = 205.171.3.65
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
IFEO: mediacontroller.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: powerpnt.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: tintouch.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64:     Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [TWebCamera    REG_EXPAND_SZ    "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun                                                                                                                                                                           ]
mRun-x64: [ToshibaServiceStation    REG_SZ    "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60                                                                                                                                                                      ]
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
IFEO-X64: mediacontroller.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: powerpnt.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: tintouch.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 eamonm;eamonm;C:\windows\system32\DRIVERS\eamonm.sys --> C:\windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\windows\system32\DRIVERS\epfwwfpr.sys --> C:\windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-4-5 2143552]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-3-29 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-15 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 135664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 STONEDRV;AmScope MD Driver;C:\windows\system32\Drivers\stonedrv.sys --> C:\windows\system32\Drivers\stonedrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-23 54136]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
.
=============== Created Last 30 ================
.
2012-05-16 01:28:08   24904   ----a-w-   C:\windows\System32\drivers\mbam.sys
2012-05-16 01:28:08   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-16 01:22:18   --------   d-----w-   C:\Users\Derek\AppData\Roaming\WinPatrol
2012-05-16 01:22:10   --------   d-----w-   C:\ProgramData\InstallMate
2012-05-16 01:22:10   --------   d-----w-   C:\Program Files (x86)\BillP Studios
2012-05-15 18:04:28   --------   d-----w-   C:\ProgramData\boost_interprocess
2012-05-15 18:01:42   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-15 18:01:42   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-15 18:01:42   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-15 18:01:42   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-15 18:01:42   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-15 18:01:42   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-15 18:01:42   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-15 17:55:04   839112   ----a-w-   C:\windows\System32\deployJava1.dll
2012-05-15 17:55:03   955848   ----a-w-   C:\windows\System32\npDeployJava1.dll
2012-05-15 17:53:37   419488   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-15 17:51:25   --------   d-----w-   C:\Users\Derek\AppData\Local\DDMSettings
2012-05-15 17:35:19   --------   d-----w-   C:\Program Files (x86)\FileHippo.com
2012-05-15 05:48:49   34624   ----a-w-   C:\windows\System32\TURegOpt.exe
2012-05-15 05:48:47   25920   ----a-w-   C:\windows\System32\authuitu.dll
2012-05-15 05:48:47   21312   ----a-w-   C:\windows\SysWow64\authuitu.dll
2012-05-15 05:48:24   --------   d-----w-   C:\Users\Derek\AppData\Roaming\TuneUp Software
2012-05-15 05:48:12   --------   d-----w-   C:\Program Files (x86)\TuneUp Utilities 2012
2012-05-15 05:47:33   --------   d-----w-   C:\ProgramData\TuneUp Software
2012-05-15 05:47:26   --------   d-sh--w-   C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-15 05:47:26   --------   d--h--w-   C:\ProgramData\Common Files
2012-05-14 00:52:34   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-05-12 01:36:43   --------   d-----w-   C:\Users\Derek\AppData\Roaming\Anvisoft
2012-05-12 01:35:33   --------   d-----w-   C:\Program Files (x86)\Anvisoft
2012-05-11 17:45:19   8917360   ------w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20494521-4BFC-4472-A8E2-902B8FAA44B1}\mpengine.dll
2012-05-10 03:14:49   1732096   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 03:14:48   936960   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 03:14:48   1367552   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 03:14:47   1402880   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 03:14:47   1393664   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 03:14:44   1544704   ----a-w-   C:\windows\System32\DWrite.dll
2012-05-10 03:14:43   1077248   ----a-w-   C:\windows\SysWow64\DWrite.dll
2012-05-10 03:14:35   5559664   ----a-w-   C:\windows\System32\ntoskrnl.exe
2012-05-10 03:14:33   3146240   ----a-w-   C:\windows\System32\win32k.sys
2012-05-10 03:14:30   3968368   ----a-w-   C:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 03:14:29   3913072   ----a-w-   C:\windows\SysWow64\ntoskrnl.exe
2012-05-10 03:13:41   75120   ----a-w-   C:\windows\System32\drivers\partmgr.sys
2012-05-10 03:13:08   1918320   ----a-w-   C:\windows\System32\drivers\tcpip.sys
2012-05-02 00:46:28   4472832   ----a-w-   C:\windows\SysWow64\GPhotos.scr
.
==================== Find3M  ====================
.
2012-05-16 01:20:31   70304   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46:16   23408   ----a-w-   C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27   220672   ----a-w-   C:\windows\System32\wintrust.dll
2012-03-01 06:33:50   81408   ----a-w-   C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47   5120   ----a-w-   C:\windows\System32\wmi.dll
2012-03-01 05:37:41   172544   ----a-w-   C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23   159232   ----a-w-   C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16   5120   ----a-w-   C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48   2311168   ----a-w-   C:\windows\System32\jscript9.dll
2012-02-28 06:49:56   1390080   ----a-w-   C:\windows\System32\wininet.dll
2012-02-28 06:48:57   1493504   ----a-w-   C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55   2382848   ----a-w-   C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55   1799168   ----a-w-   C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21   1427456   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07   1127424   ----a-w-   C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16   2382848   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36   279656   ------w-   C:\windows\System32\MpSigStub.exe
2012-02-17 06:38:26   1031680   ----a-w-   C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22   826880   ----a-w-   C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24   210944   ----a-w-   C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32   23552   ----a-w-   C:\windows\System32\drivers\tdtcp.sys
.
============= FINISH: 16:47:33.38 ===============

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2010 6:03:23 PM
System Uptime: 5/15/2012 11:07:32 AM (29 hours ago)
.
Motherboard: AMD Corp. |  | Guam
Processor: AMD Phenom(tm) II P820 Triple-Core Processor | Socket S1G4 | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 211.158 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0000
Manufacturer: Sunbelt Software, Inc.
Name: Microsoft Virtual WiFi Miniport Adapter #2 - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0000
Service: SBFWIMCLMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0001
Manufacturer: Sunbelt Software, Inc.
Name: Atheros AR8152 PCI-E Fast Ethernet Controller #2 - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0001
Service: SBFWIMCLMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0003
Manufacturer: Sunbelt Software, Inc.
Name: Microsoft Virtual WiFi Miniport Adapter - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0003
Service: SBFWIMCLMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0004
Manufacturer: Sunbelt Software, Inc.
Name: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0004
Service: SBFWIMCLMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0005
Manufacturer: Sunbelt Software, Inc.
Name: Atheros AR8152 PCI-E Fast Ethernet Controller - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0005
Service: SBFWIMCLMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0006
Manufacturer: Sunbelt Software, Inc.
Name: WAN Miniport (IP) - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0006
Service: SBFWIMCLMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0007
Manufacturer: Sunbelt Software, Inc.
Name: WAN Miniport (Network Monitor) - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0007
Service: SBFWIMCLMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0008
Manufacturer: Sunbelt Software, Inc.
Name: WAN Miniport (IPv6) - Sunbelt Software Firewall NDIS IM Filter Miniport
PNP Device ID: ROOT\SB_SBFWIMCLMP\0008
Service: SBFWIMCLMP
.
==== System Restore Points ===================
.
RP215: 5/15/2012 10:26:17 AM - ComboFix created restore point
RP216: 5/15/2012 10:54:17 AM - Installed Java(TM) 7 Update 4 (64-bit)
RP217: 5/15/2012 10:59:58 AM - Installed QuickTime
RP218: 5/15/2012 6:47:47 PM - Windows Update
RP219: 5/15/2012 10:51:54 PM - Removed Skype Click to Call
.
==== Image File Execution Options =============
.
IFEO: mediacontroller.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: powerpnt.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: tintouch.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: toshibaservicestation.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: tpchviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: winword.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: mediacontroller.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: powerpnt.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: tintouch.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: toshibaservicestation.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: tpchviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: winword.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AmScope AmScope 3.1
AmScope Devices
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
eReg
FileHippo.com Update Checker
FileZilla Client 3.5.3
Google Chrome
Google Talk Plugin
Google Update Helper
IObit Toolbar v4.3
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
Password Corral v4.0
Picasa 3
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Launcher
Skype™ 5.9
SyncBack
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Service
VC80CRTRedist - 8.0.50727.6195
Windows Essentials Media Codec Pack 3.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
5/16/2012 4:41:04 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer SC-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7EF17E6-32CC-4DE1-9A5C-4B8A587D943A}. The master browser is stopping or an election is being forced.
5/16/2012 1:48:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.125.1854.0).
5/16/2012 1:48:01 PM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  The specified module could not be found.
5/15/2012 11:08:24 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/15/2012 11:07:45 AM, Error: volmgr [46]  - Crash dump initialization failed!
5/13/2012 8:25:42 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avfsmn discache ehdrv SBRE spldr Wanarpv6
5/13/2012 8:23:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/13/2012 8:22:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/13/2012 8:20:16 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache ehdrv spldr Wanarpv6
5/13/2012 8:15:54 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
5/13/2012 8:15:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/13/2012 8:15:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/13/2012 8:15:23 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD avfsmn DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss SbFw SBRE SbTis spldr tdx vwififlt Wanarpv6 WfpLwf
5/13/2012 8:15:23 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/13/2012 8:15:23 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/13/2012 8:15:23 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/13/2012 8:15:23 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/13/2012 8:15:23 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/13/2012 8:15:17 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/13/2012 8:15:17 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
5/13/2012 8:15:17 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/13/2012 8:15:17 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/13/2012 5:51:06 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
5/13/2012 5:49:15 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/13/2012 5:48:44 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
5/13/2012 5:42:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
5/13/2012 2:19:12 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache ehdrv SBRE spldr Wanarpv6
5/13/2012 2:03:06 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
5/13/2012 1:01:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/12/2012 6:25:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
5/12/2012 6:25:13 PM, Error: Service Control Manager [7000]  - The Windows Defender service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 6:23:09 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
5/12/2012 6:23:09 PM, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 6:19:00 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
5/12/2012 6:19:00 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 6:15:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
5/12/2012 2:23:06 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
5/12/2012 2:23:06 AM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/12/2012 2:23:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
5/12/2012 10:43:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/12/2012 10:43:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================



Thank you,

Derek

[1972vet]

Greetings Derek, and Welcome back!

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-click on TDSSKiller.exe to run the application. Click the "Change parameters". Under Additional options, check the box next to both options, "Verify Driver Digital Signature" and "Detect TDLFS file system" and click the OK button.
  
• Click the Start scan button.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• You may be prompted to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file back here on your next reply.
  
• ...otherwise, if a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". If this was the case, then we need to see that log.
  

[derekpw]

TDSSKiller log attached.

[1972vet]

Thanks. I see no glaring reason for your browser redirection issue, from anything in any of the logs from the various scans you've performed. However, I do see that you ran Combofix just two days ago. May I take a look at that log please?

There were a few items in the logs you posted that I took note of which should be addressed. Anvisoft and IObit both are questionable as to their effectiveness. In fact, I0bit is notorious for stealing MalwareBytes signature database...and Anvisoft has been found to have a very poor detection rate. Even that aside, it's only been established since November of last year. For me, that's WAYYY too soon to consider it a contender.

Two other items I noted were the Tuneup utilities and the Webroot software. Nothing at all wrong with webroot, except that you have no need of it with your setup. Windows 7 having the "Windows Defender" running by default, is perfectly fine for use along with your chosen antivirus solution, ESET. Running the webroot software along with these is just...too much.

As to the tuneup utilities, I would have to ask if you consider yourself an expert user. If you don't, then I would suggest restoring any backup copies made by the program, then uninstalling it. Otherwise, if you DO consider yourself an expert user, then you should do well with it.

On your reply, please tell me what web sites you are being redirected to upon searching for what other web addresses. Thanks!

[derekpw]

Hi.  I don't have any Anvisoft or IOBit software installed anymore.  Do I need to clean up something that remains?

I do not know what webroot is.  Never installed that.

I am evaluating the Tuneup Utilities and really like it.  I consider myself knowledgeable but not an expert user.

Here are some Google Search Result redirection examples.  The 1st URL is the URL selected in google results and the 2nd URL is the actual url redirected to.


edited to remove links

[1972vet]

Uhm...ok, I see that was a bad idea lol. I thought what I might see you post in response to my question is something like this:
Search for malwarebytes antimalware and search results returned web links for pages relating to pornography. Or some such similar statement.

Regardless, the links you posted are of some questionable web sites so I removed them to prevent other users from inadvertently clicking them. And by the way, I believe what you are experiencing is a cookie issue, not a browser redirection issue. If you empty cookies, clean the disk, and click Here...what happens?

As to the notes I made of your logs and your subsequent response to them, I would not have told you that you needed to remove software if it were not present in the log. If you look in the list of installed software, you will see the reference to I0bit. Likewise, your last visit here, our expert analyst who assisted you then, Kevinf80, had also made mention of these items I noted.

Please post the combofix log I requested. Thanks!

[derekpw]

I don't have the ComboFix log any more.  Kevin had me delete everything.  Can you send me the download link again?  About IOBit, I uninstalled it completely but it seems like it still had references around my system, like in the startup programs.  They are removed now.  Deleted all cookies and other history files.  Still have redirections.

[1972vet]

You didn't answer what happens when you click the link I provided. Before performing the instructions below, post back just to let me know what happens when you click the link in post #5. Thanks!

Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.  It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.
  

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

[derekpw]

just goes to the google search page .. https://www.google.com/

[1972vet]

Thanks...it's as I suspected. No redirection. If you had a genuine "malware" related browser redirecting issue, clicking that link might take you...who knows where...anywhere else but google. Let's see the combofix log now. Thanks!

[derekpw]

here is combofix log.  same thing happened when kevin had me run this. now most of my programs do not start up making normal windows mode unusable. see my exchange with him on last topic about my laptop. i am in safe mode now.


ComboFix 12-05-17.05 - Derek 05/17/2012  16:53:05.3.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3831.2232 [GMT -7:00]
Running from: c:\users\Derek\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-18 to 2012-05-18  )))))))))))))))))))))))))))))))
.
.
2012-05-17 23:59 . 2012-05-17 23:59   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-17 23:59 . 2012-05-17 23:59   --------   d-----w-   c:\users\Darryl\AppData\Local\temp
2012-05-17 23:59 . 2012-05-17 23:59   --------   d-----w-   c:\users\Darren\AppData\Local\temp
2012-05-17 23:59 . 2012-05-17 23:59   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2012-05-17 18:38 . 2012-05-17 18:38   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-17 18:38 . 2012-05-17 18:38   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-17 18:38 . 2012-05-17 18:38   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-17 18:38 . 2012-05-17 18:38   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-17 18:38 . 2012-05-17 18:38   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-17 18:38 . 2012-05-17 18:38   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-17 18:38 . 2012-05-17 18:38   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-17 18:38 . 2012-05-17 18:38   --------   d-----w-   c:\program files (x86)\QuickTime
2012-05-17 18:38 . 2012-05-17 18:38   --------   d-----w-   c:\programdata\Apple Computer
2012-05-16 01:28 . 2012-05-16 01:28   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-16 01:28 . 2012-04-04 22:56   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-05-16 01:22 . 2012-05-16 01:22   --------   d-----w-   c:\users\Derek\AppData\Roaming\WinPatrol
2012-05-16 01:22 . 2012-05-16 01:22   --------   d-----w-   c:\programdata\InstallMate
2012-05-16 01:22 . 2012-05-16 01:22   --------   d-----w-   c:\program files (x86)\BillP Studios
2012-05-15 18:08 . 2012-05-15 18:08   --------   d-----w-   c:\users\Derek\AppData\Roaming\Apple Computer
2012-05-15 18:04 . 2012-05-16 05:52   --------   d-----w-   c:\programdata\boost_interprocess
2012-05-15 18:04 . 2012-05-15 18:04   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2012-05-15 17:59 . 2012-05-15 17:59   --------   d-----w-   c:\program files (x86)\Apple Software Update
2012-05-15 17:55 . 2012-05-15 17:54   839112   ----a-w-   c:\windows\system32\deployJava1.dll
2012-05-15 17:55 . 2012-05-15 17:54   955848   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-05-15 17:54 . 2012-05-15 17:54   --------   d-----w-   c:\program files\Java
2012-05-15 17:53 . 2012-05-16 01:20   419488   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-15 17:52 . 2012-05-15 17:52   --------   d-----w-   c:\program files (x86)\FileZilla FTP Client
2012-05-15 17:51 . 2012-05-15 17:51   --------   d-----w-   c:\users\Derek\AppData\Local\DDMSettings
2012-05-15 17:35 . 2012-05-15 17:35   --------   d-----w-   c:\program files (x86)\FileHippo.com
2012-05-15 05:48 . 2012-04-05 20:08   34624   ----a-w-   c:\windows\system32\TURegOpt.exe
2012-05-15 05:48 . 2012-04-05 20:08   25920   ----a-w-   c:\windows\system32\authuitu.dll
2012-05-15 05:48 . 2012-04-05 20:08   21312   ----a-w-   c:\windows\SysWow64\authuitu.dll
2012-05-15 05:48 . 2012-05-15 05:48   --------   d-----w-   c:\users\Derek\AppData\Roaming\TuneUp Software
2012-05-15 05:48 . 2012-05-15 05:48   --------   d-----w-   c:\program files (x86)\TuneUp Utilities 2012
2012-05-15 05:47 . 2012-05-15 05:48   --------   d-----w-   c:\programdata\TuneUp Software
2012-05-15 05:47 . 2012-05-15 05:47   --------   d-sh--w-   c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-15 05:47 . 2012-05-15 05:47   --------   d--h--w-   c:\programdata\Common Files
2012-05-12 01:36 . 2012-05-12 01:36   --------   d-----w-   c:\users\Derek\AppData\Roaming\Anvisoft
2012-05-12 01:35 . 2012-05-13 20:00   --------   d-----w-   c:\program files (x86)\Anvisoft
2012-05-11 21:33 . 2012-05-11 21:33   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-05-11 21:33 . 2012-05-11 21:33   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-05-11 17:45 . 2012-04-13 08:46   8917360   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{20494521-4BFC-4472-A8E2-902B8FAA44B1}\mpengine.dll
2012-05-10 03:14 . 2012-03-31 05:42   1732096   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 03:14 . 2012-03-31 05:40   1367552   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 03:14 . 2012-03-31 04:29   936960   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 03:14 . 2012-03-31 05:40   1402880   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 03:14 . 2012-03-31 05:40   1393664   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 03:14 . 2012-03-03 06:35   1544704   ----a-w-   c:\windows\system32\DWrite.dll
2012-05-10 03:14 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-05-10 03:14 . 2012-03-31 06:05   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-10 03:14 . 2012-03-31 03:10   3146240   ----a-w-   c:\windows\system32\win32k.sys
2012-05-10 03:14 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 03:14 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 03:13 . 2012-03-17 07:58   75120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-10 03:13 . 2012-03-30 11:35   1918320   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-02 00:46 . 2012-05-02 00:46   4472832   ----a-w-   c:\windows\SysWow64\GPhotos.scr
2012-04-28 16:32 . 2012-04-28 16:32   --------   d-----w-   c:\windows\Sun
2012-04-19 03:56 . 2012-04-19 03:56   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 01:20 . 2011-08-28 01:04   70304   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46 . 2012-04-11 02:50   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 02:50   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 02:50   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 02:50   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 02:50   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 02:50   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 02:50   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 02:53   2311168   ----a-w-   c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 02:53   1390080   ----a-w-   c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 02:53   1493504   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 02:54   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 02:53   1799168   ----a-w-   c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 02:53   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 02:53   1127424   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 02:54   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-02-23 17:18 . 2010-10-28 02:35   279656   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"2C628806C8122DE3602F3FBE803DEA7C493D935E._service_run"="c:\users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0SmartDefragBootTime.exe\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

R3 STONEDRV;AmScope MD Driver;c:\windows\system32\Drivers\stonedrv.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-03-29 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 01:20]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 02:12]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 02:12]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 02:18]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 02:18]
.
2012-05-15 c:\windows\Tasks\SyncBack SyncDocs.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-01-08 23:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 505696]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 52600]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 508216]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 913720]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 705368]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-02-26 1483776]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"cAudioFilterAgent"="c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe" [2010-01-29 517176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.ebay.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-17  17:06:03 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-18 00:06
.
Pre-Run: 225,768,972,288 bytes free
Post-Run: 225,453,400,064 bytes free
.
- - End Of File - - F7790FCD0DF586B9904FEE7181FF1FE1

[1972vet]

here is combofix log.  same thing happened when kevin had me run this. now most of my programs do not start up making normal windows mode unusable. see my exchange with him on last topic about my laptop. i am in safe mode now.

Sorry, but I fail to understand how the operation of a piece of software which, according to the log, made no changes to your system...and removed nothing, could cause your normal user mode to become unusable. I have no doubt what you claim, but I can't find a logic reason to attribute such a thing to the use of combofix...not from the results of this log.

By the way, the log indicates that combofix has been run 3 times on this machine. What doesn't set right about that is the fact that you said you followed Kevin's instruction to uninstall it...and in fact specifically said you had no combofix logs on board to produce for that reason. That said, when combofix is uninstalled, that resets the counter. This log should show as log number one but it shows as log number three.

Please explain in more detail everything you did in addition to having run combofix so I can try to determine why your system is suddenly unusable in your normal mode. Either you can combofix three times this round here at spywarehammer, or you are mistaking about whether you followed Kevin's instructions or not. Both can't be accurate so, please tell me which one is wrong. Thanks!

[1972vet]

One suggestion you might consider, since we've determined your system is clean and clear of any malware...you could just restore it using your latest restore point and call it even. That would put your system back the way it was before you ran combofix so...let me know what you would like to do. Thanks!

[derekpw]

i think i saw that combofix created a restore point, correct?  if so, i think i will restore it and hopefully it will be back to being OK except for the crazy search redirection problem which i can live with.  i can't live with the system as it is now.

[derekpw]

all ok now.  no restore needed just reboot.  then uninstall of chrome.  computer and search all fine.  now just need to uninstall all scripts used here.