Jump to content

Search the Community

Showing results for tags 'smart hdd'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. Hello. I believe I've been hit with the Smart HDD virus or something similar. I can't run MBAM, so I don't know for sure. But I'm getting similar critical hard-drive error messages to those that have been reported with Smart HDD. I've tried to start up in Safe Mode. I get a Windows Error Recovery message that allows me to choose only between "Launch Startup Repair" and "Start Windows Normally." I didn't want to run Startup Repair until I'd consulted this forum. I'm running Win7, 64-bit, on a Dell Inspiron laptop. Any help that you can provide would be very much appreciated. I'm sorry I don't have the DDS scan yet, since my computer shut down after infection. But here's the chain of events: • Using Firefox, I ran a Google search and clicked on a link in the Google search results to go to a recognized website. • As soon as I clicked over to the website, a PDF began downloading. I hadn't clicked on anything within the site itself that should have prompted a PDF download. I tried to cancel the download in my FF downloads window, but the download had already completed. My open Adobe Acrobat windows immediately closed. • Since an auto-PDF download was how I picked up a Trojan.Dropper.BCMiner infection a couple months ago, I immediately started a MBAM scan. I was able to update MBAM and initiate the scan. • While MBAM was running, I tried to also initiate a Windows Defender scan. I couldn't launch Windows Defender at all; I couldn't even get to the Windows Defender launch interface. • While MBAM was running, my open Firefox windows suddenly closed, and then my open IE window. I was able to re-open FF, but I couldn't connect to any websites — my wireless connection had been disconnected. My network was still online, so I tried to reconnect. I got a seeming Windows message prompting me to connect an Ethernet cable to my laptop. I ignored the error and connected to my wireless network. • Then my FF shut down again. Concerned that I might be open to remote-control of my laptop, I disconnected from my wireless network to take my computer offline. • Then I got a seeming Windows message popup, with an exclamation mark in a yellow triangle, telling me that Windows had encountered an error during an IO something-or-other and that it was recommended that I do a HDD "Scan and Repair" to prevent possible data loss. There were a couple grammar errors in the message, so I ignored it. • Next, the MBAM scan suddenly aborted mid-scan, and MBAM shut down. • Then I got a string of 10 or so popup error dialogs, also marked with an exclamation mark in a yellow triangle, that said, "System message - Write Fault Error. A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception reference to an invalid system memory address." The three button options were "Cancel," "Try Again," and "Continue." • I ignored these pop-ups as well, and then I started getting error mesages from the system tray/notifications section of my toolbar. The messages popped up one at a time. When I didn't click on an error message, a new error notification would pop up after a few minutes. The notifications cycled repeatedly through 5 different messages: "Device initialization failed" (marked with a white X in a red circle). "Critical Error. Drive sector not found error" (exclamation mark in a yellow triangle). "Critical error. Hard drive controller failure" (excla. mark in a yellow triangle). "Data Error Reading Drive C:\" (X in red circle). And one more error message about insufficient system resources. • While I was writing down the errors, all the icons in my Quick Launch toolbar disappeared. • Then I got another string of those popup "Write Fault Error" dialogs, and then another string after several minutes. • I didn't click on anything. After about 15–20 minutes, my computer, of its own accord, cleared all the pop-up dialogs that were on the desktop, as well as the IO/HDD "Scan and Repair" window; then it logged itself off and shut itself down and began to restart Windows. At that point, I force-shut it down before it could restart Windows. • When I attempted to boot up in Safe Mode, I got this message: "Windows Error Recovery. Windows failed to start. A recent hardware or software change might be the cause. If Windows files have been damaged or configured incorrectly, Startup Repair can hel pdiagnose and fixe the problem. If power was interrupted during startup, choose Start Windows Normally. (Use the arrow keys to highlight your choice.)" And then my two options are "Launch Startup Repair (recommended)" and "Start Windows Normally." I didn't want to launch Startup Repair unless instructed. If I should run the Startup Repair in order to be able to boot up in Safe Mode and run MBAM, please let me know. Whatever it is I picked up went after my desktop fairly aggressively, and I'm just not sure what I should do next.
  2. Hello, I've been trying to remove the SMART HDD virus from my computer with Malwarebytes, but I can't install it because it tells me that "access is denied". I'm not really sure what to do at this point. I don't know what logs I need to post, so any instruction is greatly appreciated.
  3. Hello, I got infected by the said names above and I have been using MBAM to remove them. However, they have been coming back "everyday". So I figured, there was an exploit that keeps my pc re-infected. I downloaded and ran Kaspersky Rescue Disk 10 and it found some trojan downloader etc.. and I removed it. Now I ran MBAM and updated again and it did not find anything anymore... so I was expecting everything is okay. (by the way I also tried TDSSKiller by Kaspersky and it did not find anything) My issue now is that when I google something and click on the link on the results... It still redirect me to a numeric ip with /c.php?blahblah something. I went ahead and downloaded and ran ComboFix and below is the result. (please delete after) Thanks! =============================================================== ComboFix 12-05-10.04 - michaelrp 05/10/2012 14:31:37.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16366.14243 [GMT -7:00] Running from: c:\users\michaelrp\Desktop\ComboFix.exe SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 ))))))))))))))))))))))))))))))) . . 2012-05-10 21:34 . 2012-05-10 21:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-05-10 21:34 . 2012-05-10 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-10 18:13 . 2012-04-13 21:28 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys 2012-05-10 18:10 . 2012-04-23 21:18 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-05-10 18:10 . 2012-05-10 18:12 -------- d-----w- c:\programdata\PC Tools 2012-05-10 18:10 . 2012-05-10 18:10 -------- d-----w- c:\users\michaelrp\AppData\Roaming\TestApp 2012-05-10 17:12 . 2012-05-10 17:12 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-10 16:39 . 2012-05-10 16:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-10 16:39 . 2012-05-10 16:39 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-10 02:48 . 2012-05-10 03:12 -------- d-----w- c:\users\michaelrp\DoctorWeb 2012-05-10 02:29 . 2012-05-10 02:29 -------- d-----w- c:\windows\system32\appmgmt 2012-05-08 21:32 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-08 21:32 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-08 21:32 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-08 21:32 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-08 21:32 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-08 21:32 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-08 21:32 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-08 21:32 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 21:32 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-08 21:32 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:32 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-08 21:32 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:31 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-08 21:29 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E798604E-7681-4A80-8BE7-1DC15512EB01}\mpengine.dll 2012-05-06 00:01 . 2012-05-06 00:01 -------- d-----w- c:\program files (x86)\TopCMM 2012-05-02 06:21 . 2012-05-02 06:21 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 06:21 . 2012-05-02 06:21 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-05-02 06:21 . 2012-05-02 06:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-04-12 10:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 10:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 10:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 10:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 10:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 10:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 10:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-11 18:16 . 2012-05-06 07:16 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-11 00:14 . 2012-04-11 00:31 -------- d-----w- c:\program files (x86)\Canon 2012-04-11 00:14 . 2012-04-11 00:14 -------- d-----w- c:\programdata\Canon IJ Network Tool 2012-04-11 00:14 . 2012-04-11 00:14 -------- d-----w- c:\programdata\CanonIJFAX 2012-04-11 00:14 . 2010-09-13 21:44 106496 ----a-w- c:\windows\SysWow64\CNC880U.dll 2012-04-11 00:14 . 2010-09-07 00:03 315392 ----a-w- c:\windows\SysWow64\CNC880L.dll 2012-04-11 00:14 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll 2012-04-11 00:14 . 2012-04-11 00:14 -------- d-----w- c:\windows\system32\STRING 2012-04-11 00:14 . 2010-09-08 23:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL 2012-04-11 00:14 . 2010-09-08 23:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2012-04-11 00:14 . 2010-09-08 23:26 342016 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL 2012-04-11 00:13 . 2012-04-11 00:13 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-04-11 00:13 . 2012-04-11 00:13 -------- d-----w- c:\programdata\CanonBJ 2012-04-11 00:13 . 2010-10-18 12:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL 2012-04-11 00:13 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL 2012-04-11 00:13 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMLMAN.DLL 2012-04-11 00:13 . 2010-10-19 12:00 302080 ----a-w- c:\windows\system32\CNCALAN.DLL 2012-04-11 00:13 . 2010-09-07 17:58 248320 ----a-w- c:\windows\system32\CNMIUAN.DLL 2012-04-11 00:13 . 2012-04-11 00:13 -------- d-----w- c:\program files\CanonBJ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 20:55 . 2012-05-10 18:13 3488 ----a-w- c:\windows\UDB.zip 2012-04-13 20:55 . 2012-05-10 18:13 131 ----a-w- c:\windows\IDB.zip 2012-04-04 22:56 . 2012-03-05 04:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-07 22:45 . 2012-03-08 23:50 69632 ----a-w- C:\nporbit.dll 2012-02-25 05:40 . 2012-02-25 05:40 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2012-02-25 05:40 . 2012-02-25 05:40 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-02-25 05:40 . 2012-02-25 05:40 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 778752 ----a-w- c:\windows\system32\mssvp.dll 2012-02-25 05:40 . 2012-02-25 05:40 75264 ----a-w- c:\windows\system32\msscntrs.dll 2012-02-25 05:40 . 2012-02-25 05:40 666624 ----a-w- c:\windows\SysWow64\mssvp.dll 2012-02-25 05:40 . 2012-02-25 05:40 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2012-02-25 05:40 . 2012-02-25 05:40 591872 ----a-w- c:\windows\system32\SearchIndexer.exe 2012-02-25 05:40 . 2012-02-25 05:40 491520 ----a-w- c:\windows\system32\mssph.dll 2012-02-25 05:40 . 2012-02-25 05:40 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-02-25 05:40 . 2012-02-25 05:40 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2012-02-25 05:40 . 2012-02-25 05:40 337408 ----a-w- c:\windows\SysWow64\mssph.dll 2012-02-25 05:40 . 2012-02-25 05:40 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2012-02-25 05:40 . 2012-02-25 05:40 288256 ----a-w- c:\windows\system32\mssphtb.dll 2012-02-25 05:40 . 2012-02-25 05:40 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 2315776 ----a-w- c:\windows\system32\tquery.dll 2012-02-25 05:40 . 2012-02-25 05:40 2223616 ----a-w- c:\windows\system32\mssrch.dll 2012-02-25 05:40 . 2012-02-25 05:40 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll 2012-02-25 05:40 . 2012-02-25 05:40 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 1549312 ----a-w- c:\windows\SysWow64\tquery.dll 2012-02-25 05:40 . 2012-02-25 05:40 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll 2012-02-25 05:40 . 2012-02-25 05:40 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 976896 ----a-w- c:\windows\system32\inetcomm.dll 2012-02-25 05:40 . 2012-02-25 05:40 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-02-25 05:40 . 2012-02-25 05:40 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2012-02-25 05:40 . 2012-02-25 05:40 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2012-02-25 05:40 . 2012-02-25 05:40 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-02-25 05:40 . 2012-02-25 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2012-02-25 05:40 . 2012-02-25 05:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2012-02-25 05:40 . 2012-02-25 05:40 613888 ----a-w- c:\windows\system32\psisdecd.dll 2012-02-25 05:40 . 2012-02-25 05:40 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-02-25 05:40 . 2012-02-25 05:40 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-02-25 05:40 . 2012-02-25 05:40 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2012-02-25 05:40 . 2012-02-25 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-02-25 05:40 . 2012-02-25 05:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2012-02-25 05:40 . 2012-02-25 05:40 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2012-02-25 05:40 . 2012-02-25 05:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-02-25 05:40 . 2012-02-25 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-02-25 05:40 . 2012-02-25 05:40 294912 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-02-25 05:40 . 2012-02-25 05:40 2871808 ----a-w- c:\windows\explorer.exe 2012-02-25 05:40 . 2012-02-25 05:40 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-02-25 05:40 . 2012-02-25 05:40 2616320 ----a-w- c:\windows\SysWow64\explorer.exe 2012-02-25 05:40 . 2012-02-25 05:40 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2012-02-25 05:40 . 2012-02-25 05:40 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-25 05:40 . 2012-02-25 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-02-25 05:40 . 2012-02-25 05:40 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2012-02-25 05:40 . 2012-02-25 05:40 1395712 ----a-w- c:\windows\system32\mfc42.dll 2012-02-25 05:40 . 2012-02-25 05:40 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2012-02-25 05:40 . 2012-02-25 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2012-02-25 05:40 . 2012-02-25 05:40 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-02-25 05:40 . 2012-02-25 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2012-02-25 05:40 . 2012-02-25 05:40 108032 ----a-w- c:\windows\system32\psisrndr.ax 2012-02-25 05:40 . 2012-02-25 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2012-02-25 05:40 . 2012-02-25 05:40 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-02-25 05:40 . 2012-02-25 05:40 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-25 05:40 . 2012-02-25 05:40 861696 ----a-w- c:\windows\system32\oleaut32.dll 2012-02-25 05:40 . 2012-02-25 05:40 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2012-02-25 05:40 . 2012-02-25 05:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-02-25 05:40 . 2012-02-25 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-25 05:40 . 2012-02-25 05:40 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-02-25 05:40 . 2012-02-25 05:40 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-02-25 05:40 . 2012-02-25 05:40 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2012-02-25 05:40 . 2012-02-25 05:40 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-02-25 05:40 . 2012-02-25 05:40 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-02-25 05:40 . 2012-02-25 05:40 421888 ----a-w- c:\windows\system32\KernelBase.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-10_18.46.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-05-10 21:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-10 18:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-10 21:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-10 18:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-10 21:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-10 18:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-05-10 21:07 41036 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-10 21:07 41066 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-02 01:44 . 2012-05-10 21:12 98488 c:\windows\system32\perfc014.dat - 2012-03-02 01:44 . 2012-05-10 18:45 98488 c:\windows\system32\perfc014.dat + 2012-03-02 01:17 . 2012-05-10 21:12 88106 c:\windows\system32\perfc00D.dat - 2012-03-02 01:17 . 2012-05-10 18:45 88106 c:\windows\system32\perfc00D.dat + 2012-03-02 01:13 . 2012-05-10 21:12 97996 c:\windows\system32\perfc001.dat - 2012-03-02 01:13 . 2012-05-10 18:45 97996 c:\windows\system32\perfc001.dat - 2012-02-29 04:40 . 2012-05-10 16:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-29 04:40 . 2012-05-10 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-29 04:40 . 2012-05-10 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-02-29 04:40 . 2012-05-10 16:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-10 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-10 16:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-02 00:06 . 2012-05-10 21:07 3752 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2901076305-1060788400-636371674-1001_UserData.bin - 2012-05-10 18:26 . 2012-05-10 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-10 21:06 . 2012-05-10 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-10 18:26 . 2012-05-10 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-10 21:06 . 2012-05-10 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-02 01:39 . 2012-05-10 18:45 674092 c:\windows\system32\perfh01D.dat + 2012-03-02 01:39 . 2012-05-10 21:12 674092 c:\windows\system32\perfh01D.dat - 2012-03-02 01:46 . 2012-05-10 18:45 734876 c:\windows\system32\perfh019.dat + 2012-03-02 01:46 . 2012-05-10 21:12 734876 c:\windows\system32\perfh019.dat - 2012-03-02 01:44 . 2012-05-10 18:45 504926 c:\windows\system32\perfh014.dat + 2012-03-02 01:44 . 2012-05-10 21:12 504926 c:\windows\system32\perfh014.dat + 2012-03-02 01:28 . 2012-05-10 21:12 753522 c:\windows\system32\perfh013.dat - 2012-03-02 01:28 . 2012-05-10 18:45 753522 c:\windows\system32\perfh013.dat + 2012-03-02 01:36 . 2012-05-10 21:12 439728 c:\windows\system32\perfh012.dat - 2012-03-02 01:36 . 2012-05-10 18:45 439728 c:\windows\system32\perfh012.dat + 2012-03-02 01:14 . 2012-05-10 21:12 750344 c:\windows\system32\perfh010.dat - 2012-03-02 01:14 . 2012-05-10 18:45 750344 c:\windows\system32\perfh010.dat - 2012-03-02 01:23 . 2012-05-10 18:45 693830 c:\windows\system32\perfh00E.dat + 2012-03-02 01:23 . 2012-05-10 21:12 693830 c:\windows\system32\perfh00E.dat + 2012-03-02 01:17 . 2012-05-10 21:12 403136 c:\windows\system32\perfh00D.dat - 2012-03-02 01:17 . 2012-05-10 18:45 403136 c:\windows\system32\perfh00D.dat - 2012-03-02 01:13 . 2012-05-10 18:45 755808 c:\windows\system32\perfh00C.dat + 2012-03-02 01:13 . 2012-05-10 21:12 755808 c:\windows\system32\perfh00C.dat - 2012-03-02 01:25 . 2012-05-10 18:45 491790 c:\windows\system32\perfh00B.dat + 2012-03-02 01:25 . 2012-05-10 21:12 491790 c:\windows\system32\perfh00B.dat - 2012-03-02 01:20 . 2012-05-10 18:45 755652 c:\windows\system32\perfh00A.dat + 2012-03-02 01:20 . 2012-05-10 21:12 755652 c:\windows\system32\perfh00A.dat - 2009-07-14 02:36 . 2012-05-10 18:45 672700 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-05-10 21:12 672700 c:\windows\system32\perfh009.dat + 2012-03-02 01:41 . 2012-05-10 21:12 617028 c:\windows\system32\perfh008.dat - 2012-03-02 01:41 . 2012-05-10 18:45 617028 c:\windows\system32\perfh008.dat + 2012-03-02 01:10 . 2012-05-10 21:12 707092 c:\windows\system32\perfh007.dat - 2012-03-02 01:10 . 2012-05-10 18:45 707092 c:\windows\system32\perfh007.dat + 2012-03-02 01:34 . 2012-05-10 21:12 678848 c:\windows\system32\perfh005.dat - 2012-03-02 01:34 . 2012-05-10 18:45 678848 c:\windows\system32\perfh005.dat + 2012-03-02 01:13 . 2012-05-10 21:12 489570 c:\windows\system32\perfh001.dat - 2012-03-02 01:13 . 2012-05-10 18:45 489570 c:\windows\system32\perfh001.dat + 2012-03-02 01:39 . 2012-05-10 21:12 145680 c:\windows\system32\perfc01D.dat - 2012-03-02 01:39 . 2012-05-10 18:45 145680 c:\windows\system32\perfc01D.dat + 2012-03-02 01:46 . 2012-05-10 21:12 153686 c:\windows\system32\perfc019.dat - 2012-03-02 01:46 . 2012-05-10 18:45 153686 c:\windows\system32\perfc019.dat + 2012-03-02 01:28 . 2012-05-10 21:12 156122 c:\windows\system32\perfc013.dat - 2012-03-02 01:28 . 2012-05-10 18:45 156122 c:\windows\system32\perfc013.dat + 2012-03-02 01:36 . 2012-05-10 21:12 123688 c:\windows\system32\perfc012.dat - 2012-03-02 01:36 . 2012-05-10 18:45 123688 c:\windows\system32\perfc012.dat - 2012-03-02 01:14 . 2012-05-10 18:45 149994 c:\windows\system32\perfc010.dat + 2012-03-02 01:14 . 2012-05-10 21:12 149994 c:\windows\system32\perfc010.dat - 2012-03-02 01:23 . 2012-05-10 18:45 174190 c:\windows\system32\perfc00E.dat + 2012-03-02 01:23 . 2012-05-10 21:12 174190 c:\windows\system32\perfc00E.dat + 2012-03-02 01:13 . 2012-05-10 21:12 152498 c:\windows\system32\perfc00C.dat - 2012-03-02 01:13 . 2012-05-10 18:45 152498 c:\windows\system32\perfc00C.dat + 2012-03-02 01:25 . 2012-05-10 21:12 104338 c:\windows\system32\perfc00B.dat - 2012-03-02 01:25 . 2012-05-10 18:45 104338 c:\windows\system32\perfc00B.dat + 2012-03-02 01:20 . 2012-05-10 21:12 161530 c:\windows\system32\perfc00A.dat - 2012-03-02 01:20 . 2012-05-10 18:45 161530 c:\windows\system32\perfc00A.dat - 2009-07-14 02:36 . 2012-05-10 18:45 125400 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-05-10 21:12 125400 c:\windows\system32\perfc009.dat - 2012-03-02 01:41 . 2012-05-10 18:45 114198 c:\windows\system32\perfc008.dat + 2012-03-02 01:41 . 2012-05-10 21:12 114198 c:\windows\system32\perfc008.dat - 2012-03-02 01:10 . 2012-05-10 18:45 151988 c:\windows\system32\perfc007.dat + 2012-03-02 01:10 . 2012-05-10 21:12 151988 c:\windows\system32\perfc007.dat - 2012-03-02 01:34 . 2012-05-10 18:45 144302 c:\windows\system32\perfc005.dat + 2012-03-02 01:34 . 2012-05-10 21:12 144302 c:\windows\system32\perfc005.dat + 2012-05-10 19:34 . 2012-05-10 19:34 352176 c:\windows\system32\FNTCACHE.DAT - 2012-05-10 18:26 . 2012-05-10 18:26 352176 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:01 . 2012-05-10 18:25 298528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-10 21:05 298528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-01 20:08 . 2012-05-10 21:05 37816072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2901076305-1060788400-636371674-1001-8192.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\users\michaelrp\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-04-23 402336] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-03-21 89600] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-03-22 15296] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-04-13 575416] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2372096] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272] S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2011-11-01 994064] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 16:39] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901076305-1060788400-636371674-1001Core.job - c:\users\michaelrp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 02:50] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901076305-1060788400-636371674-1001UA.job - c:\users\michaelrp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 02:50] . 2012-03-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\AlienAutopsy\uaclauncher.exe [2012-02-07 23:24] . 2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\AlienAutopsy\uaclauncher.exe [2012-02-07 23:24] . . --------- x86-64 ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.orbitdownloader.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\michaelrp\AppData\Roaming\Mozilla\Firefox\Profiles\5om7u5hj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.pinoypinay.tv/videos FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2901076305-1060788400-636371674-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFCF35CD-3309-B6C8-8B8B-B688139B5834}*] "jbdbldihdmojaplakaihnknfbimmhlaikjgofmjfamgknenllcll"=hex:68,61,68,64,66,6e, 66,68,63,67,6b,6c,6c,6c,63,65,00,00 "dbdbldihdmojaplakaihlkicbmlakhahmgghicpm"=hex:62,61,6f,70,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-10 14:36:38 ComboFix-quarantined-files.txt 2012-05-10 21:36 ComboFix2.txt 2012-05-10 18:48 . Pre-Run: 125,811,314,688 bytes free Post-Run: 125,556,989,952 bytes free . - - End Of File - - 8517F4BE3642ECBCE4A5C31EE9BA59BA
  4. DDS.txt This is my first time posting and hope that I can be helped. My son's laptop has been infected by SMART HDD. All of the files are hidden. I do not know if he deleted any temp files before asking me for help. I tried, RKill, TDS rootkiller, and tried to use MBAMvirus removal. I ran RKill about 10 times while leaving the "warnings" open as I kept running it. I followed all the directions. Also, should I have my son stop using the laptop to go online until SMART HDD is still on it? He plays WOW and I am assuming this is why he keeps getting adware...Is that safe to say? Thank you for your assistance! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by FIXED at 12:27:43 on 2012-04-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1571 [GMT -7:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\sysWOW64\svchost.exe -k netsvc C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\RgWtsvfNRFiS.exe C:\windows\system32\igfxext.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\ProgramData\ct4yZIq59QHAej.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\DllHost.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/g/ uDefault_Page_URL = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local>;*.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [fdafebbfcbbecdct] "C:\ProgramData\fdafebbfcbbecdct.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe mRun: [RgWtsvfNRFiS.exe] C:\ProgramData\RgWtsvfNRFiS.exe dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe dRun: [fdafebbfcbbecdct] "C:\ProgramData\fdafebbfcbbecdct.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: mswsock.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\0556163656026202C4F66756 : DhcpNameServer = 192.168.7.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\2375942554032313 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\2375942554734393 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\8686F6E6F62737 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{AEA65422-7736-4FA7-A989-0935EC6BCD79} : DhcpNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe mRun-x64: [RgWtsvfNRFiS.exe] C:\ProgramData\RgWtsvfNRFiS.exe Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-12-17 1156216] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111216.001\IDSviA64.sys [2011-12-17 488568] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-6-24 135608] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-24 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 SPService;SPService;C:\windows\sysWOW64\svchost.exe -k netsvc --> C:\windows\sysWOW64\svchost.exe -k netsvc [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-24 2656280] R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-18 138360] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-24 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-19 02:32:56 -------- d--h--w- C:\TDSSKiller_Quarantine 2012-04-19 01:55:35 744590 ---ha-w- C:\windows\System32\PerfStringBackup.TMP 2012-04-17 01:18:12 220672 ---ha-w- C:\ProgramData\ct4yZIq59QHAej.exe 2012-04-17 01:06:00 -------- d--h--w- C:\Users\FIXED\AppData\Roaming\Tific 2012-04-17 01:05:48 -------- d--h--w- C:\Users\FIXED\AppData\Local\Symantec 2012-04-16 20:14:46 0 --sha-w- C:\windows\System32\dds_trash_log.cmd 2012-04-16 14:14:28 -------- d-----we C:\windows\system64 2012-04-16 14:10:00 300032 ---ha-w- C:\ProgramData\RgWtsvfNRFiS.exe 2012-04-16 14:07:59 86016 ---ha-w- C:\ProgramData\fdafebbfcbbecdct.exe 2012-04-16 07:27:38 20480 ---ha-w- C:\windows\svchost.exe 2012-04-14 13:59:46 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-14 13:59:45 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-14 13:59:45 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-12 13:13:18 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-12 13:13:17 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-12 13:13:17 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-12 13:13:17 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-12 13:13:17 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-12 13:13:17 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-12 13:13:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-08 15:47:19 -------- d--h--w- C:\Program Files (x86)\AT&T WorldNet Setup 2012-04-08 15:42:26 -------- d--h--w- C:\Sierra 2012-04-08 15:41:15 225280 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-04-08 15:41:14 77824 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-04-08 15:41:14 32768 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-04-08 15:41:14 176128 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-04-08 15:41:13 21840 ---hatw- C:\windows\SysWow64\SIntfNT.dll 2012-04-08 15:41:13 17212 ---hatw- C:\windows\SysWow64\SIntf32.dll 2012-04-08 15:41:13 12067 ---hatw- C:\windows\SysWow64\SIntf16.dll 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files\iTunes 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files\iPod 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files (x86)\iTunes 2012-04-05 07:52:43 -------- d--h--w- C:\Program Files\Bonjour 2012-04-05 07:52:43 -------- d--h--w- C:\Program Files (x86)\Bonjour 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-04-05 03:36:15 -------- d--h--w- C:\Users\FIXED\AppData\Roaming\WildTangent 2012-04-05 03:33:21 -------- d--h--w- C:\Program Files (x86)\WildGames 2012-04-05 02:54:57 86528 ---ha-w- C:\windows\bnetunin.exe 2012-04-05 02:54:57 61440 ---ha-w- C:\windows\diabunin.exe 2012-04-05 02:54:52 -------- d--h--w- C:\Diablo 2012-04-03 22:19:33 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symefa64.sys 2012-04-03 22:19:33 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtsp64.sys 2012-04-03 22:19:33 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symds64.sys 2012-04-03 22:19:33 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtspx64.sys 2012-04-03 22:19:33 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symnets.sys 2012-04-03 22:19:33 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\ironx64.sys 2012-04-03 22:19:24 -------- d-----w- C:\windows\System32\drivers\NISx64\1207010.003 2012-03-29 14:05:05 8741536 ---ha-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-29 13:56:14 418464 ---ha-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-03-28 00:40:39 -------- d--h--w- C:\Users\FIXED\AppData\Local\Apple Computer 2012-03-28 00:40:29 34152 ---ha-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2012-03-28 00:40:29 126312 ---ha-w- C:\windows\System32\GEARAspi64.dll 2012-03-28 00:40:29 107368 ---ha-w- C:\windows\SysWow64\GEARAspi.dll 2012-03-28 00:40:03 -------- d--h--w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-03-28 00:38:46 -------- d--h--w- C:\Users\FIXED\AppData\Local\Apple . ==================== Find3M ==================== . 2012-04-14 04:00:52 70304 ---ha-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 22:56:40 24904 ---ha-w- C:\windows\System32\drivers\mbam.sys 2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-15 18:01:50 52736 ---ha-w- C:\windows\System32\drivers\usbaapl64.sys 2012-02-15 18:01:50 4547944 ---ha-w- C:\windows\System32\usbaaplrc.dll 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-07 02:30:21 525544 ---ha-w- C:\windows\System32\deployJava1.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 12:28:18.20 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.