Snap.do has hijacked all browsers: chrome, mozilla and explorer. I have followed the instructions for Malware removal help. I do not have access to a windows install disc or boot CD. DDS text below:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by acarn4154 at 15:03:34 on 2014-01-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.20 [GMT 0:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Documents and Settings\anne.carney\Local Settings\Application Data\Smartbar\Application\QuickShare.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=hp&installDate=03/10/2013
uSearch Bar = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&q={searchTerms}&installDate=03/10/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&q={searchTerms}&installDate=03/10/2013
uDefault_Page_URL = hxxp://www.sln.org.uk
uProxyServer = proxy.staffs.ifl.net:8080
uProxyOverride = 10.*.*.*;*.intra.staffordshire.gov.uk;scc*.staffordshire.gov.uk
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&q={searchTerms}&installDate=03/10/2013
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHarm.dll
BHO: ArcadeFrontier Addon: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - c:\documents and settings\anne.carney\local settings\application data\arcadefrontier\ArcadeFrontier.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Harmony Hollow Software Toolbar: {3806B089-6759-411D-B2C3-B7995A9F34D7} - c:\program files\harmony_hollow_software\tbHarm.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHarm.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [Browser Infrastructure Helper] c:\documents and settings\anne.carney\local settings\application data\smartbar\application\QuickShare.exe startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [TPSMain] TPSMain.exe
mRun: [Zooming] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WinVNC] "c:\program files\staffsict_vnc\WinVNC.exe" -servicehelper
mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CentraStage] c:\program files\centrastage\Gui.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript c:\windows\installer\tsclientmsitrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "c:\windows\installer\tsclientmsitrans\tscdsbl.bat"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisablePersonalDirChange = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C2158B35-73AB-4899-80F3-785835799C40} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EF036D58-1C7B-439C-B4D5-20A211C6F437} : NameServer = 10.133.239.128,10.127.1.11,10.127.1.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\saphtmlp.dll
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\saphtmlp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anne.carney\application data\mozilla\firefox\profiles\llkoirrt.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=hp&installDate=03/10/2013
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&installDate=03/10/2013&q=
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-20 20:08; {087895b3-6288-dde8-1ff0-410e2902e548}; c:\documents and settings\anne.carney\application data\mozilla\firefox\profiles\llkoirrt.default\extensions\{087895b3-6288-dde8-1ff0-410e2902e548}
FF - ExtSQL: 2013-12-19 18:10; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? COH_Mon;COH_Mon
R? McComponentHostService;McAfee Security Scan Component Host Service
R? Staffs ICT Secure Tunnel;Staffs ICT Secure Tunnel
R? TpChoice;Touch Pad Detection Filter driver
R? WDC_SAM;WD SCSI Pass Thru driver
R? WinRM;Windows Remote Management (WS-Management)
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? Fitbit Connect;Fitbit Connect Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? Symantec AntiVirus;Symantec Endpoint Protection
S? tdudf;TOSHIBA UDF File System Driver
S? trudf;TOSHIBA DVD-RAM UDF File System Driver
S? vnccom;vnccom
S? WajamUpdater;WajamUpdater
S? WDDMService;WD SmartWare Drive Manager
S? WDSmartWareBackgroundService;WD SmartWare Background Service
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== Created Last 30 ================
.
2014-01-09 21:44:30 -------- d-----w- c:\documents and settings\anne.carney\application data\Malwarebytes
2014-01-09 21:44:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-01-09 21:44:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-09 21:44:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-19 18:13:24 -------- d-----w- c:\documents and settings\anne.carney\application data\RealNetworks
2013-12-19 18:10:38 -------- d-----w- c:\program files\RealNetworks
2013-12-19 18:10:36 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2013-12-19 18:07:00 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2013-12-10 21:57:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 21:57:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 23:00:22 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
.
============= FINISH: 15:07:48.87 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by acarn4154 at 15:03:34 on 2014-01-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.20 [GMT 0:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Documents and Settings\anne.carney\Local Settings\Application Data\Smartbar\Application\QuickShare.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=hp&installDate=03/10/2013
uSearch Bar = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&q={searchTerms}&installDate=03/10/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&q={searchTerms}&installDate=03/10/2013
uDefault_Page_URL = hxxp://www.sln.org.uk
uProxyServer = proxy.staffs.ifl.net:8080
uProxyOverride = 10.*.*.*;*.intra.staffordshire.gov.uk;scc*.staffordshire.gov.uk
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&q={searchTerms}&installDate=03/10/2013
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHarm.dll
BHO: ArcadeFrontier Addon: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - c:\documents and settings\anne.carney\local settings\application data\arcadefrontier\ArcadeFrontier.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Harmony Hollow Software Toolbar: {3806B089-6759-411D-B2C3-B7995A9F34D7} - c:\program files\harmony_hollow_software\tbHarm.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHarm.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [Browser Infrastructure Helper] c:\documents and settings\anne.carney\local settings\application data\smartbar\application\QuickShare.exe startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [TPSMain] TPSMain.exe
mRun: [Zooming] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WinVNC] "c:\program files\staffsict_vnc\WinVNC.exe" -servicehelper
mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CentraStage] c:\program files\centrastage\Gui.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript c:\windows\installer\tsclientmsitrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "c:\windows\installer\tsclientmsitrans\tscdsbl.bat"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisablePersonalDirChange = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C2158B35-73AB-4899-80F3-785835799C40} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EF036D58-1C7B-439C-B4D5-20A211C6F437} : NameServer = 10.133.239.128,10.127.1.11,10.127.1.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\saphtmlp.dll
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\saphtmlp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anne.carney\application data\mozilla\firefox\profiles\llkoirrt.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=hp&installDate=03/10/2013
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=087895b3-6288-dde8-1ff0-410e2902e548&searchtype=ds&installDate=03/10/2013&q=
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-20 20:08; {087895b3-6288-dde8-1ff0-410e2902e548}; c:\documents and settings\anne.carney\application data\mozilla\firefox\profiles\llkoirrt.default\extensions\{087895b3-6288-dde8-1ff0-410e2902e548}
FF - ExtSQL: 2013-12-19 18:10; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? COH_Mon;COH_Mon
R? McComponentHostService;McAfee Security Scan Component Host Service
R? Staffs ICT Secure Tunnel;Staffs ICT Secure Tunnel
R? TpChoice;Touch Pad Detection Filter driver
R? WDC_SAM;WD SCSI Pass Thru driver
R? WinRM;Windows Remote Management (WS-Management)
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? Fitbit Connect;Fitbit Connect Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? Symantec AntiVirus;Symantec Endpoint Protection
S? tdudf;TOSHIBA UDF File System Driver
S? trudf;TOSHIBA DVD-RAM UDF File System Driver
S? vnccom;vnccom
S? WajamUpdater;WajamUpdater
S? WDDMService;WD SmartWare Drive Manager
S? WDSmartWareBackgroundService;WD SmartWare Background Service
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== Created Last 30 ================
.
2014-01-09 21:44:30 -------- d-----w- c:\documents and settings\anne.carney\application data\Malwarebytes
2014-01-09 21:44:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-01-09 21:44:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-09 21:44:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-19 18:13:24 -------- d-----w- c:\documents and settings\anne.carney\application data\RealNetworks
2013-12-19 18:10:38 -------- d-----w- c:\program files\RealNetworks
2013-12-19 18:10:36 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2013-12-19 18:07:00 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2013-12-10 21:57:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 21:57:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 23:00:22 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
.
============= FINISH: 15:07:48.87 ===============