Jump to content

Change Mode

Firefox redirects after search results and clicking on link


Recommended Posts

The main issue we are having is when doing a search on firefox home page with google search engine and clicking on the results it redirects to a page. Hit the back to the results and try again and usually, it goes to the correct page. I have done spybot search and destroy, maleware bytes, super anti-spyware, ad-aware, trend micro house call scans and some have come up clean and others found stuff and fixed / deleted the items.

 

Below are dds scans and hjt scan

 

Thanks in advance for the help!

Ben

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 1.6.0_38Run by robert at 16:30:17 on 2013-07-07Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2400 [GMT -5:00].AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:PROGRA~2AVGAVG2013avgrsa.exeC:Program Files (x86)AVGAVG2013avgcsrva.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k RPCSSC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Program FilesDellDellDockDockLogin.exeC:Windowssystem32svchost.exe -k NetworkServiceC:WindowsSystem32spoolsv.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Program Files (x86)Common FilesAdobeARM1.0armsvc.exeC:Program FilesRealtekAudioHDAAERTSr64.exeC:Program Files (x86)AVGAVG2013avgidsagent.exeC:Windowssystem32taskhost.exeC:Program Files (x86)AVGAVG2013avgwdsvc.exeC:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXEC:Windowssystem32Dwm.exeC:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXEC:WindowsExplorer.EXEC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:Program Files (x86)Common FilesMicrosoft SharedVS7Debugmdm.exeC:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exeC:Program Files (x86)Dell DataSafe Local Backupsftservice.exeC:Windowssystem32svchost.exe -k imgsvcC:Program FilesRealVNCVNC Servervncserver.exeC:Program FilesRealVNCVNC Servervncserver.exeC:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.3.0ToolbarUpdater.exeC:Program Files (x86)Dell DataSafe Local BackupTOASTER.EXEC:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exeC:Program Files (x86)RealVNCVNC4WinVNC4.exeC:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exeC:Program Files (x86)Spybot - Search & DestroySDWinSec.exeC:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.3.0loggingserver.exeC:Program Files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXEC:Program Files (x86)AVGAVG2013avgnsa.exeC:Program Files (x86)AVGAVG2013avgemca.exeC:WindowsSystem32WUDFHost.exeC:Program FilesRealtekAudioHDARAVCpl64.exeC:WindowsSystem32hkcmd.exeC:Windowssystem32igfxsrvc.exeC:WindowsSystem32igfxpers.exeC:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exeC:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exeC:Program Files (x86)Dell Support Centerbinsprtcmd.exeC:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exeC:Program FilesRealVNCVNC Servervncserver.exeC:Program Files (x86)AVG Secure Searchvprot.exeC:Windowssystem32SearchIndexer.exeC:Program Files (x86)AVGAVG2013avgui.exeC:Program Files (x86)Common FilesJavaJava Updatejusched.exeC:Program FilesWindows Media Playerwmpnetwk.exeC:WindowsSystem32svchost.exe -k LocalServicePeerNetC:Program Files (x86)Dell Support Centerbinsprtsvc.exeC:Program FilesSUPERAntiSpywareSASCORE64.EXEC:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exeC:Windowssystem32taskhost.exeC:Windowssystem32wbemwmiprvse.exeC:Windowssystem32msiexec.exeC:Windowssystem32taskeng.exeC:Windowssystem32SearchProtocolHost.exeC:Windowssystem32SearchFilterHost.exeC:Windowssystem32wbemwmiprvse.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSearchHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search15.3.0.11AVG Secure Search_toolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dllBHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program Files (x86)Windows LiveToolbarwltcore.dllTB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program Files (x86)Windows LiveToolbarwltcore.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program Files (x86)Windows LiveToolbarwltcore.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search15.3.0.11AVG Secure Search_toolbar.dlluRun: [EPSON NX110 Series] C:WindowsSystem32spoolDRIVERSx643E_IATIFBA.EXE /FU "C:WindowsTEMPE_SFC39.tmp" /EF "HKCU"uRun: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe 1uRun: [EPSON NX110 Series (Copy 1)] C:WindowsSystem32spoolDRIVERSx643E_IATIFBA.EXE /FU "C:WindowsTEMPE_SBEDB.tmp" /EF "HKCU"uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exemRun: [PDVDDXSrv] "C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe"mRun: [Desktop Disc Tool] "C:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe"mRun: [DellSupportCenter] "C:Program Files (x86)Dell Support Centerbinsprtcmd.exe" /P DellSupportCentermRun: [EEventManager] C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exemRun: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"mRun: [AVG_UI] "C:Program Files (x86)AVGAVG2013avgui.exe" /TRAYONLYmRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"mRunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupMICROS~1.LNK - C:Program Files (x86)Microsoft OfficeOffice10OSA.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office10EXCEL.EXE/3000IE: Google Sidewiki... - C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dllTCP: NameServer = 209.18.47.61 209.18.47.62TCP: Interfaces{4710A106-25FF-4F2D-9C9F-0F3B9DB3F1A6} : DHCPNameServer = 209.18.47.61 209.18.47.62Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:Program Files (x86)Common FilesMicrosoft SharedWeb FoldersPKMCDO.DLLHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller15.3.0ViProtocol.dllSSODL: WebCheck - <orphaned>x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dllx64-Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exex64-Run: [skytel] C:Program FilesRealtekAudioHDASkytel.exex64-Run: [igfxTray] C:WindowsSystem32igfxtray.exex64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exex64-Run: [Persistence] C:WindowsSystem32igfxpers.exex64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Notify: GoToAssist - C:Program Files (x86)CitrixGoToAssist514G2AWinLogon_x64.dllx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:UsersrobertAppDataRoamingMozillaFirefoxProfilesbqo4cko3.defaultFF - component: C:Program Files (x86)AVGAVG10Firefoxcomponentsavgssff.dllFF - component: C:Program Files (x86)AVGAVG10ToolbarFirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dllFF - component: C:Program Files (x86)AVGAVG10ToolbarFirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dllFF - component: C:Program Files (x86)AVGAVG10ToolbarFirefoxavg@igearedcomponentsxpavgtbapi.dllFF - plugin: C:Program Files (x86)AdobeReader 11.0ReaderAIRnppdf32.dllFF - plugin: C:Program Files (x86)Common FilesAVG Secure SearchSiteSafetyInstaller15.3.0npsitesafety.dllFF - plugin: C:Program Files (x86)Javajre6binplugin2npjp2.dllFF - plugin: c:Program Files (x86)Microsoft Silverlight2.0.31005.0npctrlui.dllFF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dllFF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dllFF - plugin: C:WindowsSysWOW64npdeployJava1.dllFF - plugin: C:WindowsSysWOW64npmproxy.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:WindowsSystem32driversavgidsha.sys [2013-2-8 71480]R0 Avgloga;AVG Logging Driver;C:WindowsSystem32driversavgloga.sys [2013-2-8 311096]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:WindowsSystem32driversavgmfx64.sys [2013-2-8 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:WindowsSystem32driversavgrkx64.sys [2013-2-8 45880]R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2009-10-6 55280]R1 AVGIDSDriver;AVGIDSDriver;C:WindowsSystem32driversavgidsdrivera.sys [2013-3-29 246072]R1 Avgldx64;AVG AVI Loader Driver;C:WindowsSystem32driversavgldx64.sys [2013-2-8 206136]R1 Avgtdia;AVG TDI Driver;C:WindowsSystem32driversavgtdia.sys [2013-3-21 240952]R1 avgtp;avgtp;C:WindowsSystem32driversavgtpx64.sys [2012-9-3 45856]R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2013-5-23 143120]R2 AERTFilters;Andrea RT Filters Service;C:Program FilesRealtekAudioHDAAERTSr64.exe [2009-10-6 92160]R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2013avgidsagent.exe [2013-5-14 4937264]R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2013avgwdsvc.exe [2013-4-18 283136]R2 DockLoginService;Dock Login Service;C:Program FilesDellDellDockDockLogin.exe [2008-12-18 155648]R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2011-4-11 1153368]R2 SftService;SoftThinks Agent Service;C:Program Files (x86)Dell DataSafe Local BackupSftService.exe [2009-10-6 1692480]R2 vncserver;VNC Server;C:Program FilesRealVNCVNC Servervncserver.exe [2013-6-30 4774208]R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.3.0ToolbarUpdater.exe [2013-6-26 1598128]R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-1-21 413800]S1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:Program Files (x86)AVGAVG10ToolbarToolbarBroker.exe [2011-4-15 947528]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-6-27 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2010-3-27 1255736].=============== Created Last 30 ================.2013-07-07 20:31:16 -------- d-----w- C:UsersrobertAppDataRoamingSUPERAntiSpyware.com2013-07-07 20:31:10 -------- d-----w- C:Program FilesSUPERAntiSpyware2013-07-07 20:31:09 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com2013-07-07 19:06:13 -------- d-----w- C:UsersrobertAppDataLocalPrograms2013-07-06 21:28:28 0 ----a-w- C:WindowsSystem32MFC100ENU.DLL2013-07-06 21:28:28 0 ----a-w- C:WindowsSystem32igdumdx32.dll2013-07-06 21:28:28 0 ----a-w- C:WindowsSystem32igdumd32.dll2013-07-01 02:09:00 37704 ----a-w- C:WindowsSystem32VNCpm.dll2013-07-01 02:08:54 4608 ----a-w- C:WindowsSystem32driversvncmirror.sys2013-07-01 02:08:54 26112 ----a-w- C:WindowsSystem32vncmirror.dll2013-07-01 02:08:54 -------- d-----w- C:temp2013-07-01 02:08:51 -------- d-----w- C:Program FilesRealVNC2013-06-13 08:01:28 701952 ----a-w- C:Program FilesInternet Explorerieproxy.dll2013-06-12 17:14:48 1910632 ----a-w- C:WindowsSystem32driverstcpip.sys.==================== Find3M ====================.2013-06-27 03:02:29 45856 ----a-w- C:WindowsSystem32driversavgtpx64.sys2013-06-12 01:26:31 71048 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-06-12 01:26:31 692104 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-06-08 12:28:46 2706432 ----a-w- C:WindowsSystem32mshtml.tlb2013-06-08 11:13:19 2706432 ----a-w- C:WindowsSysWow64mshtml.tlb2013-05-17 01:25:57 1767936 ----a-w- C:WindowsSysWow64wininet.dll2013-05-17 01:25:27 2877440 ----a-w- C:WindowsSysWow64jscript9.dll2013-05-17 01:25:26 61440 ----a-w- C:WindowsSysWow64iesetup.dll2013-05-17 01:25:26 109056 ----a-w- C:WindowsSysWow64iesysprep.dll2013-05-17 00:59:03 2241024 ----a-w- C:WindowsSystem32wininet.dll2013-05-17 00:58:10 3958784 ----a-w- C:WindowsSystem32jscript9.dll2013-05-17 00:58:08 67072 ----a-w- C:WindowsSystem32iesetup.dll2013-05-17 00:58:08 136704 ----a-w- C:WindowsSystem32iesysprep.dll2013-05-14 12:23:25 89600 ----a-w- C:WindowsSystem32RegisterIEPKEYs.exe2013-05-14 08:40:13 71680 ----a-w- C:WindowsSysWow64RegisterIEPKEYs.exe2013-05-13 05:51:01 184320 ----a-w- C:WindowsSystem32cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:WindowsSystem32crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:WindowsSystem32cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:WindowsSystem32certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:WindowsSysWow64crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:WindowsSysWow64cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:WindowsSystem32certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:WindowsSysWow64certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:WindowsSysWow64certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:WindowsSystem32cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:WindowsSysWow64cryptdlg.dll2013-04-26 05:51:36 751104 ----a-w- C:WindowsSystem32win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:WindowsSysWow64win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:WindowsSysWow64d3d11.dll2013-04-17 07:02:06 1230336 ----a-w- C:WindowsSysWow64WindowsCodecs.dll2013-04-17 06:24:46 1424384 ----a-w- C:WindowsSystem32WindowsCodecs.dll2013-04-13 05:49:23 135168 ----a-w- C:WindowsapppatchAppPatch64AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:WindowsapppatchAppPatch64AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:WindowsapppatchAppPatch64AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:WindowsapppatchAppPatch64acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:WindowsapppatchAcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:WindowsapppatchAcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:WindowsSystem32driversntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:WindowsSystem32driversdxgmms1.sys2013-04-10 06:01:53 983400 ----a-w- C:WindowsSystem32driversdxgkrnl.sys2013-04-10 03:30:50 3153920 ----a-w- C:WindowsSystem32win32k.sys.============= FINISH: 16:30:40.20 ===============

 

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: DeviceHarddiskVolume2Install Date: 11/1/2009 1:09:58 PMSystem Uptime: 7/7/2013 3:23:58 PM (1 hours ago).Motherboard: Dell Inc. | | 0T287NProcessor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | Socket 775 | 2600/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 581 GiB total, 535.042 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP279: 6/9/2013 12:03:22 AM - Scheduled CheckpointRP280: 6/13/2013 3:00:13 AM - Windows UpdateRP281: 6/15/2013 3:00:12 AM - Windows UpdateRP282: 6/22/2013 1:59:16 PM - Scheduled CheckpointRP283: 6/30/2013 - Scheduled CheckpointRP284: 7/7/2013 2:30:02 AM - Scheduled Checkpoint.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)AVG 2013AVG Security ToolbarChoice GuardCleanUp!Compatibility Pack for the 2007 Office systemConsumer In-Home Service AgreementDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DockDell Edoc ViewerDell Getting Started GuideDell Support Center (Support Software)Epson Event ManagerEPSON NX110 Series Printer UninstallEPSON ScanGoToAssist 8.0.0.514Intel® Graphics Media Accelerator DriverJava Auto UpdaterJava 6 Update 14 (64-bit)Java 6 Update 38Junk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Office XP Professional with FrontPageMicrosoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.7 (x86 en-US)MSVCRTPowerDVD DXRealtek High Definition Audio DriverRoxio BurnRoxio Update ManagerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Spybot - Search & DestroySUPERAntiSpywareUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01Visual C++ 8.0 Runtime Setup Package (x64)Visual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVNC Free Edition 4.1.3VNC Mirror Driver 1.8.0VNC Printer Driver 1.8.0VNC Server 5.0.5VNC Viewer 5.0.5Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Upload ToolWindows Live WriterYahoo! MessengerYahoo! Software Update.==== Event Viewer Messages From Past Week ========.7/7/2013 3:24:33 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied..==== End Of File ===========================

 

Logfile of Trend Micro HijackThis v2.0.5Scan saved at 4:32:04 PM, on 7/7/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.16611)FIREFOX: 22.0 (en-US)Boot mode: NormalRunning processes:C:Program Files (x86)Dell DataSafe Local BackupTOASTER.EXEC:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exeC:Program Files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXEC:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exeC:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exeC:Program Files (x86)Dell Support Centerbinsprtcmd.exeC:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exeC:Program Files (x86)AVG Secure Searchvprot.exeC:Program Files (x86)AVGAVG2013avgui.exeC:Program Files (x86)Common FilesJavaJava Updatejusched.exeC:UsersrobertDesktopHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/USCON/1R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/?ilc=1R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htmR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSearchHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search15.3.0.11AVG Secure Search_toolbar.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program Files (x86)Windows LiveToolbarwltcore.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program Files (x86)Windows LiveToolbarwltcore.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search15.3.0.11AVG Secure Search_toolbar.dllO4 - HKLM..Run: [PDVDDXSrv] "C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe"O4 - HKLM..Run: [Desktop Disc Tool] "C:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe"O4 - HKLM..Run: [DellSupportCenter] "C:Program Files (x86)Dell Support Centerbinsprtcmd.exe" /P DellSupportCenterO4 - HKLM..Run: [EEventManager] C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exeO4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"O4 - HKLM..Run: [AVG_UI] "C:Program Files (x86)AVGAVG2013avgui.exe" /TRAYONLYO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"O4 - HKLM..RunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"O4 - HKCU..Run: [EPSON NX110 Series] C:Windowssystem32spoolDRIVERSx643E_IATIFBA.EXE /FU "C:WindowsTEMPE_SFC39.tmp" /EF "HKCU"O4 - HKCU..Run: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe 1O4 - HKCU..Run: [EPSON NX110 Series (Copy 1)] C:Windowssystem32spoolDRIVERSx643E_IATIFBA.EXE /FU "C:WindowsTEMPE_SBEDB.tmp" /EF "HKCU"O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exeO4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:Program FilesDellDellDockDellDock.exe (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:Program Files (x86)Microsoft OfficeOffice10OSA.EXEO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (file missing)O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller15.3.0ViProtocol.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXEO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exeO23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:Program FilesRealtekAudioHDAAERTSr64.exeO23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)O23 - Service: AVG Security Toolbar Service - Unknown owner - C:Program Files (x86)AVGAVG10ToolbarToolbarBroker.exeO23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgidsagent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgwdsvc.exeO23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:Program FilesDellDellDockDockLogin.exeO23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXEO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXEO23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:Program Files (x86)CitrixGoToAssist514g2aservice.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exeO23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:Program Files (x86)Dell DataSafe Local Backupsftservice.exeO23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:Program Files (x86)Dell Support Centerbinsprtsvc.exeO23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:Program FilesRealVNCVNC Servervncserver.exeO23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.3.0ToolbarUpdater.exeO23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:Program Files (x86)RealVNCVNC4WinVNC4.exeO23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe--End of file - 12524 bytes

Link to comment
Share on other sites

Flush the DNS cache and restore MS's Hosts file.

Copy and paste these lines in Note pad.

 

@Echo on
pushdwindowssystem32driversetc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

 

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

 

Next,

download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

Now,

Download AdWareCleaner http://www.bleepingcomputer.com/download/adwcleaner/
or from here http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number.

Link to comment
Share on other sites

Jacee,

 

Thanks for the help with this, I was out of town over the weekend.

 

I ran the 3 items you said - the flush, TFC and ADwarecleaner. All ran with no issues and the AD ware cleaner log is posted below -

 

Thanks again!

Ben

 

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 14:24:15# Updated 11/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : robert - ROBERTPC46# Boot Mode : Normal# Running from : C:UsersrobertDesktopAdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:Program Files (x86)Common FilesAVG Secure SearchFile Deleted : C:Program Files (x86)Mozilla Firefoxsearchpluginsavg-secure-search.xmlFolder Deleted : C:Program Files (x86)AVG Secure SearchFolder Deleted : C:Program Files (x86)ConduitFolder Deleted : C:Program Files (x86)Yontoo Layers ClientFolder Deleted : C:ProgramDataAVG Secure SearchFolder Deleted : C:ProgramDataAVG Security ToolbarFolder Deleted : C:ProgramDataTarma InstallerFolder Deleted : C:ProgramDataTrymediaFolder Deleted : C:UsersrobertAppDataLocalAVG Secure SearchFolder Deleted : C:UsersrobertAppDataLocalAVG Security ToolbarFolder Deleted : C:UsersrobertAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblofFolder Deleted : C:UsersrobertAppDataLocalLowAVG Secure SearchFolder Deleted : C:UsersrobertAppDataLocalLowAVG Security ToolbarFolder Deleted : C:UsersrobertAppDataRoamingMozillaFirefoxProfilesbqo4cko3.defaultConduit***** [Registry] *****Key Deleted : HKCUSoftwareAppDataLowSoftwareAVG Security ToolbarKey Deleted : HKCUSoftwareAppDataLowSoftwareCompeteKey Deleted : HKCUSoftwareAppDataLowSoftwareConduitKey Deleted : HKCUSoftwareAVG Secure SearchKey Deleted : HKCUSoftwareAVG Security ToolbarKey Deleted : HKCUSoftwareCompeteIncKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCUSoftwareSoftonicKey Deleted : HKCUSoftwareYahooPartnerToolbarKey Deleted : HKCUSoftwareZugoKey Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLMSoftwareAVG Secure SearchKey Deleted : HKLMSoftwareAVG Security ToolbarKey Deleted : HKLMSOFTWAREClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLMSOFTWAREClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLMSOFTWAREClassesAppIDScriptHelper.EXEKey Deleted : HKLMSOFTWAREClassesAppIDViProtocol.DLLKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPIKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPI.1Key Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObjKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObj.1Key Deleted : HKLMSOFTWAREClassesPROTOCOLSHandlerviprotocolKey Deleted : HKLMSOFTWAREClassesSKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApiKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApi.1Key Deleted : HKLMSOFTWAREClassesToolbar.CT1320680Key Deleted : HKLMSOFTWAREClassesTypeLib{13ABD093-D46F-40DF-A608-47E162EC799D}Key Deleted : HKLMSOFTWAREClassesTypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLMSOFTWAREClassesTypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLEKey Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLE.1Key Deleted : HKLMSoftwareConduitKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{94496571-6AC5-4836-82D5-D46260C44B17}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLMSOFTWAREWow6432NodeGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLMSOFTWAREWow6432NodeGoogleChromeExtensionsniapdbllcanepiiimjjndipklodoedlcKey Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallAVG Secure SearchKey Deleted : HKLMSOFTWAREClassesCLSID{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLMSOFTWARETarma InstallerValue Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [vProt]Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [Avg@toolbar]Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]***** [internet Browsers] *****- Internet Explorer v10.0.9200.16635[OK] Registry is clean.- Mozilla Firefox v22.0 (en-US)File : C:UsersrobertAppDataRoamingMozillaFirefoxProfilesbqo4cko3.defaultprefs.jsC:UsersrobertAppDataRoamingMozillaFirefoxProfilesbqo4cko3.defaultuser.js ... Deleted !Deleted : user_pref("avg.install.installDirPath", "C:ProgramDataAVG Secure SearchFireFoxExt15.3.0.11")[...]- Google Chrome v [unable to get version]File : C:UsersrobertAppDataLocalGoogleChromeUser DataDefaultPreferences[OK] File is clean.*************************AdwCleaner[s1].txt - [9114 octets] - [15/07/2013 14:24:15]########## EOF - C:AdwCleaner[s1].txt - [9174 octets] ##########

Link to comment
Share on other sites

yes, it is still redirecting. It seems to go to "seektouch.com" then most of the time it will go to ask.com or godaddy.com with suggestions on pages that was searched for. It is better than before but still does it.

 

When it reaches ask or another site it redirects to, we just hit the back arrow back to google then click the search result again and it usually goes to the preferred site.

Link to comment
Share on other sites

Please download Minitoolbox http://www.bleepingcomputer.com/download/minitoolbox/dl/65/ , save it to your desktop and run it.
Checkmark the following checkboxes:

Flush DNS[/*]

  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
  •  

    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    Link to comment
    Share on other sites

    Did as directed - results below

     

    MiniToolBox by Farbar Version: 13-07-2013Ran by robert (administrator) on 16-07-2013 at 11:50:15Running from "C:UsersrobertDesktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal***************************************************************************========================= Flush DNS: ===================================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========================= IE Proxy Settings: ==============================Proxy is not enabled.No Proxy Server is set."Reset IE Proxy Settings": IE Proxy Settings were reset.========================= FF Proxy Settings: =============================="Reset FF Proxy Settings": Firefox Proxy settings were reset.========================= Hosts content: =================================127.0.0.1 localhost========================= IP Configuration: ================================Realtek PCIe FE Family Controller = Local Area Connection (Connected)# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetpopd# End of IPv4 configurationWindows IP Configuration Host Name . . . . . . . . . . . . : robertpc46 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : wi.rr.comEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : wi.rr.com Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : 00-24-E8-27-78-56 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::4c0c:573a:31f7:180%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, July 15, 2013 3:05:56 PM Lease Expires . . . . . . . . . . : Wednesday, July 17, 2013 3:05:56 AM Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 234890472 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-5D-5F-8C-00-24-E8-27-78-56 DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 NetBIOS over Tcpip. . . . . . . . : EnabledTunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.wi.rr.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : wi.rr.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesServer: dns-cac-lb-01.rr.comAddress: 209.18.47.61Name: google.comAddresses: 2607:f8b0:4009:800::1001 173.194.46.71 173.194.46.72 173.194.46.73 173.194.46.78 173.194.46.64 173.194.46.65 173.194.46.66 173.194.46.67 173.194.46.68 173.194.46.69 173.194.46.70Pinging google.com [173.194.46.66] with 32 bytes of data:Reply from 173.194.46.66: bytes=32 time=13ms TTL=45Reply from 173.194.46.66: bytes=32 time=12ms TTL=45Ping statistics for 173.194.46.66: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 13ms, Average = 12msServer: dns-cac-lb-01.rr.comAddress: 209.18.47.61Name: yahoo.comAddresses: 98.138.253.109 98.139.183.24 206.190.36.45Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=29ms TTL=47Reply from 98.138.253.109: bytes=32 time=92ms TTL=47Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 29ms, Maximum = 92ms, Average = 60msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List 10...00 24 e8 27 78 56 ......Realtek PCIe FE Family Controller 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2===========================================================================IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.100 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.2.0 255.255.255.0 On-link 192.168.2.100 276 192.168.2.100 255.255.255.255 On-link 192.168.2.100 276 192.168.2.255 255.255.255.255 On-link 192.168.2.100 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.2.100 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.2.100 276===========================================================================Persistent Routes: NoneIPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 10 276 fe80::/64 On-link 10 276 fe80::4c0c:573a:31f7:180/128 On-link 1 306 ff00::/8 On-link 10 276 ff00::/8 On-link===========================================================================Persistent Routes: None========================= Winsock entries =====================================Catalog5 01 C:WindowsSysWOW64NLAapi.dll [52224] (Microsoft Corporation)Catalog5 02 C:WindowsSysWOW64napinsp.dll [52224] (Microsoft Corporation)Catalog5 03 C:WindowsSysWOW64pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 04 C:WindowsSysWOW64pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 05 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog5 06 C:WindowsSysWOW64winrnr.dll [20992] (Microsoft Corporation)Catalog9 01 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 02 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 03 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 04 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 05 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 06 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 07 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 08 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 09 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)Catalog9 10 C:WindowsSysWOW64mswsock.dll [232448] (Microsoft Corporation)x64-Catalog5 01 C:WindowsSystem32NLAapi.dll [70656] (Microsoft Corporation)x64-Catalog5 02 C:WindowsSystem32napinsp.dll [68096] (Microsoft Corporation)x64-Catalog5 03 C:WindowsSystem32pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 04 C:WindowsSystem32pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 05 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog5 06 C:WindowsSystem32winrnr.dll [28672] (Microsoft Corporation)x64-Catalog9 01 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 02 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 03 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 04 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 05 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 06 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 07 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 08 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 09 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 10 C:WindowsSystem32mswsock.dll [326144] (Microsoft Corporation)========================= Event log errors: ===============================Application errors:==================Error: (07/16/2013 11:49:19 AM) (Source: WinVNC4) (User: )Description: Connections: blacklisted: 211.234.100.63Error: (07/16/2013 11:48:40 AM) (Source: WinVNC4) (User: )Description: SConnection: AuthFailureException: Authentication failureError: (07/16/2013 11:46:55 AM) (Source: WinVNC4) (User: )Description: Connections: blacklisted: 222.239.255.113Error: (07/16/2013 11:43:46 AM) (Source: WinVNC4) (User: )Description: Connections: blacklisted: 114.108.177.119Error: (07/16/2013 11:39:44 AM) (Source: WinVNC4) (User: )Description: Connections: blacklisted: 79.116.255.40Error: (07/16/2013 11:38:01 AM) (Source: WinVNC4) (User: )Description: Connections: blacklisted: 85.214.45.152Error: (07/16/2013 11:38:00 AM) (Source: WinVNC4) (User: )Description: Connections: blacklisted: 85.214.45.152Error: (07/16/2013 11:38:00 AM) (Source: WinVNC4) (User: )Description: SConnection: AuthFailureException: Authentication failureError: (07/16/2013 11:37:59 AM) (Source: WinVNC4) (User: )Description: SConnection: Assuming compatibility with version 3.3Error: (07/16/2013 11:37:59 AM) (Source: WinVNC4) (User: )Description: SConnection: Client uses unofficial protocol version 3.4System errors:=============Error: (07/15/2013 03:06:16 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Error: (07/15/2013 03:05:00 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Error: (07/15/2013 02:26:22 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Error: (07/15/2013 02:25:04 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Error: (07/15/2013 02:23:02 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Error: (07/15/2013 02:21:52 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Error: (07/15/2013 02:12:50 PM) (Source: Service Control Manager) (User: )Description: The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).Error: (07/15/2013 02:10:32 PM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Error: (07/11/2013 03:30:28 AM) (Source: Service Control Manager) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (07/11/2013 03:29:39 AM) (Source: Service Control Manager) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error:%%5Microsoft Office Sessions:=========================Error: (07/16/2013 11:49:19 AM) (Source: WinVNC4)(User: )Description: Connectionsblacklisted: 211.234.100.63Error: (07/16/2013 11:48:40 AM) (Source: WinVNC4)(User: )Description: SConnectionAuthFailureException: Authentication failureError: (07/16/2013 11:46:55 AM) (Source: WinVNC4)(User: )Description: Connectionsblacklisted: 222.239.255.113Error: (07/16/2013 11:43:46 AM) (Source: WinVNC4)(User: )Description: Connectionsblacklisted: 114.108.177.119Error: (07/16/2013 11:39:44 AM) (Source: WinVNC4)(User: )Description: Connectionsblacklisted: 79.116.255.40Error: (07/16/2013 11:38:01 AM) (Source: WinVNC4)(User: )Description: Connectionsblacklisted: 85.214.45.152Error: (07/16/2013 11:38:00 AM) (Source: WinVNC4)(User: )Description: Connectionsblacklisted: 85.214.45.152Error: (07/16/2013 11:38:00 AM) (Source: WinVNC4)(User: )Description: SConnectionAuthFailureException: Authentication failureError: (07/16/2013 11:37:59 AM) (Source: WinVNC4)(User: )Description: SConnectionAssuming compatibility with version 3.3Error: (07/16/2013 11:37:59 AM) (Source: WinVNC4)(User: )Description: SConnectionClient uses unofficial protocol version 3.4=========================== Installed Programs ============================Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)Adobe Flash Player 11 Plugin (Version: 11.7.700.224)Adobe Reader XI (11.0.03) (Version: 11.0.03)AVG 2013 (Version: 13.0.3204)AVG 2013 (Version: 13.0.3349)AVG 2013 (Version: 2013.0.3349)Choice Guard (Version: 1.2.87.0)CleanUp!Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)Consumer In-Home Service Agreement (Version: 2.0.0)Dell DataSafe Local Backup - Support Software (Version: 9.4.60)Dell DataSafe Local Backup (Version: 9.4.60)Dell Dock (Version: 2.0.0)Dell Edoc Viewer (Version: 1.0.0)Dell Getting Started Guide (Version: 1.00.0000)Dell Support Center (Support Software) (Version: 2.5.09100)Epson Event Manager (Version: 2.30.01)EPSON NX110 Series Printer UninstallEPSON ScanGoToAssist 8.0.0.514Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)Java 7 Update 25 (Version: 7.0.250)Java Auto Updater (Version: 2.1.9.5)Java 6 Update 14 (64-bit) (Version: 6.0.140)Junk Mail filter update (Version: 14.0.8050.1202)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)Microsoft Search Enhancement Pack (Version: 1.2.121.0)Microsoft Silverlight (Version: 2.0.31005.0)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)Mozilla Maintenance Service (Version: 22.0)Mozilla Thunderbird 17.0.7 (x86 en-US) (Version: 17.0.7)MSVCRT (Version: 14.0.1468.721)PowerDVD DX (Version: 8.3.5424)Realtek High Definition Audio Driver (Version: 6.0.1.5864)Roxio Burn (Version: 1.0)Roxio Burn (Version: 1.0.0)Roxio Update Manager (Version: 6.0.0)Spybot - Search & Destroy (Version: 1.6.2)SUPERAntiSpyware (Version: 5.6.1020)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)VNC Free Edition 4.1.3 (Version: 4.1.3)VNC Mirror Driver 1.8.0 (Version: 1.8.0)VNC Printer Driver 1.8.0 (Version: 1.8.0)VNC Server 5.0.5 (Version: 5.0.5)VNC Viewer 5.0.5 (Version: 5.0.5)Windows Live Call (Version: 14.0.8050.1202)Windows Live Communications Platform (Version: 14.0.8050.1202)Windows Live Essentials (Version: 14.0.8050.1202)Windows Live Mail (Version: 14.0.8050.1202)Windows Live Messenger (Version: 14.0.8050.1202)Windows Live Photo Gallery (Version: 14.0.8051.1204)Windows Live Sign-in Assistant (Version: 5.000.817.1)Windows Live Sync (Version: 14.0.8050.1202)Windows Live Toolbar (Version: 14.0.8052.1208)Windows Live Upload Tool (Version: 14.0.8014.1029)Windows Live Writer (Version: 14.0.8050.1202)Yahoo! MessengerYahoo! Software Update========================= Devices: ========================================================= Memory info: ===================================Percentage of memory in use: 33%Total physical RAM: 4085.18 MBAvailable physical RAM: 2709.29 MBTotal Pagefile: 8168.54 MBAvailable Pagefile: 6462.45 MBTotal Virtual: 4095.88 MBAvailable Virtual: 3962.57 MB========================= Partitions: =====================================1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:535.88 GB) NTFS========================= Users: ========================================User accounts for ROBERTPC46Administrator Guest robert ========================= Minidump Files ==================================No minidump file found========================= Restore Points ==================================30-06-2013 05:00:00 Scheduled Checkpoint07-07-2013 07:30:02 Scheduled Checkpoint11-07-2013 08:00:14 Windows Update15-07-2013 20:01:53 Removed Java 6 Update 3815-07-2013 20:02:42 Installed Java 7 Update 25**** End of log ****

    Link to comment
    Share on other sites

     

     

    The server component of RealVNC allows a computer to be remotely controlled by another computer. The software can be installed for legitimate purposes, but it can also be installed from a remote location by an attacker with malicious intent. It is detected as RemoteAccess:Win32/RealVNC by Windows Defender

     

    http://en.wikipedia.org/wiki/RealVNC

    Link to comment
    Share on other sites

    Jacee -

     

    This is my dad's computer and I installed realvnc to be able to do this remotely for him instead of taking his computer from him for however long it takes to fix the issue. The problem was happening before I installed realvnc. He lives too far from me for me to go over and run scans daily as well.

     

    If you still want me to uninstall it, I will... Just letting you know why it's on there in the first place before I uninstall it.

     

    Thanks

    Ben

    Link to comment
    Share on other sites

    Download Combofix from any of the links below, and save it to your desktop.<--Important

    Link 1
    Link 2
    Link 3

     

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    • Double click combofix.exe and follow the prompts.

    • When finished, it will produce a log for you.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please be patient while the scan runs, at times it may appear to stall.

    When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
    Post this log in your next reply

    After rebooting ensure your Security applications have been re-enabled.

    Link to comment
    Share on other sites

    Jacee - I ran combofix and after it deleted a bunch of files and a reboot (manually - the program didn't require it), the computer would no longer detect the home network. I ended up going to my dads and after a while of trying to get it back, i ended up doing a system restore - back to 7-15, I first tried the restore point that combofix set but it didn't allow for network access, so I went back to the next previous point.

     

    Below is the log from combofix - hope you can see something that it did....

     

    ComboFix 13-07-15.01 - robert 07/17/2013 4:27.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2562 [GMT -5:00]Running from: c:usersrobertDesktopComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:usersrobertAppDataRoamingMozillaFirefoxProfilesbqo4cko3.defaultsearchpluginsbing-zugo.xmlc:windowsSysWow64Cachec:windowsSysWow64Cache24c78acbc5c3bda9.fbc:windowsSysWow64Cache26b49b76ee4209e4.fbc:windowsSysWow64Cache26c630d098e22dd5.fbc:windowsSysWow64Cache272512937d9e61a4.fbc:windowsSysWow64Cache287204568329e189.fbc:windowsSysWow64Cache28bc8f716fd76a47.fbc:windowsSysWow64Cache2c53092c95605355.fbc:windowsSysWow64Cache31a0997e9a5b5eb3.fbc:windowsSysWow64Cache32c84fe32bb74d60.fbc:windowsSysWow64Cache3428ef5a6eef0f10.fbc:windowsSysWow64Cache3917078cb68ec657.fbc:windowsSysWow64Cache53cc7fb3a1480b78.fbc:windowsSysWow64Cache55d714fab0229b17.fbc:windowsSysWow64Cache590ba23ce359fd0c.fbc:windowsSysWow64Cache5f59f09699b8aa8e.fbc:windowsSysWow64Cache610289e025a3ee9a.fbc:windowsSysWow64Cache651c5d3cdbfb8bd1.fbc:windowsSysWow64Cache6c59ac5e7e7a3ad0.fbc:windowsSysWow64Cache6d03dad1035885d3.fbc:windowsSysWow64Cache7fea9c4ae8f570f7.fbc:windowsSysWow64Cache83afd48725e56b48.fbc:windowsSysWow64Cache95f567698be8a182.fbc:windowsSysWow64Cache9b37d03a7e7192c1.fbc:windowsSysWow64Cachea8556537add6dfc5.fbc:windowsSysWow64Cachead10a52aff5e038d.fbc:windowsSysWow64Cachebc21c0e489b5ea1d.fbc:windowsSysWow64Cachec05455d3155aa29c.fbc:windowsSysWow64Cachec1fa887b03019701.fbc:windowsSysWow64Cachec4d28dca2e7648be.fbc:windowsSysWow64Cachec5f301e108823219.fbc:windowsSysWow64Cached201ef9910cd39de.fbc:windowsSysWow64Cached2e94710a5708128.fbc:windowsSysWow64Cached79b9dfe81484ec4.fbc:windowsSysWow64Cachee0de16f883bea794.fbc:windowsSysWow64Cachee3de0a3aa16f4cfb.fbc:windowsSysWow64Cachef998975c9cc711ee.fbc:windowswininit.ini..((((((((((((((((((((((((( Files Created from 2013-06-17 to 2013-07-17 )))))))))))))))))))))))))))))))..2013-07-17 09:33 . 2013-07-17 09:33 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-07-15 20:03 . 2013-07-15 20:03 -------- d-----w- c:program files (x86)Common FilesJava2013-07-15 20:03 . 2013-07-15 20:02 96168 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll2013-07-15 20:02 . 2013-07-15 20:02 -------- d-----w- c:program files (x86)Java2013-07-15 19:24 . 2013-07-15 19:24 121 ----a-w- c:windowsDeleteOnReboot.bat2013-07-11 07:52 . 2013-05-27 05:50 1011712 ----a-w- c:program filesWindows DefenderMpSvc.dll2013-07-07 20:31 . 2013-07-07 20:31 -------- d-----w- c:usersrobertAppDataRoamingSUPERAntiSpyware.com2013-07-07 20:31 . 2013-07-07 20:31 -------- d-----w- c:program filesSUPERAntiSpyware2013-07-07 20:31 . 2013-07-07 20:31 -------- d-----w- c:programdataSUPERAntiSpyware.com2013-07-07 19:06 . 2013-07-07 19:06 -------- d-----w- c:usersrobertAppDataLocalPrograms2013-07-06 21:28 . 2013-07-06 21:28 0 ----a-w- c:windowssystem32MFC100ENU.DLL2013-07-06 21:28 . 2013-07-06 21:28 0 ----a-w- c:windowssystem32igdumdx32.dll2013-07-06 21:28 . 2013-07-06 21:28 0 ----a-w- c:windowssystem32igdumd32.dll2013-07-01 02:39 . 2013-07-01 04:02 -------- d-----w- c:program files (x86)Mozilla Thunderbird2013-07-01 02:09 . 2013-03-04 17:55 37704 ----a-w- c:windowssystem32VNCpm.dll2013-07-01 02:08 . 2013-07-17 09:20 -------- d-----w- C:temp2013-07-01 02:08 . 2013-03-04 17:55 4608 ----a-w- c:windowssystem32driversvncmirror.sys2013-07-01 02:08 . 2013-03-04 17:55 26112 ----a-w- c:windowssystem32vncmirror.dll2013-07-01 02:08 . 2013-07-01 02:08 -------- d-----w- c:program filesRealVNC...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-17 09:20 . 2012-02-16 19:29 79672 ----a-w- c:windowssystem32driversAFD.SYS2013-07-17 09:20 . 2009-07-14 00:10 79672 ----a-w- c:windowssystem32driversWS2IFSL.SYS2013-07-15 20:02 . 2012-07-17 13:04 867240 ----a-w- c:windowsSysWow64npdeployJava1.dll2013-07-15 20:02 . 2011-04-11 12:54 789416 ----a-w- c:windowsSysWow64deployJava1.dll2013-07-11 08:07 . 2009-11-05 14:17 78185248 ----a-w- c:windowssystem32MRT.exe2013-06-27 03:02 . 2012-09-04 00:46 45856 ----a-w- c:windowssystem32driversavgtpx64.sys2013-06-12 01:26 . 2012-07-12 13:26 692104 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-06-12 01:26 . 2011-08-19 20:11 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-05-13 05:51 . 2013-06-12 17:14 184320 ----a-w- c:windowssystem32cryptsvc.dll2013-05-13 05:51 . 2013-06-12 17:14 1464320 ----a-w- c:windowssystem32crypt32.dll2013-05-13 05:51 . 2013-06-12 17:14 139776 ----a-w- c:windowssystem32cryptnet.dll2013-05-13 05:50 . 2013-06-12 17:14 52224 ----a-w- c:windowssystem32certenc.dll2013-05-13 04:45 . 2013-06-12 17:14 140288 ----a-w- c:windowsSysWow64cryptsvc.dll2013-05-13 04:45 . 2013-06-12 17:14 1160192 ----a-w- c:windowsSysWow64crypt32.dll2013-05-13 04:45 . 2013-06-12 17:14 103936 ----a-w- c:windowsSysWow64cryptnet.dll2013-05-13 03:43 . 2013-06-12 17:14 1192448 ----a-w- c:windowssystem32certutil.exe2013-05-13 03:08 . 2013-06-12 17:14 903168 ----a-w- c:windowsSysWow64certutil.exe2013-05-13 03:08 . 2013-06-12 17:14 43008 ----a-w- c:windowsSysWow64certenc.dll2013-05-10 05:49 . 2013-06-12 17:14 30720 ----a-w- c:windowssystem32cryptdlg.dll2013-05-10 03:20 . 2013-06-12 17:14 24576 ----a-w- c:windowsSysWow64cryptdlg.dll2013-05-08 06:39 . 2013-06-12 17:14 1910632 ----a-w- c:windowssystem32driverstcpip.sys2013-04-30 08:04 . 2013-04-30 08:04 226304 ----a-w- c:windowssystem32elshyph.dll2013-04-30 08:04 . 2013-04-30 08:04 185344 ----a-w- c:windowsSysWow64elshyph.dll2013-04-30 08:04 . 2013-04-30 08:04 1054720 ----a-w- c:windowssystem32MsSpellCheckingFacility.exe2013-04-30 08:04 . 2013-04-30 08:04 158720 ----a-w- c:windowsSysWow64msls31.dll2013-04-30 08:04 . 2013-04-30 08:04 719360 ----a-w- c:windowsSysWow64mshtmlmedia.dll2013-04-30 08:04 . 2013-04-30 08:04 523264 ----a-w- c:windowsSysWow64vbscript.dll2013-04-30 08:04 . 2013-04-30 08:04 150528 ----a-w- c:windowsSysWow64iexpress.exe2013-04-30 08:04 . 2013-04-30 08:04 138752 ----a-w- c:windowsSysWow64wextract.exe2013-04-30 08:04 . 2013-04-30 08:04 38400 ----a-w- c:windowsSysWow64imgutil.dll2013-04-30 08:04 . 2013-04-30 08:04 137216 ----a-w- c:windowsSysWow64ieUnatt.exe2013-04-30 08:04 . 2013-04-30 08:04 12800 ----a-w- c:windowsSysWow64mshta.exe2013-04-30 08:04 . 2013-04-30 08:04 73728 ----a-w- c:windowsSysWow64SetIEInstalledDate.exe2013-04-30 08:04 . 2013-04-30 08:04 48640 ----a-w- c:windowsSysWow64mshtmler.dll2013-04-30 08:04 . 2013-04-30 08:04 110592 ----a-w- c:windowsSysWow64IEAdvpack.dll2013-04-30 08:04 . 2013-04-30 08:04 61952 ----a-w- c:windowsSysWow64tdc.ocx2013-04-30 08:04 . 2013-04-30 08:04 361984 ----a-w- c:windowsSysWow64html.iec2013-04-30 08:04 . 2013-04-30 08:04 23040 ----a-w- c:windowsSysWow64licmgr10.dll2013-04-30 08:04 . 2013-04-30 08:04 1441280 ----a-w- c:windowsSysWow64inetcpl.cpl2013-04-30 08:04 . 2013-04-30 08:04 216064 ----a-w- c:windowssystem32msls31.dll2013-04-30 08:04 . 2013-04-30 08:04 197120 ----a-w- c:windowssystem32msrating.dll2013-04-30 08:04 . 2013-04-30 08:04 81408 ----a-w- c:windowssystem32icardie.dll2013-04-30 08:04 . 2013-04-30 08:04 762368 ----a-w- c:windowssystem32ieapfltr.dll2013-04-30 08:04 . 2013-04-30 08:04 452096 ----a-w- c:windowssystem32dxtmsft.dll2013-04-30 08:04 . 2013-04-30 08:04 441856 ----a-w- c:windowssystem32html.iec2013-04-30 08:04 . 2013-04-30 08:04 281600 ----a-w- c:windowssystem32dxtrans.dll2013-04-30 08:04 . 2013-04-30 08:04 235008 ----a-w- c:windowssystem32url.dll2013-04-30 08:04 . 2013-04-30 08:04 1400416 ----a-w- c:windowssystem32ieapfltr.dat2013-04-30 08:04 . 2013-04-30 08:04 905728 ----a-w- c:windowssystem32mshtmlmedia.dll2013-04-30 08:04 . 2013-04-30 08:04 270848 ----a-w- c:windowssystem32iedkcs32.dll2013-04-30 08:04 . 2013-04-30 08:04 247296 ----a-w- c:windowssystem32webcheck.dll2013-04-30 08:04 . 2013-04-30 08:04 1509376 ----a-w- c:windowssystem32inetcpl.cpl2013-04-30 08:04 . 2013-04-30 08:04 97280 ----a-w- c:windowssystem32mshtmled.dll2013-04-30 08:04 . 2013-04-30 08:04 27648 ----a-w- c:windowssystem32licmgr10.dll2013-04-30 08:04 . 2013-04-30 08:04 102912 ----a-w- c:windowssystem32inseng.dll2013-04-30 08:04 . 2013-04-30 08:04 599552 ----a-w- c:windowssystem32vbscript.dll2013-04-30 08:04 . 2013-04-30 08:04 167424 ----a-w- c:windowssystem32iexpress.exe2013-04-30 08:04 . 2013-04-30 08:04 144896 ----a-w- c:windowssystem32wextract.exe2013-04-30 08:04 . 2013-04-30 08:04 62976 ----a-w- c:windowssystem32pngfilt.dll2013-04-30 08:04 . 2013-04-30 08:04 51200 ----a-w- c:windowssystem32imgutil.dll2013-04-30 08:04 . 2013-04-30 08:04 173568 ----a-w- c:windowssystem32ieUnatt.exe2013-04-30 08:04 . 2013-04-30 08:04 149504 ----a-w- c:windowssystem32occache.dll2013-04-30 08:04 . 2013-04-30 08:04 13824 ----a-w- c:windowssystem32mshta.exe2013-04-30 08:04 . 2013-04-30 08:04 52224 ----a-w- c:windowssystem32msfeedsbs.dll2013-04-30 08:04 . 2013-04-30 08:04 136192 ----a-w- c:windowssystem32iepeers.dll2013-04-30 08:04 . 2013-04-30 08:04 135680 ----a-w- c:windowssystem32IEAdvpack.dll2013-04-30 08:04 . 2013-04-30 08:04 12800 ----a-w- c:windowssystem32msfeedssync.exe2013-04-30 08:04 . 2013-04-30 08:04 92160 ----a-w- c:windowssystem32SetIEInstalledDate.exe2013-04-30 08:04 . 2013-04-30 08:04 48640 ----a-w- c:windowssystem32mshtmler.dll2013-04-30 08:04 . 2013-04-30 08:04 77312 ----a-w- c:windowssystem32tdc.ocx2013-04-26 05:51 . 2013-06-12 17:14 751104 ----a-w- c:windowssystem32win32spl.dll2013-04-26 04:55 . 2013-06-12 17:14 492544 ----a-w- c:windowsSysWow64win32spl.dll2013-04-25 23:30 . 2013-06-12 17:14 1505280 ----a-w- c:windowsSysWow64d3d11.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2013-05-15 5622512].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"PDVDDXSrv"="c:program files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe" [2009-06-25 140520]"Desktop Disc Tool"="c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe" [2009-06-19 494064]"DellSupportCenter"="c:program files (x86)Dell Support Centerbinsprtcmd.exe" [2009-05-21 206064]"EEventManager"="c:progra~2EPSONS~1EVENTM~1EEventManager.exe" [2009-04-07 673616]"AVG_UI"="c:program files (x86)AVGAVG2013avgui.exe" [2013-04-29 4408368]"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2013-04-04 958576]"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2013-03-12 253816].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]"c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"="c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" [2011-09-18 560128].c:programdataMicrosoftWindowsStart MenuProgramsStartupMicrosoft Office.lnk - c:program files (x86)Microsoft OfficeOffice10OSA.EXE -b -l [2001-2-13 83360].c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe /firstrun [2009-6-30 1316192].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]@="".R2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2013avgidsagent.exe;c:program files (x86)AVGAVG2013avgidsagent.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]R2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [x]R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program files (x86)AVGAVG10ToolbarToolbarBroker.exe;c:program files (x86)AVGAVG10ToolbarToolbarBroker.exe [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys;c:windowsSYSNATIVEDRIVERSavgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:windowssystem32DRIVERSavgloga.sys;c:windowsSYSNATIVEDRIVERSavgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys;c:windowsSYSNATIVEDRIVERSavgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys;c:windowsSYSNATIVEDRIVERSavgrkx64.sys [x]S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys;c:windowsSYSNATIVEDriversPxHlpa64.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys;c:windowsSYSNATIVEDRIVERSavgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys;c:windowsSYSNATIVEDRIVERSavgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys;c:windowsSYSNATIVEDRIVERSavgtdia.sys [x]S1 avgtp;avgtp;c:windowssystem32driversavgtpx64.sys;c:windowsSYSNATIVEdriversavgtpx64.sys [x]S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV64.SYS;c:program filesSUPERAntiSpywareSASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL64.SYS;c:program filesSUPERAntiSpywareSASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE;c:program filesSUPERAntiSpywareSASCORE64.EXE [x]S2 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe;c:program filesRealtekAudioHDAAERTSr64.exe [x]S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2013avgwdsvc.exe;c:program files (x86)AVGAVG2013avgwdsvc.exe [x]S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe;c:program filesDellDellDockDockLogin.exe [x]S2 SftService;SoftThinks Agent Service;c:program files (x86)Dell DataSafe Local Backupsftservice.exe;c:program files (x86)Dell DataSafe Local Backupsftservice.exe [x]S2 vncserver;VNC Server;c:program filesRealVNCVNC Servervncserver.exe;c:program filesRealVNCVNC Servervncserver.exe [x]S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.3.0ToolbarUpdater.exe;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.3.0ToolbarUpdater.exe [x]S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2013-07-17 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-07-12 01:26]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2009-06-02 7834656]"IgfxTray"="c:windowssystem32igfxtray.exe" [2009-09-24 165912]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2009-09-24 385560]"Persistence"="c:windowssystem32igfxpers.exe" [2009-09-24 363544].------- Supplementary Scan -------.uLocal Page = c:windowssystem32blank.htmmLocal Page = c:windowsSysWOW64blank.htmIE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office10EXCEL.EXE/3000IE: Google Sidewiki... - c:program files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlTCP: DhcpNameServer = 209.18.47.61 209.18.47.62FF - ProfilePath - c:usersrobertAppDataRoamingMozillaFirefoxProfilesbqo4cko3.default.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)Toolbar-Locked - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)Wow6432Node-HKCU-Run-Weather - c:program files (x86)AWSWeatherBugWeather.exeToolbar-Locked - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)HKLM-Run-Skytel - c:program filesRealtekAudioHDASkytel.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERSS-1-5-21-3714064275-492046377-2673127770-1001SoftwareAppDataLowSoftwareFCSB000063123ToolbarDCA]@DACL=(02 0000)@SACL=(02 0001)"Gender"=dword:00000000"Age"=dword:00000000"Income"=dword:00000000"ZIP"=dword:00000000"DcaInitialized"=dword:00000000.[HKEY_USERSS-1-5-21-3714064275-492046377-2673127770-1001SoftwareLavasoftAd-Aware]@DACL=(02 0000).[HKEY_USERSS-1-5-21-3714064275-492046377-2673127770-1001_ClassesTypeLib{B5A08717-BCD4-4AF4-BB69-BA84D44E770B}1.0]@DACL=(02 0000).[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).Completion time: 2013-07-17 04:35:36ComboFix-quarantined-files.txt 2013-07-17 09:35.Pre-Run: 576,946,180,096 bytes freePost-Run: 576,556,224,512 bytes free.- - End Of File - - 4F8E2B31FDB5CFCB581CA95E2C423D8DCDB4DE4BBD714F152979DA2DCBEF57EB

    Link to comment
    Share on other sites

    Download TDSSKiller[/b] and save it to your Desktop.

     

      [*]Extract the file and run it. [*]Once completed it will create a log in the root directory (usually C:)

      [*]Please post the contents of that log in your next reply.

    Link to comment
    Share on other sites

    Jacee,

     

    Sorry for the delay in replying. Had an IP conflict since the issue of connecting online. I went to my dads again - downloaded the TDSSKILLER from bleepingcomputer - I hope this is correct as there was no link. Below is the log file from that scan.

     

    I also did some searches on firefox and the redirect is still happening - BUT, I did the same searches in IE and no redirect? Very odd...

     

    19:51:32.0328 0200 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:1919:51:32.0718 0200 ============================================================19:51:32.0718 0200 Current date / time: 2013/07/20 19:51:32.071819:51:32.0718 0200 SystemInfo:19:51:32.0718 0200 19:51:32.0718 0200 OS Version: 6.1.7601 ServicePack: 1.019:51:32.0718 0200 Product type: Workstation19:51:32.0718 0200 ComputerName: ROBERTPC4619:51:32.0718 0200 UserName: robert19:51:32.0718 0200 Windows directory: C:Windows19:51:32.0718 0200 System windows directory: C:Windows19:51:32.0718 0200 Running under WOW6419:51:32.0718 0200 Processor architecture: Intel x6419:51:32.0718 0200 Number of processors: 219:51:32.0718 0200 Page size: 0x100019:51:32.0718 0200 Boot type: Normal boot19:51:32.0718 0200 ============================================================19:51:33.0529 0200 Drive DeviceHarddisk0DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004019:51:33.0560 0200 ============================================================19:51:33.0560 0200 DeviceHarddisk0DR0:19:51:33.0560 0200 MBR partitions:19:51:33.0560 0200 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C00019:51:33.0560 0200 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB019:51:33.0560 0200 ============================================================19:51:33.0576 0200 C: <-> DeviceHarddisk0DR0Partition219:51:33.0576 0200 ============================================================19:51:33.0576 0200 Initialize success19:51:33.0576 0200 ============================================================19:51:37.0834 5192 ============================================================19:51:37.0834 5192 Scan started19:51:37.0834 5192 Mode: Manual;19:51:37.0834 5192 ============================================================19:51:38.0755 5192 ================ Scan system memory ========================19:51:38.0755 5192 System memory - ok19:51:38.0755 5192 ================ Scan services =============================19:51:38.0864 5192 [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE C:Program FilesSUPERAntiSpywareSASCORE64.EXE19:51:38.0926 5192 !SASCORE - ok19:51:39.0036 5192 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:Windowssystem32drivers1394ohci.sys19:51:39.0051 5192 1394ohci - ok19:51:39.0098 5192 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:Windowssystem32driversACPI.sys19:51:39.0114 5192 ACPI - ok19:51:39.0160 5192 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:Windowssystem32driversacpipmi.sys19:51:39.0160 5192 AcpiPmi - ok19:51:39.0223 5192 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe19:51:39.0223 5192 AdobeARMservice - ok19:51:39.0332 5192 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe19:51:39.0348 5192 AdobeFlashPlayerUpdateSvc - ok19:51:39.0394 5192 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:Windowssystem32DRIVERSadp94xx.sys19:51:39.0410 5192 adp94xx - ok19:51:39.0457 5192 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:Windowssystem32DRIVERSadpahci.sys19:51:39.0472 5192 adpahci - ok19:51:39.0488 5192 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:Windowssystem32DRIVERSadpu320.sys19:51:39.0488 5192 adpu320 - ok19:51:39.0535 5192 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:WindowsSystem32aelupsvc.dll19:51:39.0535 5192 AeLookupSvc - ok19:51:39.0550 5192 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:Program FilesRealtekAudioHDAAERTSr64.exe19:51:39.0550 5192 AERTFilters - ok19:51:39.0597 5192 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:Windowssystem32driversafd.sys19:51:39.0613 5192 AFD - ok19:51:39.0644 5192 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:Windowssystem32driversagp440.sys19:51:39.0644 5192 agp440 - ok19:51:39.0675 5192 [ 3290D6946B5E30E70414990574883DDB ] ALG C:WindowsSystem32alg.exe19:51:39.0675 5192 ALG - ok19:51:39.0706 5192 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:Windowssystem32driversaliide.sys19:51:39.0706 5192 aliide - ok19:51:39.0722 5192 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:Windowssystem32driversamdide.sys19:51:39.0722 5192 amdide - ok19:51:39.0753 5192 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:Windowssystem32DRIVERSamdk8.sys19:51:39.0753 5192 AmdK8 - ok19:51:39.0769 5192 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:Windowssystem32DRIVERSamdppm.sys19:51:39.0784 5192 AmdPPM - ok19:51:39.0800 5192 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:Windowssystem32driversamdsata.sys19:51:39.0800 5192 amdsata - ok19:51:39.0816 5192 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:Windowssystem32DRIVERSamdsbs.sys19:51:39.0816 5192 amdsbs - ok19:51:39.0831 5192 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:Windowssystem32driversamdxata.sys19:51:39.0831 5192 amdxata - ok19:51:39.0878 5192 [ 89A69C3F2F319B43379399547526D952 ] AppID C:Windowssystem32driversappid.sys19:51:39.0878 5192 AppID - ok19:51:39.0894 5192 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:WindowsSystem32appidsvc.dll19:51:39.0894 5192 AppIDSvc - ok19:51:39.0925 5192 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:WindowsSystem32appinfo.dll19:51:39.0925 5192 Appinfo - ok19:51:39.0940 5192 [ C484F8CEB1717C540242531DB7845C4E ] arc C:Windowssystem32DRIVERSarc.sys19:51:39.0940 5192 arc - ok19:51:39.0956 5192 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:Windowssystem32DRIVERSarcsas.sys19:51:39.0956 5192 arcsas - ok19:51:39.0987 5192 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:Windowssystem32DRIVERSasyncmac.sys19:51:39.0987 5192 AsyncMac - ok19:51:40.0018 5192 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:Windowssystem32driversatapi.sys19:51:40.0018 5192 atapi - ok19:51:40.0065 5192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:WindowsSystem32Audiosrv.dll19:51:40.0081 5192 AudioEndpointBuilder - ok19:51:40.0096 5192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:WindowsSystem32Audiosrv.dll19:51:40.0096 5192 AudioSrv - ok19:51:40.0190 5192 [ EE651D98B03FE3C075CCC58AB61C9287 ] AVG Security Toolbar Service C:Program Files (x86)AVGAVG10ToolbarToolbarBroker.exe19:51:40.0206 5192 AVG Security Toolbar Service - ok19:51:40.0362 5192 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:Program Files (x86)AVGAVG2013avgidsagent.exe19:51:40.0455 5192 AVGIDSAgent - ok19:51:40.0502 5192 [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver C:Windowssystem32DRIVERSavgidsdrivera.sys19:51:40.0502 5192 AVGIDSDriver - ok19:51:40.0549 5192 [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA C:Windowssystem32DRIVERSavgidsha.sys19:51:40.0549 5192 AVGIDSHA - ok19:51:40.0596 5192 [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64 C:Windowssystem32DRIVERSavgldx64.sys19:51:40.0596 5192 Avgldx64 - ok19:51:40.0627 5192 [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga C:Windowssystem32DRIVERSavgloga.sys19:51:40.0642 5192 Avgloga - ok19:51:40.0674 5192 [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64 C:Windowssystem32DRIVERSavgmfx64.sys19:51:40.0674 5192 Avgmfx64 - ok19:51:40.0720 5192 [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64 C:Windowssystem32DRIVERSavgrkx64.sys19:51:40.0720 5192 Avgrkx64 - ok19:51:40.0736 5192 [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia C:Windowssystem32DRIVERSavgtdia.sys19:51:40.0752 5192 Avgtdia - ok19:51:40.0783 5192 [ 34E9A86B0EF71BA72B58D72215EBFABC ] avgtp C:Windowssystem32driversavgtpx64.sys19:51:40.0783 5192 avgtp - ok19:51:40.0798 5192 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:Program Files (x86)AVGAVG2013avgwdsvc.exe19:51:40.0814 5192 avgwd - ok19:51:40.0845 5192 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:WindowsSystem32AxInstSV.dll19:51:40.0861 5192 AxInstSV - ok19:51:40.0892 5192 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:Windowssystem32DRIVERSbxvbda.sys19:51:40.0908 5192 b06bdrv - ok19:51:40.0939 5192 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:Windowssystem32DRIVERSb57nd60a.sys19:51:40.0954 5192 b57nd60a - ok19:51:40.0986 5192 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:WindowsSystem32bdesvc.dll19:51:40.0986 5192 BDESVC - ok19:51:41.0001 5192 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:Windowssystem32driversBeep.sys19:51:41.0001 5192 Beep - ok19:51:41.0048 5192 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:WindowsSystem32bfe.dll19:51:41.0064 5192 BFE - ok19:51:41.0110 5192 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:WindowsSystem32qmgr.dll19:51:41.0126 5192 BITS - ok19:51:41.0142 5192 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:Windowssystem32DRIVERSblbdrive.sys19:51:41.0157 5192 blbdrive - ok19:51:41.0173 5192 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:Windowssystem32DRIVERSbowser.sys19:51:41.0173 5192 bowser - ok19:51:41.0188 5192 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:Windowssystem32DRIVERSBrFiltLo.sys19:51:41.0188 5192 BrFiltLo - ok19:51:41.0204 5192 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:Windowssystem32DRIVERSBrFiltUp.sys19:51:41.0204 5192 BrFiltUp - ok19:51:41.0235 5192 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:WindowsSystem32browser.dll19:51:41.0235 5192 Browser - ok19:51:41.0266 5192 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:WindowsSystem32DriversBrserid.sys19:51:41.0266 5192 Brserid - ok19:51:41.0266 5192 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:WindowsSystem32DriversBrSerWdm.sys19:51:41.0282 5192 BrSerWdm - ok19:51:41.0298 5192 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:WindowsSystem32DriversBrUsbMdm.sys19:51:41.0298 5192 BrUsbMdm - ok19:51:41.0313 5192 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:WindowsSystem32DriversBrUsbSer.sys19:51:41.0329 5192 BrUsbSer - ok19:51:41.0360 5192 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:Windowssystem32DRIVERSbthmodem.sys19:51:41.0360 5192 BTHMODEM - ok19:51:41.0422 5192 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:Windowssystem32bthserv.dll19:51:41.0438 5192 bthserv - ok19:51:41.0454 5192 [ B8BD2BB284668C84865658C77574381A ] cdfs C:Windowssystem32DRIVERScdfs.sys19:51:41.0454 5192 cdfs - ok19:51:41.0500 5192 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:Windowssystem32driverscdrom.sys19:51:41.0500 5192 cdrom - ok19:51:41.0563 5192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:WindowsSystem32certprop.dll19:51:41.0578 5192 CertPropSvc - ok19:51:41.0594 5192 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:Windowssystem32DRIVERScirclass.sys19:51:41.0594 5192 circlass - ok19:51:41.0625 5192 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:Windowssystem32CLFS.sys19:51:41.0625 5192 CLFS - ok19:51:41.0688 5192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe19:51:41.0703 5192 clr_optimization_v2.0.50727_32 - ok19:51:41.0750 5192 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe19:51:41.0750 5192 clr_optimization_v2.0.50727_64 - ok19:51:41.0812 5192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe19:51:41.0828 5192 clr_optimization_v4.0.30319_32 - ok19:51:41.0859 5192 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe19:51:41.0859 5192 clr_optimization_v4.0.30319_64 - ok19:51:41.0875 5192 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:Windowssystem32DRIVERSCmBatt.sys19:51:41.0875 5192 CmBatt - ok19:51:41.0906 5192 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:Windowssystem32driverscmdide.sys19:51:41.0906 5192 cmdide - ok19:51:41.0953 5192 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:Windowssystem32Driverscng.sys19:51:41.0984 5192 CNG - ok19:51:42.0031 5192 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:Windowssystem32DRIVERScompbatt.sys19:51:42.0046 5192 Compbatt - ok19:51:42.0093 5192 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:Windowssystem32driversCompositeBus.sys19:51:42.0093 5192 CompositeBus - ok19:51:42.0109 5192 COMSysApp - ok19:51:42.0140 5192 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:Windowssystem32DRIVERScrcdisk.sys19:51:42.0140 5192 crcdisk - ok19:51:42.0171 5192 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:Windowssystem32cryptsvc.dll19:51:42.0171 5192 CryptSvc - ok19:51:42.0218 5192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:Windowssystem32rpcss.dll19:51:42.0234 5192 DcomLaunch - ok19:51:42.0265 5192 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:WindowsSystem32defragsvc.dll19:51:42.0280 5192 defragsvc - ok19:51:42.0312 5192 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:Windowssystem32Driversdfsc.sys19:51:42.0327 5192 DfsC - ok19:51:42.0358 5192 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:Windowssystem32dhcpcore.dll19:51:42.0358 5192 Dhcp - ok19:51:42.0374 5192 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:Windowssystem32driversdiscache.sys19:51:42.0374 5192 discache - ok19:51:42.0390 5192 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:Windowssystem32DRIVERSdisk.sys19:51:42.0405 5192 Disk - ok19:51:42.0421 5192 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:WindowsSystem32dnsrslvr.dll19:51:42.0421 5192 Dnscache - ok19:51:42.0468 5192 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:Program FilesDellDellDockDockLogin.exe19:51:42.0483 5192 DockLoginService - ok19:51:42.0530 5192 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:WindowsSystem32dot3svc.dll19:51:42.0530 5192 dot3svc - ok19:51:42.0561 5192 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:Windowssystem32dps.dll19:51:42.0561 5192 DPS - ok19:51:42.0592 5192 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:Windowssystem32driversdrmkaud.sys19:51:42.0592 5192 drmkaud - ok19:51:42.0639 5192 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:WindowsSystem32driversdxgkrnl.sys19:51:42.0655 5192 DXGKrnl - ok19:51:42.0702 5192 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:WindowsSystem32eapsvc.dll19:51:42.0702 5192 EapHost - ok19:51:42.0764 5192 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:Windowssystem32DRIVERSevbda.sys19:51:42.0826 5192 ebdrv - ok19:51:42.0858 5192 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:WindowsSystem32lsass.exe19:51:42.0858 5192 EFS - ok19:51:42.0904 5192 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:WindowsehomeehRecvr.exe19:51:42.0936 5192 ehRecvr - ok19:51:42.0951 5192 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:Windowsehomeehsched.exe19:51:42.0951 5192 ehSched - ok19:51:42.0982 5192 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:Windowssystem32DRIVERSelxstor.sys19:51:42.0998 5192 elxstor - ok19:51:43.0045 5192 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE19:51:43.0107 5192 EPSON_EB_RPCV4_01 - ok19:51:43.0123 5192 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXE19:51:43.0154 5192 EPSON_PM_RPCV4_01 - ok19:51:43.0170 5192 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:Windowssystem32driverserrdev.sys19:51:43.0185 5192 ErrDev - ok19:51:43.0216 5192 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:Windowssystem32es.dll19:51:43.0216 5192 EventSystem - ok19:51:43.0216 5192 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:Windowssystem32driversexfat.sys19:51:43.0232 5192 exfat - ok19:51:43.0232 5192 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:Windowssystem32driversfastfat.sys19:51:43.0248 5192 fastfat - ok19:51:43.0279 5192 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:Windowssystem32fxssvc.exe19:51:43.0294 5192 Fax - ok19:51:43.0326 5192 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:Windowssystem32DRIVERSfdc.sys19:51:43.0326 5192 fdc - ok19:51:43.0341 5192 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:Windowssystem32fdPHost.dll19:51:43.0341 5192 fdPHost - ok19:51:43.0357 5192 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:Windowssystem32fdrespub.dll19:51:43.0357 5192 FDResPub - ok19:51:43.0372 5192 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:Windowssystem32driversfileinfo.sys19:51:43.0372 5192 FileInfo - ok19:51:43.0372 5192 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:Windowssystem32driversfiletrace.sys19:51:43.0372 5192 Filetrace - ok19:51:43.0388 5192 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:Windowssystem32DRIVERSflpydisk.sys19:51:43.0388 5192 flpydisk - ok19:51:43.0435 5192 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:Windowssystem32driversfltmgr.sys19:51:43.0435 5192 FltMgr - ok19:51:43.0497 5192 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:Windowssystem32FntCache.dll19:51:43.0513 5192 FontCache - ok19:51:43.0575 5192 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe19:51:43.0575 5192 FontCache3.0.0.0 - ok19:51:43.0606 5192 [ D43703496149971890703B4B1B723EAC ] FsDepends C:Windowssystem32driversFsDepends.sys19:51:43.0606 5192 FsDepends - ok19:51:43.0638 5192 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:Windowssystem32driversFs_Rec.sys19:51:43.0638 5192 Fs_Rec - ok19:51:43.0669 5192 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:Windowssystem32DRIVERSfvevol.sys19:51:43.0669 5192 fvevol - ok19:51:43.0700 5192 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:Windowssystem32DRIVERSgagp30kx.sys19:51:43.0700 5192 gagp30kx - ok19:51:43.0731 5192 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:Program Files (x86)CitrixGoToAssist514g2aservice.exe19:51:43.0731 5192 GoToAssist - ok19:51:43.0794 5192 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:WindowsSystem32gpsvc.dll19:51:43.0809 5192 gpsvc - ok19:51:43.0825 5192 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:Windowssystem32drivershcw85cir.sys19:51:43.0825 5192 hcw85cir - ok19:51:43.0872 5192 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:Windowssystem32driversHDAudBus.sys19:51:43.0872 5192 HDAudBus - ok19:51:43.0887 5192 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:Windowssystem32DRIVERSHidBatt.sys19:51:43.0887 5192 HidBatt - ok19:51:43.0903 5192 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:Windowssystem32DRIVERShidbth.sys19:51:43.0903 5192 HidBth - ok19:51:43.0903 5192 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:Windowssystem32DRIVERShidir.sys19:51:43.0918 5192 HidIr - ok19:51:43.0950 5192 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:Windowssystem32hidserv.dll19:51:43.0950 5192 hidserv - ok19:51:43.0996 5192 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:Windowssystem32drivershidusb.sys19:51:43.0996 5192 HidUsb - ok19:51:44.0028 5192 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:Windowssystem32kmsvc.dll19:51:44.0028 5192 hkmsvc - ok19:51:44.0059 5192 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:Windowssystem32ListSvc.dll19:51:44.0074 5192 HomeGroupListener - ok19:51:44.0106 5192 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:Windowssystem32provsvc.dll19:51:44.0106 5192 HomeGroupProvider - ok19:51:44.0137 5192 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:Windowssystem32driversHpSAMD.sys19:51:44.0137 5192 HpSAMD - ok19:51:44.0199 5192 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:Windowssystem32driversHTTP.sys19:51:44.0215 5192 HTTP - ok19:51:44.0246 5192 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:Windowssystem32drivershwpolicy.sys19:51:44.0246 5192 hwpolicy - ok19:51:44.0277 5192 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:Windowssystem32driversi8042prt.sys19:51:44.0277 5192 i8042prt - ok19:51:44.0324 5192 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:Windowssystem32driversiaStorV.sys19:51:44.0340 5192 iaStorV - ok19:51:44.0386 5192 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:WindowsMicrosoft.NETFramework64v3.0Windows Communication Foundationinfocard.exe19:51:44.0418 5192 idsvc - ok19:51:44.0542 5192 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:Windowssystem32DRIVERSigdkmd64.sys19:51:44.0652 5192 igfx - ok19:51:44.0683 5192 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:Windowssystem32DRIVERSiirsp.sys19:51:44.0683 5192 iirsp - ok19:51:44.0745 5192 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:WindowsSystem32ikeext.dll19:51:44.0761 5192 IKEEXT - ok19:51:44.0808 5192 [ F2B52C7B1C8E6A4FC4C4564F4A421F23 ] IntcAzAudAddService C:Windowssystem32driversRTKVHD64.sys19:51:44.0870 5192 IntcAzAudAddService - ok19:51:44.0901 5192 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:Windowssystem32driversintelide.sys19:51:44.0901 5192 intelide - ok19:51:44.0917 5192 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:Windowssystem32DRIVERSintelppm.sys19:51:44.0917 5192 intelppm - ok19:51:44.0948 5192 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:Windowssystem32ipbusenum.dll19:51:44.0948 5192 IPBusEnum - ok19:51:44.0979 5192 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:Windowssystem32DRIVERSipfltdrv.sys19:51:44.0979 5192 IpFilterDriver - ok19:51:45.0010 5192 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:WindowsSystem32iphlpsvc.dll19:51:45.0042 5192 iphlpsvc - ok19:51:45.0073 5192 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:Windowssystem32driversIPMIDrv.sys19:51:45.0073 5192 IPMIDRV - ok19:51:45.0088 5192 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:Windowssystem32driversipnat.sys19:51:45.0088 5192 IPNAT - ok19:51:45.0104 5192 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:Windowssystem32driversirenum.sys19:51:45.0104 5192 IRENUM - ok19:51:45.0135 5192 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:Windowssystem32driversisapnp.sys19:51:45.0135 5192 isapnp - ok19:51:45.0166 5192 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:Windowssystem32driversmsiscsi.sys19:51:45.0166 5192 iScsiPrt - ok19:51:45.0198 5192 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:Windowssystem32driverskbdclass.sys19:51:45.0213 5192 kbdclass - ok19:51:45.0244 5192 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:Windowssystem32driverskbdhid.sys19:51:45.0244 5192 kbdhid - ok19:51:45.0260 5192 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:Windowssystem32lsass.exe19:51:45.0260 5192 KeyIso - ok19:51:45.0291 5192 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:Windowssystem32Driversksecdd.sys19:51:45.0307 5192 KSecDD - ok19:51:45.0338 5192 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:Windowssystem32Driversksecpkg.sys19:51:45.0338 5192 KSecPkg - ok19:51:45.0354 5192 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:Windowssystem32driversksthunk.sys19:51:45.0354 5192 ksthunk - ok19:51:45.0385 5192 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:Windowssystem32msdtckrm.dll19:51:45.0400 5192 KtmRm - ok19:51:45.0432 5192 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:Windowssystem32srvsvc.dll19:51:45.0432 5192 LanmanServer - ok19:51:45.0463 5192 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:WindowsSystem32wkssvc.dll19:51:45.0463 5192 LanmanWorkstation - ok19:51:45.0494 5192 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:Windowssystem32DRIVERSlltdio.sys19:51:45.0494 5192 lltdio - ok19:51:45.0525 5192 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:WindowsSystem32lltdsvc.dll19:51:45.0541 5192 lltdsvc - ok19:51:45.0556 5192 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:WindowsSystem32lmhsvc.dll19:51:45.0556 5192 lmhosts - ok19:51:45.0572 5192 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:Windowssystem32DRIVERSlsi_fc.sys19:51:45.0588 5192 LSI_FC - ok19:51:45.0603 5192 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:Windowssystem32DRIVERSlsi_sas.sys19:51:45.0603 5192 LSI_SAS - ok19:51:45.0619 5192 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:Windowssystem32DRIVERSlsi_sas2.sys19:51:45.0619 5192 LSI_SAS2 - ok19:51:45.0634 5192 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:Windowssystem32DRIVERSlsi_scsi.sys19:51:45.0634 5192 LSI_SCSI - ok19:51:45.0650 5192 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:Windowssystem32driversluafv.sys19:51:45.0650 5192 luafv - ok19:51:45.0681 5192 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:Windowssystem32Mcx2Svc.dll19:51:45.0681 5192 Mcx2Svc - ok19:51:45.0728 5192 [ E416E967E3FB6FB1E9AE12B9C7DAB526 ] MDM C:Program Files (x86)Common FilesMicrosoft SharedVS7Debugmdm.exe19:51:45.0775 5192 MDM - ok19:51:45.0790 5192 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:Windowssystem32DRIVERSmegasas.sys19:51:45.0790 5192 megasas - ok19:51:45.0806 5192 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:Windowssystem32DRIVERSMegaSR.sys19:51:45.0806 5192 MegaSR - ok19:51:45.0822 5192 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:Windowssystem32mmcss.dll19:51:45.0822 5192 MMCSS - ok19:51:45.0837 5192 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:Windowssystem32driversmodem.sys19:51:45.0837 5192 Modem - ok19:51:45.0868 5192 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:Windowssystem32DRIVERSmonitor.sys19:51:45.0884 5192 monitor - ok19:51:45.0915 5192 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:Windowssystem32driversmouclass.sys19:51:45.0915 5192 mouclass - ok19:51:45.0931 5192 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:Windowssystem32DRIVERSmouhid.sys19:51:45.0931 5192 mouhid - ok19:51:45.0962 5192 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:Windowssystem32driversmountmgr.sys19:51:45.0962 5192 mountmgr - ok19:51:46.0024 5192 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe19:51:46.0024 5192 MozillaMaintenance - ok19:51:46.0056 5192 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:Windowssystem32driversmpio.sys19:51:46.0056 5192 mpio - ok19:51:46.0087 5192 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:Windowssystem32driversmpsdrv.sys19:51:46.0087 5192 mpsdrv - ok19:51:46.0134 5192 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:Windowssystem32mpssvc.dll19:51:46.0149 5192 MpsSvc - ok19:51:46.0180 5192 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:Windowssystem32driversmrxdav.sys19:51:46.0196 5192 MRxDAV - ok19:51:46.0212 5192 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:Windowssystem32DRIVERSmrxsmb.sys19:51:46.0227 5192 mrxsmb - ok19:51:46.0258 5192 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:Windowssystem32DRIVERSmrxsmb10.sys19:51:46.0258 5192 mrxsmb10 - ok19:51:46.0290 5192 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:Windowssystem32DRIVERSmrxsmb20.sys19:51:46.0290 5192 mrxsmb20 - ok19:51:46.0321 5192 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:Windowssystem32driversmsahci.sys19:51:46.0321 5192 msahci - ok19:51:46.0352 5192 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:Windowssystem32driversmsdsm.sys19:51:46.0352 5192 msdsm - ok19:51:46.0383 5192 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:WindowsSystem32msdtc.exe19:51:46.0383 5192 MSDTC - ok19:51:46.0414 5192 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:Windowssystem32driversMsfs.sys19:51:46.0414 5192 Msfs - ok19:51:46.0430 5192 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:WindowsSystem32driversmshidkmdf.sys19:51:46.0430 5192 mshidkmdf - ok19:51:46.0461 5192 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:Windowssystem32driversmsisadrv.sys19:51:46.0461 5192 msisadrv - ok19:51:46.0492 5192 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:Windowssystem32iscsiexe.dll19:51:46.0492 5192 MSiSCSI - ok19:51:46.0508 5192 msiserver - ok19:51:46.0539 5192 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:Windowssystem32driversMSKSSRV.sys19:51:46.0539 5192 MSKSSRV - ok19:51:46.0555 5192 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:Windowssystem32driversMSPCLOCK.sys19:51:46.0555 5192 MSPCLOCK - ok19:51:46.0586 5192 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:Windowssystem32driversMSPQM.sys19:51:46.0586 5192 MSPQM - ok19:51:46.0617 5192 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:Windowssystem32driversMsRPC.sys19:51:46.0617 5192 MsRPC - ok19:51:46.0633 5192 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:Windowssystem32driversmssmbios.sys19:51:46.0633 5192 mssmbios - ok19:51:46.0648 5192 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:Windowssystem32driversMSTEE.sys19:51:46.0648 5192 MSTEE - ok19:51:46.0664 5192 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:Windowssystem32DRIVERSMTConfig.sys19:51:46.0664 5192 MTConfig - ok19:51:46.0680 5192 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:Windowssystem32Driversmup.sys19:51:46.0680 5192 Mup - ok19:51:46.0711 5192 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:Windowssystem32qagentRT.dll19:51:46.0726 5192 napagent - ok19:51:46.0758 5192 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:Windowssystem32DRIVERSnwifi.sys19:51:46.0758 5192 NativeWifiP - ok19:51:46.0804 5192 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:Windowssystem32driversndis.sys19:51:46.0836 5192 NDIS - ok19:51:46.0851 5192 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:Windowssystem32DRIVERSndiscap.sys19:51:46.0851 5192 NdisCap - ok19:51:46.0882 5192 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:Windowssystem32DRIVERSndistapi.sys19:51:46.0882 5192 NdisTapi - ok19:51:46.0914 5192 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:Windowssystem32DRIVERSndisuio.sys19:51:46.0914 5192 Ndisuio - ok19:51:46.0945 5192 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:Windowssystem32DRIVERSndiswan.sys19:51:46.0945 5192 NdisWan - ok19:51:46.0992 5192 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:Windowssystem32driversNDProxy.sys19:51:46.0992 5192 NDProxy - ok19:51:47.0007 5192 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:Windowssystem32DRIVERSnetbios.sys19:51:47.0007 5192 NetBIOS - ok19:51:47.0054 5192 [ 09594D1089C523423B32A4229263F068 ] NetBT C:Windowssystem32DRIVERSnetbt.sys19:51:47.0101 5192 NetBT - ok19:51:47.0101 5192 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:Windowssystem32lsass.exe19:51:47.0116 5192 Netlogon - ok19:51:47.0148 5192 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:WindowsSystem32netman.dll19:51:47.0148 5192 Netman - ok19:51:47.0163 5192 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:WindowsSystem32netprofm.dll19:51:47.0163 5192 netprofm - ok19:51:47.0194 5192 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:WindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe19:51:47.0210 5192 NetTcpPortSharing - ok19:51:47.0226 5192 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:Windowssystem32DRIVERSnfrd960.sys19:51:47.0226 5192 nfrd960 - ok19:51:47.0257 5192 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:WindowsSystem32nlasvc.dll19:51:47.0272 5192 NlaSvc - ok19:51:47.0288 5192 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:Windowssystem32driversNpfs.sys19:51:47.0288 5192 Npfs - ok19:51:47.0335 5192 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:Windowssystem32nsisvc.dll19:51:47.0335 5192 nsi - ok19:51:47.0350 5192 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:Windowssystem32driversnsiproxy.sys19:51:47.0350 5192 nsiproxy - ok19:51:47.0413 5192 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:Windowssystem32driversNtfs.sys19:51:47.0444 5192 Ntfs - ok19:51:47.0460 5192 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:Windowssystem32driversNull.sys19:51:47.0460 5192 Null - ok19:51:47.0522 5192 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:Windowssystem32driversnvraid.sys19:51:47.0522 5192 nvraid - ok19:51:47.0553 5192 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:Windowssystem32driversnvstor.sys19:51:47.0553 5192 nvstor - ok19:51:47.0569 5192 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:Windowssystem32driversnv_agp.sys19:51:47.0569 5192 nv_agp - ok19:51:47.0600 5192 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:Windowssystem32driversohci1394.sys19:51:47.0600 5192 ohci1394 - ok19:51:47.0631 5192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:Windowssystem32pnrpsvc.dll19:51:47.0647 5192 p2pimsvc - ok19:51:47.0678 5192 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:Windowssystem32p2psvc.dll19:51:47.0694 5192 p2psvc - ok19:51:47.0709 5192 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:Windowssystem32DRIVERSparport.sys19:51:47.0709 5192 Parport - ok19:51:47.0740 5192 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:Windowssystem32driverspartmgr.sys19:51:47.0740 5192 partmgr - ok19:51:47.0756 5192 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:WindowsSystem32pcasvc.dll19:51:47.0772 5192 PcaSvc - ok19:51:47.0787 5192 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:Windowssystem32driverspci.sys19:51:47.0787 5192 pci - ok19:51:47.0818 5192 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:Windowssystem32driverspciide.sys19:51:47.0818 5192 pciide - ok19:51:47.0850 5192 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:Windowssystem32DRIVERSpcmcia.sys19:51:47.0850 5192 pcmcia - ok19:51:47.0865 5192 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:Windowssystem32driverspcw.sys19:51:47.0865 5192 pcw - ok19:51:47.0881 5192 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:Windowssystem32driverspeauth.sys19:51:47.0896 5192 PEAUTH - ok19:51:47.0974 5192 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:WindowsSysWow64perfhost.exe19:51:47.0974 5192 PerfHost - ok19:51:48.0037 5192 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:Windowssystem32pla.dll19:51:48.0068 5192 pla - ok19:51:48.0130 5192 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:Windowssystem32umpnpmgr.dll19:51:48.0146 5192 PlugPlay - ok19:51:48.0162 5192 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:Windowssystem32pnrpauto.dll19:51:48.0162 5192 PNRPAutoReg - ok19:51:48.0177 5192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:Windowssystem32pnrpsvc.dll19:51:48.0177 5192 PNRPsvc - ok19:51:48.0208 5192 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:WindowsSystem32ipsecsvc.dll19:51:48.0240 5192 PolicyAgent - ok19:51:48.0271 5192 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:Windowssystem32umpo.dll19:51:48.0271 5192 Power - ok19:51:48.0318 5192 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:Windowssystem32DRIVERSraspptp.sys19:51:48.0318 5192 PptpMiniport - ok19:51:48.0333 5192 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:Windowssystem32DRIVERSprocessr.sys19:51:48.0333 5192 Processor - ok19:51:48.0380 5192 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:Windowssystem32profsvc.dll19:51:48.0380 5192 ProfSvc - ok19:51:48.0396 5192 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:Windowssystem32lsass.exe19:51:48.0396 5192 ProtectedStorage - ok19:51:48.0427 5192 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:Windowssystem32DRIVERSpacer.sys19:51:48.0427 5192 Psched - ok19:51:48.0458 5192 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:Windowssystem32DriversPxHlpa64.sys19:51:48.0458 5192 PxHlpa64 - ok19:51:48.0505 5192 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:Windowssystem32DRIVERSql2300.sys19:51:48.0536 5192 ql2300 - ok19:51:48.0552 5192 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:Windowssystem32DRIVERSql40xx.sys19:51:48.0552 5192 ql40xx - ok19:51:48.0583 5192 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:Windowssystem32qwave.dll19:51:48.0598 5192 QWAVE - ok19:51:48.0614 5192 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:Windowssystem32driversqwavedrv.sys19:51:48.0614 5192 QWAVEdrv - ok19:51:48.0630 5192 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:Windowssystem32DRIVERSrasacd.sys19:51:48.0630 5192 RasAcd - ok19:51:48.0661 5192 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:Windowssystem32DRIVERSAgileVpn.sys19:51:48.0661 5192 RasAgileVpn - ok19:51:48.0676 5192 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:WindowsSystem32rasauto.dll19:51:48.0676 5192 RasAuto - ok19:51:48.0708 5192 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:Windowssystem32DRIVERSrasl2tp.sys19:51:48.0708 5192 Rasl2tp - ok19:51:48.0754 5192 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:WindowsSystem32rasmans.dll19:51:48.0754 5192 RasMan - ok19:51:48.0770 5192 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:Windowssystem32DRIVERSraspppoe.sys19:51:48.0770 5192 RasPppoe - ok19:51:48.0786 5192 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:Windowssystem32DRIVERSrassstp.sys19:51:48.0786 5192 RasSstp - ok19:51:48.0817 5192 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:Windowssystem32DRIVERSrdbss.sys19:51:48.0832 5192 rdbss - ok19:51:48.0848 5192 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:Windowssystem32DRIVERSrdpbus.sys19:51:48.0848 5192 rdpbus - ok19:51:48.0864 5192 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:Windowssystem32DRIVERSRDPCDD.sys19:51:48.0864 5192 RDPCDD - ok19:51:48.0895 5192 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:Windowssystem32driversrdpencdd.sys19:51:48.0895 5192 RDPENCDD - ok19:51:48.0910 5192 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:Windowssystem32driversrdprefmp.sys19:51:48.0910 5192 RDPREFMP - ok19:51:48.0926 5192 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:Windowssystem32driversRDPWD.sys19:51:48.0926 5192 RDPWD - ok19:51:48.0973 5192 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:Windowssystem32driversrdyboost.sys19:51:48.0973 5192 rdyboost - ok19:51:49.0004 5192 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:WindowsSystem32mprdim.dll19:51:49.0004 5192 RemoteAccess - ok19:51:49.0020 5192 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:Windowssystem32regsvc.dll19:51:49.0020 5192 RemoteRegistry - ok19:51:49.0035 5192 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:WindowsSystem32RpcEpMap.dll19:51:49.0035 5192 RpcEptMapper - ok19:51:49.0051 5192 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:Windowssystem32locator.exe19:51:49.0051 5192 RpcLocator - ok19:51:49.0098 5192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:Windowssystem32rpcss.dll19:51:49.0113 5192 RpcSs - ok19:51:49.0129 5192 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:Windowssystem32DRIVERSrspndr.sys19:51:49.0129 5192 rspndr - ok19:51:49.0160 5192 [ 4FE1CEF69D36E913738234303986FBB3 ] RTL8167 C:Windowssystem32DRIVERSRt64win7.sys19:51:49.0160 5192 RTL8167 - ok19:51:49.0176 5192 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:Windowssystem32lsass.exe19:51:49.0176 5192 SamSs - ok19:51:49.0254 5192 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS19:51:49.0254 5192 SASDIFSV - ok19:51:49.0269 5192 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS19:51:49.0269 5192 SASKUTIL - ok19:51:49.0316 5192 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:Windowssystem32driverssbp2port.sys19:51:49.0316 5192 sbp2port - ok19:51:49.0378 5192 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe19:51:49.0410 5192 SBSDWSCService - ok19:51:49.0456 5192 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:WindowsSystem32SCardSvr.dll19:51:49.0456 5192 SCardSvr - ok19:51:49.0488 5192 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:Windowssystem32DRIVERSscfilter.sys19:51:49.0488 5192 scfilter - ok19:51:49.0534 5192 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:Windowssystem32schedsvc.dll19:51:49.0566 5192 Schedule - ok19:51:49.0597 5192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:WindowsSystem32certprop.dll19:51:49.0597 5192 SCPolicySvc - ok19:51:49.0628 5192 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:WindowsSystem32SDRSVC.dll19:51:49.0644 5192 SDRSVC - ok19:51:49.0690 5192 [ 58DC20EB15F071804C56FCCC796417A2 ] SeaPort C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe19:51:49.0690 5192 SeaPort - ok19:51:49.0722 5192 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:Windowssystem32driverssecdrv.sys19:51:49.0722 5192 secdrv - ok19:51:49.0753 5192 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:Windowssystem32seclogon.dll19:51:49.0753 5192 seclogon - ok19:51:49.0768 5192 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:WindowsSystem32sens.dll19:51:49.0784 5192 SENS - ok19:51:49.0800 5192 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:Windowssystem32sensrsvc.dll19:51:49.0800 5192 SensrSvc - ok19:51:49.0815 5192 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:Windowssystem32DRIVERSserenum.sys19:51:49.0815 5192 Serenum - ok19:51:49.0846 5192 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:Windowssystem32DRIVERSserial.sys19:51:49.0846 5192 Serial - ok19:51:49.0878 5192 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:Windowssystem32DRIVERSsermouse.sys19:51:49.0878 5192 sermouse - ok19:51:49.0909 5192 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:Windowssystem32sessenv.dll19:51:49.0909 5192 SessionEnv - ok19:51:49.0940 5192 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:Windowssystem32driverssffdisk.sys19:51:49.0956 5192 sffdisk - ok19:51:49.0971 5192 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:Windowssystem32driverssffp_mmc.sys19:51:49.0971 5192 sffp_mmc - ok19:51:49.0987 5192 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:Windowssystem32driverssffp_sd.sys19:51:49.0987 5192 sffp_sd - ok19:51:50.0018 5192 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:Windowssystem32DRIVERSsfloppy.sys19:51:50.0018 5192 sfloppy - ok19:51:50.0080 5192 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:Program Files (x86)Dell DataSafe Local Backupsftservice.exe19:51:50.0112 5192 SftService - ok19:51:50.0143 5192 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:WindowsSystem32ipnathlp.dll19:51:50.0143 5192 SharedAccess - ok19:51:50.0174 5192 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:WindowsSystem32shsvcs.dll19:51:50.0190 5192 ShellHWDetection - ok19:51:50.0221 5192 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:Windowssystem32DRIVERSSiSRaid2.sys19:51:50.0221 5192 SiSRaid2 - ok19:51:50.0236 5192 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:Windowssystem32DRIVERSsisraid4.sys19:51:50.0236 5192 SiSRaid4 - ok19:51:50.0268 5192 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:Windowssystem32DRIVERSsmb.sys19:51:50.0268 5192 Smb - ok19:51:50.0314 5192 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:WindowsSystem32snmptrap.exe19:51:50.0314 5192 SNMPTRAP - ok19:51:50.0330 5192 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:Windowssystem32driversspldr.sys19:51:50.0330 5192 spldr - ok19:51:50.0361 5192 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:WindowsSystem32spoolsv.exe19:51:50.0377 5192 Spooler - ok19:51:50.0470 5192 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:Windowssystem32sppsvc.exe19:51:50.0533 5192 sppsvc - ok19:51:50.0548 5192 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:Windowssystem32sppuinotify.dll19:51:50.0548 5192 sppuinotify - ok19:51:50.0595 5192 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:Program Files (x86)Dell Support Centerbinsprtsvc.exe19:51:50.0595 5192 sprtsvc_DellSupportCenter - ok19:51:50.0626 5192 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:Windowssystem32DRIVERSsrv.sys19:51:50.0642 5192 srv - ok19:51:50.0658 5192 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:Windowssystem32DRIVERSsrv2.sys19:51:50.0658 5192 srv2 - ok19:51:50.0673 5192 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:Windowssystem32DRIVERSsrvnet.sys19:51:50.0673 5192 srvnet - ok19:51:50.0704 5192 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:WindowsSystem32ssdpsrv.dll19:51:50.0704 5192 SSDPSRV - ok19:51:50.0720 5192 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:Windowssystem32sstpsvc.dll19:51:50.0720 5192 SstpSvc - ok19:51:50.0736 5192 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:Windowssystem32DRIVERSstexstor.sys19:51:50.0736 5192 stexstor - ok19:51:50.0782 5192 [ 8DD52E8E6128F4

    Link to comment
    Share on other sites

    Thank you for letting me know!

     

    Combofix uninstall:

     

    Click on the Start button and then select Run from the menu. This will open up the Run box.
    Copy/Paste combofix /uninstall (Please note that there is a space between combofix and /uninstall), click on the OK button or Enter on your keyboard.
    You can now delete the ComboFix.exe program from your computer

     

    For Vista / Windows 7
    • Click START Search

    • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

     

    Keep TFC, this is a great cleaner application. You can use it along with Ccleaner.

    Link to comment
    Share on other sites

    I always make sure to let you guys / gals know that the issue is resolved so you can tell me what and how to clean up all the items installed and close out the thread-

     

    I have uninstalled combofix and really appreciate your help through all this!

     

    Thanks so much ! I will keep the TFC and show him how to use it.

     

    Ben

    Link to comment
    Share on other sites

     Share

    ×
    ×
    • Create New...