(I hope I have followed all posting instructions correctly, if not, apologies in advance)
Hello,
I sincerely appreciate everyone's efforts on this forum, I have been helped many times, but am now so deep in trouble I need some direct help. Any and all help very appreciated, though please don't let me interrupt holidays...what is an emergency to me is not worth more than time with your friends and family. Ok, here goes....
THE MACHINE
Samsung RC512-S02 refurb, had for a year, but had to have HD replaced with a 1TB 6 months ago due to HD Failure. Generic windows was installed and I did install all of the Samsung custom drivers and software, but it has never really run as well as it originally did. I have Norton Security (through Comcast), and use IOLO System Mechanic for maintenance. Unfortunately, I do not have an original set of recovery discs, I do have a Seagate Memeo backup from before "the problem" but it cannot do a full system reinstall (at least I don't think it can)
THE PROBLEM
I was looking for a copy of my thermostat instructions, and was instructed to download a PDF reader, I know, I know, I shouldn't have, but I was in a hurry, rushed through the install, and though I noticed they tried to install a Mocaflix toolbar, I had already clicked through the Mocaflix default search engine and then all went haywire. A blank search page became my default home page on IE, and performance plummeted.
A LITTLE KNOWLEDGE IS DANGEROUS
I guess I still did not believe I was so dumb as to install Malware, so I went to add-ons and now had two add-ons called "SAVEAS" enabled. DISABLE and DELETE are grayed out. I went to explorer, found the pdfreader file and clicked on uninstall, of course it did not uninstall, who knows what additional damage was caused. I deleted the whole PDFreader file. I ran anti-malware, Norton, and Windows Malware detection tool, but no luck. I also tried to follow another post and delete some of the mocaflix associated registry keys, but knew it was time to give up because my current symptoms are:
- IE Freezes
- IE still had SAVEAS add-ons enabled, unable to DISABLE or DELETE
- Overall system runs painfully slow and freezes
- Movies hang, freeze constantly in both VLC and WMP
- BSOD many times a day, every few minutes during movies
I hope you can help and thank you in advance for any assistance. Just to confirm, it is best to wait till this malware is cleared up prior to posting on BSOD forum, correct? Thank you, thank you, thank you. I have attached the ATTACH.ZIP and the DDS.TXT follows....
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Richard Autz at 5:17:00 on 2012-12-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.3048 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Rebit 5\Rebit-5-Svc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\SFT\GuardedID\gidd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Rebit 5\DashUI.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.eztv.it/
mStart Page = hxxp://www.google.com
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {262420CD-0C05-6A9C-8F5F-F8A14A0A817D} - <orphaned>
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll
BHO: {6F803AD0-167E-002E-3DFF-67D76FD9B3C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1002.3\NativeBHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MySync] C:\Program Files (x86)\MySync for GoFlex Home\MySync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to iPhone Converter - C:\Users\Richard Autz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 24.205.192.61 24.205.224.36
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273} : DHCPNameServer = 24.205.192.61 24.205.224.36
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\2416976596567794E6E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\331413 : DHCPNameServer = 192.168.7.1
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\A4240214962707F6274702537484A7 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\F4365616E616 : DHCPNameServer = 8.8.8.8 4.2.2.1 4.2.2.2
TCP: Interfaces\{CBE5BAB9-94DC-48A6-98A2-0ACE59D475BB} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard Autz\AppData\Roaming\Mozilla\Firefox\Profiles\gi996pvt.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Richard Autz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-06-25 15:27; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-9-15 30056]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-12-16 413448]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-12-16 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-12-16 1096176]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-6-19 17720]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-9 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-9 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-9 167072]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-9-29 30752]
R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2012-6-23 29288]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121221.001\IDSviA64.sys [2012-12-21 513184]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2012-12-16 347016]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-12-16 253256]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2012-10-2 13824]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-9 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-9 405624]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-12-17 580728]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-11-30 514048]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-21 1053184]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-16 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-19 676936]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-4-6 25824]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe [2012-10-9 138272]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-9-29 82160]
R2 Rebit-5-Svc;Rebit 5 Svc;C:\Program Files\Rebit 5\Rebit-5-Svc.exe [2011-6-9 3422456]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-11-30 979456]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-11-30 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-11-30 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-11-30 84992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-13 138912]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-25 258896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-19 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-12-17 77144]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-13 425064]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-9 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
S3 pctplsm;pctplsm;C:\Windows\System32\drivers\pctplsm64.sys [2012-12-16 87968]
S3 PSMNBUS;Pantech Android USB Composite Device Ver1 Driver;C:\Windows\System32\drivers\PSMNBUS.sys [2012-7-6 102784]
S3 PSMNMDM;Pantech Android USB Modem Ver1 Drivers;C:\Windows\System32\drivers\PSMNMDM.sys [2012-7-6 183680]
S3 PSMNOBEX;Pantech Android USB OBEX Device Ver1;C:\Windows\System32\drivers\PSMNOBEX.sys [2012-7-6 183680]
S3 PSMNVSP;Pantech Android USB Serial Port Ver1;C:\Windows\System32\drivers\PSMNVSP.sys [2012-7-6 183552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-12-16 403416]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-12-16 1162360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-19 1255736]
S4 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-3 61552]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
.
=============== Created Last 30 ================
.
2012-12-23 17:58:53 -------- d-----w- C:\Users\Richard Autz\The Official UK Top 40 Singles Chart 16-12-2012
2012-12-22 13:24:48 -------- d-----w- C:\Users\Richard Autz\Harry.Potter.And.The.Chamber.Of.Secrets.2002.BluRay.720p.H264
2012-12-22 12:56:25 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2012-12-22 12:56:15 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-12-22 12:55:58 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2012-12-22 12:55:43 -------- d-----w- C:\Program Files (x86)\Application Verifier
2012-12-22 12:55:42 -------- d-----w- C:\Program Files\Application Verifier (x64)
2012-12-22 12:53:53 -------- d-----w- C:\Debuggers
2012-12-21 11:03:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 11:03:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 11:03:48 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 11:03:47 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-20 12:33:51 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-12-19 07:05:16 -------- d-----w- C:\Users\Richard Autz\AppData\Local\Diagnostics
2012-12-17 10:32:47 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-12-17 10:27:26 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-12-17 10:27:26 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-12-17 10:27:26 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-12-17 10:27:26 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-12-17 10:27:26 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-12-17 10:27:26 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-12-17 10:27:26 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-12-17 10:27:25 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-12-17 10:27:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-12-17 10:27:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-12-17 10:27:23 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-12-17 09:03:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-17 08:53:21 -------- d-s---w- C:\ComboFix
2012-12-17 08:27:29 98816 ----a-w- C:\Windows\sed.exe
2012-12-17 08:27:29 256000 ----a-w- C:\Windows\PEV.exe
2012-12-17 08:27:29 208896 ----a-w- C:\Windows\MBR.exe
2012-12-17 08:00:00 77144 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-12-17 08:00:00 769144 ----a-w- C:\Windows\BDTSupport.dll
2012-12-17 08:00:00 150648 ----a-w- C:\Windows\SGDetectionTool.dll
2012-12-17 07:59:59 2280568 ----a-w- C:\Windows\PCTBDCore.dll
2012-12-17 07:59:59 1690744 ----a-w- C:\Windows\PCTBDRes.dll
2012-12-17 07:58:25 347016 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-12-17 07:58:25 258424 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-12-17 07:58:20 16392 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-12-17 07:58:14 93600 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-12-17 07:58:14 87968 ----a-w- C:\Windows\System32\drivers\pctplsm64.sys
2012-12-17 07:58:08 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-12-17 07:53:55 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-12-17 07:53:55 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-12-17 07:53:54 413448 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-12-17 07:53:52 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-12-17 07:53:51 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-12-17 07:53:25 -------- d-----w- C:\ProgramData\PC Tools
2012-12-17 07:53:24 -------- d-----w- C:\Users\Richard Autz\AppData\Roaming\TestApp
2012-12-17 00:41:38 -------- d-----w- C:\Windows\ERUNT
2012-12-17 00:41:32 -------- d-----w- C:\JRT
2012-12-16 20:54:49 -------- d-----w- C:\ProgramData\%Installer_PublisherName%
2012-12-15 07:49:37 -------- d-----w- C:\Users\Richard Autz\.ssh
2012-12-15 07:49:36 -------- d-----w- C:\Users\Richard Autz\.unison
2012-12-14 17:43:31 -------- d-----w- C:\Program Files (x86)\MySync for GoFlex Home
2012-12-14 09:54:56 -------- d-----w- C:\Program Files (x86)\PFPortChecker
2012-12-14 07:06:24 -------- d-----w- C:\Program Files\iPod
2012-12-14 07:06:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-14 07:06:23 -------- d-----w- C:\Program Files\iTunes
2012-12-13 04:47:47 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-13 04:47:47 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-12 10:05:05 -------- d-----w- C:\Windows\[SystemFolder]
2012-12-12 10:05:04 -------- d-----w- C:\Program Files\Memeo
2012-12-10 05:39:43 -------- d-----w- C:\Users\Richard Autz\AppData\Roaming\Seagate
2012-12-10 05:33:54 -------- d-----w- C:\Program Files (x86)\Seagate
2012-12-09 05:41:42 -------- d-----w- C:\Users\Richard Autz\AppData\Local\{D684763F-AF72-4510-A677-793BABBFDC01}
2012-12-08 21:03:22 -------- d-----w- C:\ProgramData\MemeoCommon
2012-12-08 21:02:04 -------- d-----w- C:\Users\Richard Autz\AppData\Roaming\Memeo
2012-12-08 20:56:21 -------- d-----w- C:\Program Files (x86)\Common Files\Memeo
2012-12-08 20:56:16 -------- d-----w- C:\Program Files (x86)\Memeo
2012-12-03 07:31:35 -------- d--h--w- C:\SkyDriveTemp
2012-11-25 22:00:10 -------- d-----w- C:\Windows\en
2012-11-25 21:57:23 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-11-25 21:57:23 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-11-25 21:57:23 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-11-25 21:57:23 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-11-25 21:57:21 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-11-25 21:57:20 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-11-25 21:57:20 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-11-25 21:56:57 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-11-25 21:56:57 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-11-25 21:56:38 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-11-25 21:56:38 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-11-25 21:53:53 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5bf7b8771cdcb5703\DSETUP.dll
2012-11-25 21:53:53 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5bf7b8771cdcb5703\DXSETUP.exe
2012-11-25 21:53:53 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5bf7b8771cdcb5703\dsetup32.dll
2012-11-25 21:53:43 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5636dba61cdcb5702\DSETUP.dll
2012-11-25 21:53:43 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5636dba61cdcb5702\DXSETUP.exe
2012-11-25 21:53:43 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5636dba61cdcb5702\dsetup32.dll
2012-11-25 21:53:42 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\557fbdf71cdcb5701\DSETUP.dll
2012-11-25 21:53:42 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\557fbdf71cdcb5701\DXSETUP.exe
2012-11-25 21:53:42 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\557fbdf71cdcb5701\dsetup32.dll
.
==================== Find3M ====================
.
2012-12-12 10:53:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 10:53:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 07:58:00 57144 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-12-07 07:57:52 25744 ----a-w- C:\Windows\System32\smrgdf.exe
2012-12-07 07:42:56 2155248 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-12-07 07:42:54 2097032 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-06 21:23:22 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-06 21:23:21 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-06 21:23:21 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 08:54:34 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-09-28 18:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-09-28 18:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 5:20:28.33 ===============
Hello,
I sincerely appreciate everyone's efforts on this forum, I have been helped many times, but am now so deep in trouble I need some direct help. Any and all help very appreciated, though please don't let me interrupt holidays...what is an emergency to me is not worth more than time with your friends and family. Ok, here goes....
THE MACHINE
Samsung RC512-S02 refurb, had for a year, but had to have HD replaced with a 1TB 6 months ago due to HD Failure. Generic windows was installed and I did install all of the Samsung custom drivers and software, but it has never really run as well as it originally did. I have Norton Security (through Comcast), and use IOLO System Mechanic for maintenance. Unfortunately, I do not have an original set of recovery discs, I do have a Seagate Memeo backup from before "the problem" but it cannot do a full system reinstall (at least I don't think it can)
THE PROBLEM
I was looking for a copy of my thermostat instructions, and was instructed to download a PDF reader, I know, I know, I shouldn't have, but I was in a hurry, rushed through the install, and though I noticed they tried to install a Mocaflix toolbar, I had already clicked through the Mocaflix default search engine and then all went haywire. A blank search page became my default home page on IE, and performance plummeted.
A LITTLE KNOWLEDGE IS DANGEROUS
I guess I still did not believe I was so dumb as to install Malware, so I went to add-ons and now had two add-ons called "SAVEAS" enabled. DISABLE and DELETE are grayed out. I went to explorer, found the pdfreader file and clicked on uninstall, of course it did not uninstall, who knows what additional damage was caused. I deleted the whole PDFreader file. I ran anti-malware, Norton, and Windows Malware detection tool, but no luck. I also tried to follow another post and delete some of the mocaflix associated registry keys, but knew it was time to give up because my current symptoms are:
- IE Freezes
- IE still had SAVEAS add-ons enabled, unable to DISABLE or DELETE
- Overall system runs painfully slow and freezes
- Movies hang, freeze constantly in both VLC and WMP
- BSOD many times a day, every few minutes during movies
I hope you can help and thank you in advance for any assistance. Just to confirm, it is best to wait till this malware is cleared up prior to posting on BSOD forum, correct? Thank you, thank you, thank you. I have attached the ATTACH.ZIP and the DDS.TXT follows....
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Richard Autz at 5:17:00 on 2012-12-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.3048 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Rebit 5\Rebit-5-Svc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\SFT\GuardedID\gidd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Rebit 5\DashUI.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Richard Autz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.eztv.it/
mStart Page = hxxp://www.google.com
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {262420CD-0C05-6A9C-8F5F-F8A14A0A817D} - <orphaned>
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll
BHO: {6F803AD0-167E-002E-3DFF-67D76FD9B3C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1002.3\NativeBHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MySync] C:\Program Files (x86)\MySync for GoFlex Home\MySync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to iPhone Converter - C:\Users\Richard Autz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 24.205.192.61 24.205.224.36
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273} : DHCPNameServer = 24.205.192.61 24.205.224.36
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\2416976596567794E6E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\331413 : DHCPNameServer = 192.168.7.1
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\A4240214962707F6274702537484A7 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{AB5B917B-A197-4746-B836-57A11C3F4273}\F4365616E616 : DHCPNameServer = 8.8.8.8 4.2.2.1 4.2.2.2
TCP: Interfaces\{CBE5BAB9-94DC-48A6-98A2-0ACE59D475BB} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard Autz\AppData\Roaming\Mozilla\Firefox\Profiles\gi996pvt.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Richard Autz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-06-25 15:27; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-9-15 30056]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-12-16 413448]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-12-16 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-12-16 1096176]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-6-19 17720]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-9 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-9 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-9 167072]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-9-29 30752]
R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2012-6-23 29288]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121221.001\IDSviA64.sys [2012-12-21 513184]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2012-12-16 347016]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-12-16 253256]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2012-10-2 13824]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-9 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-9 405624]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-12-17 580728]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-11-30 514048]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-21 1053184]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-16 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-19 676936]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-4-6 25824]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe [2012-10-9 138272]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-9-29 82160]
R2 Rebit-5-Svc;Rebit 5 Svc;C:\Program Files\Rebit 5\Rebit-5-Svc.exe [2011-6-9 3422456]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-11-30 979456]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-11-30 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-11-30 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-11-30 84992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-13 138912]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-25 258896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-19 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-12-17 77144]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-13 425064]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-9 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
S3 pctplsm;pctplsm;C:\Windows\System32\drivers\pctplsm64.sys [2012-12-16 87968]
S3 PSMNBUS;Pantech Android USB Composite Device Ver1 Driver;C:\Windows\System32\drivers\PSMNBUS.sys [2012-7-6 102784]
S3 PSMNMDM;Pantech Android USB Modem Ver1 Drivers;C:\Windows\System32\drivers\PSMNMDM.sys [2012-7-6 183680]
S3 PSMNOBEX;Pantech Android USB OBEX Device Ver1;C:\Windows\System32\drivers\PSMNOBEX.sys [2012-7-6 183680]
S3 PSMNVSP;Pantech Android USB Serial Port Ver1;C:\Windows\System32\drivers\PSMNVSP.sys [2012-7-6 183552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-12-16 403416]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-12-16 1162360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-19 1255736]
S4 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-3 61552]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
.
=============== Created Last 30 ================
.
2012-12-23 17:58:53 -------- d-----w- C:\Users\Richard Autz\The Official UK Top 40 Singles Chart 16-12-2012
2012-12-22 13:24:48 -------- d-----w- C:\Users\Richard Autz\Harry.Potter.And.The.Chamber.Of.Secrets.2002.BluRay.720p.H264
2012-12-22 12:56:25 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2012-12-22 12:56:15 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-12-22 12:55:58 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2012-12-22 12:55:43 -------- d-----w- C:\Program Files (x86)\Application Verifier
2012-12-22 12:55:42 -------- d-----w- C:\Program Files\Application Verifier (x64)
2012-12-22 12:53:53 -------- d-----w- C:\Debuggers
2012-12-21 11:03:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 11:03:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 11:03:48 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 11:03:47 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-20 12:33:51 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-12-19 07:05:16 -------- d-----w- C:\Users\Richard Autz\AppData\Local\Diagnostics
2012-12-17 10:32:47 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-12-17 10:27:26 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-12-17 10:27:26 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-12-17 10:27:26 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-12-17 10:27:26 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-12-17 10:27:26 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-12-17 10:27:26 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-12-17 10:27:26 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-12-17 10:27:25 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-12-17 10:27:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-12-17 10:27:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-12-17 10:27:23 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-12-17 09:03:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-17 08:53:21 -------- d-s---w- C:\ComboFix
2012-12-17 08:27:29 98816 ----a-w- C:\Windows\sed.exe
2012-12-17 08:27:29 256000 ----a-w- C:\Windows\PEV.exe
2012-12-17 08:27:29 208896 ----a-w- C:\Windows\MBR.exe
2012-12-17 08:00:00 77144 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-12-17 08:00:00 769144 ----a-w- C:\Windows\BDTSupport.dll
2012-12-17 08:00:00 150648 ----a-w- C:\Windows\SGDetectionTool.dll
2012-12-17 07:59:59 2280568 ----a-w- C:\Windows\PCTBDCore.dll
2012-12-17 07:59:59 1690744 ----a-w- C:\Windows\PCTBDRes.dll
2012-12-17 07:58:25 347016 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-12-17 07:58:25 258424 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-12-17 07:58:20 16392 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-12-17 07:58:14 93600 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-12-17 07:58:14 87968 ----a-w- C:\Windows\System32\drivers\pctplsm64.sys
2012-12-17 07:58:08 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-12-17 07:53:55 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-12-17 07:53:55 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-12-17 07:53:54 413448 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-12-17 07:53:52 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-12-17 07:53:51 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-12-17 07:53:25 -------- d-----w- C:\ProgramData\PC Tools
2012-12-17 07:53:24 -------- d-----w- C:\Users\Richard Autz\AppData\Roaming\TestApp
2012-12-17 00:41:38 -------- d-----w- C:\Windows\ERUNT
2012-12-17 00:41:32 -------- d-----w- C:\JRT
2012-12-16 20:54:49 -------- d-----w- C:\ProgramData\%Installer_PublisherName%
2012-12-15 07:49:37 -------- d-----w- C:\Users\Richard Autz\.ssh
2012-12-15 07:49:36 -------- d-----w- C:\Users\Richard Autz\.unison
2012-12-14 17:43:31 -------- d-----w- C:\Program Files (x86)\MySync for GoFlex Home
2012-12-14 09:54:56 -------- d-----w- C:\Program Files (x86)\PFPortChecker
2012-12-14 07:06:24 -------- d-----w- C:\Program Files\iPod
2012-12-14 07:06:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-14 07:06:23 -------- d-----w- C:\Program Files\iTunes
2012-12-13 04:47:47 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-13 04:47:47 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-12 10:05:05 -------- d-----w- C:\Windows\[SystemFolder]
2012-12-12 10:05:04 -------- d-----w- C:\Program Files\Memeo
2012-12-10 05:39:43 -------- d-----w- C:\Users\Richard Autz\AppData\Roaming\Seagate
2012-12-10 05:33:54 -------- d-----w- C:\Program Files (x86)\Seagate
2012-12-09 05:41:42 -------- d-----w- C:\Users\Richard Autz\AppData\Local\{D684763F-AF72-4510-A677-793BABBFDC01}
2012-12-08 21:03:22 -------- d-----w- C:\ProgramData\MemeoCommon
2012-12-08 21:02:04 -------- d-----w- C:\Users\Richard Autz\AppData\Roaming\Memeo
2012-12-08 20:56:21 -------- d-----w- C:\Program Files (x86)\Common Files\Memeo
2012-12-08 20:56:16 -------- d-----w- C:\Program Files (x86)\Memeo
2012-12-03 07:31:35 -------- d--h--w- C:\SkyDriveTemp
2012-11-25 22:00:10 -------- d-----w- C:\Windows\en
2012-11-25 21:57:23 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-11-25 21:57:23 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-11-25 21:57:23 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-11-25 21:57:23 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-11-25 21:57:21 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-11-25 21:57:20 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-11-25 21:57:20 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-11-25 21:56:57 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-11-25 21:56:57 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-11-25 21:56:38 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-11-25 21:56:38 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-11-25 21:53:53 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5bf7b8771cdcb5703\DSETUP.dll
2012-11-25 21:53:53 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5bf7b8771cdcb5703\DXSETUP.exe
2012-11-25 21:53:53 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5bf7b8771cdcb5703\dsetup32.dll
2012-11-25 21:53:43 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5636dba61cdcb5702\DSETUP.dll
2012-11-25 21:53:43 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5636dba61cdcb5702\DXSETUP.exe
2012-11-25 21:53:43 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5636dba61cdcb5702\dsetup32.dll
2012-11-25 21:53:42 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\557fbdf71cdcb5701\DSETUP.dll
2012-11-25 21:53:42 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\557fbdf71cdcb5701\DXSETUP.exe
2012-11-25 21:53:42 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\557fbdf71cdcb5701\dsetup32.dll
.
==================== Find3M ====================
.
2012-12-12 10:53:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 10:53:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 07:58:00 57144 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-12-07 07:57:52 25744 ----a-w- C:\Windows\System32\smrgdf.exe
2012-12-07 07:42:56 2155248 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-12-07 07:42:54 2097032 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-06 21:23:22 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-06 21:23:21 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-06 21:23:21 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 08:54:34 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-09-28 18:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-09-28 18:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 5:20:28.33 ===============