Hi all,
I am adding this problem on behalf of a friend who has asked for her latop to be looked at. For some reason, the laptop hard drive seems to hang in normal mode. It will run for a good ten, twenty mins at best before the hard drive light switches off and the laptop crashes. In safe mode, it doesnt seem to crash nearly as often.
I have added the two dds reports but the GMER program doesnt seem to scan properly, rather it seems to crash. I left it running the report for hours and it still didnt work. Ran laptop in safe mode and tried again and hours later, still no joy. Any suggestions? I had posted this in the hard drive forum but was reccommended to come over to this page instead.
Thanks for your help
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by Lee at 19:16:49 on 2013-05-05
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3062.1350 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
mDefault_Page_URL = hxxp://www.google.co.uk
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [GoogleChromeAutoLaunch_249ADA1C31B372ECD5E93C560E3FF849] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - one of the UK's largest shopping destinations
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - eBay - one of the UK's largest shopping destinations
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{29E0E442-1474-4755-B308-4C306A699BC2} : DHCPNameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{567AF266-D5F6-49CD-A68A-5A73DB70412D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A1A59DE7-DCF0-4F11-80A1-9B361E639A16} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 26984]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-1 21504]
R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2012-12-9 188760]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-4-11 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-4-11 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-4-11 168384]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca72bd14627a40;Google Update Service (gupdate1ca72bd14627a40);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-20 37064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-05-05 12:20:35 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{920650cd-6cf8-4d1c-99cb-a325b2388e2f}\mpengine.dll
2013-05-04 18:47:38 -------- d-----w- c:\program files\iPod(228)
2013-05-04 18:47:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(238)
2013-05-04 18:47:31 -------- d-----w- c:\program files\iTunes(229)
2013-05-04 18:46:39 -------- d-----w- c:\users\lee\appdata\local\Apple Computer
2013-05-04 18:02:51 -------- d-----w- c:\program files\CPUID
2013-05-04 17:09:03 181808 ----a-w- c:\windows\RegBootClean.exe
2013-05-02 13:53:05 -------- d-----w- c:\users\lee\appdata\local\CrashDumps
2013-05-02 12:11:39 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-28 18:21:47 -------- d-----w- c:\programdata\TuneUp Software
2013-04-28 18:21:31 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-28 17:52:34 -------- d-----w- c:\users\lee\appdata\roaming\GlarySoft
2013-04-28 17:51:46 -------- d-----w- c:\program files\Glarysoft
2013-04-28 17:50:46 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2013-04-28 17:50:46 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9252c40d-da8a-485b-bdd5-b588133d0dd1}\gapaengine.dll
2013-04-28 17:12:32 -------- d-----w- c:\users\lee\appdata\local\Apple
2013-04-28 16:46:45 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-28 16:19:02 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-04-28 16:19:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-04-28 16:19:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-28 16:19:02 149616 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-04-28 16:19:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-04-28 16:19:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-11 19:55:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-11 19:54:55 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-04-11 19:54:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-11 19:27:54 -------- d-----w- c:\users\lee\appdata\local\Google
2013-04-11 18:47:51 -------- d-----w- c:\programdata\PCPitstop
2013-04-11 18:47:50 -------- d-----w- c:\program files\PCPitstop
2013-04-11 18:42:30 172032 ----a-w- c:\windows\system32\igfxres.dll
2013-04-11 18:18:05 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 18:18:05 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 18:18:04 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-11 18:18:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 18:17:33 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-04-11 18:17:31 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-04-11 18:17:30 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-04-11 18:17:29 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-11 18:17:29 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-04-11 18:17:27 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-11 18:17:26 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 18:17:25 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-11 18:17:24 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-11 18:12:58 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-11 18:12:35 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2013-04-11 17:49:24 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{705b806e-d74e-43e2-8f00-a24af14e9c7d}\mpengine.dll
2013-04-11 17:34:25 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-11 17:02:44 -------- d-----w- c:\users\lee\appdata\local\MFAData
2013-04-11 16:45:37 -------- d-----w- c:\windows\pss
2013-04-11 16:25:20 -------- d-----w- c:\users\lee\appdata\roaming\HpUpdate
2013-04-11 16:20:32 -------- d-----w- c:\users\lee\appdata\local\Toshiba
2013-04-11 16:18:20 -------- d-----w- c:\users\lee\appdata\local\VirtualStore
2013-04-11 11:43:39 -------- d-sh--w- C:\found.003
.
==================== Find3M ====================
.
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 18:19:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-28 18:19:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 19:17:42.46 ===============
I am adding this problem on behalf of a friend who has asked for her latop to be looked at. For some reason, the laptop hard drive seems to hang in normal mode. It will run for a good ten, twenty mins at best before the hard drive light switches off and the laptop crashes. In safe mode, it doesnt seem to crash nearly as often.
I have added the two dds reports but the GMER program doesnt seem to scan properly, rather it seems to crash. I left it running the report for hours and it still didnt work. Ran laptop in safe mode and tried again and hours later, still no joy. Any suggestions? I had posted this in the hard drive forum but was reccommended to come over to this page instead.
Thanks for your help
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by Lee at 19:16:49 on 2013-05-05
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3062.1350 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
mDefault_Page_URL = hxxp://www.google.co.uk
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [GoogleChromeAutoLaunch_249ADA1C31B372ECD5E93C560E3FF849] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - one of the UK's largest shopping destinations
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - eBay - one of the UK's largest shopping destinations
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{29E0E442-1474-4755-B308-4C306A699BC2} : DHCPNameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{567AF266-D5F6-49CD-A68A-5A73DB70412D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A1A59DE7-DCF0-4F11-80A1-9B361E639A16} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 26984]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-1 21504]
R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2012-12-9 188760]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-4-11 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-4-11 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-4-11 168384]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca72bd14627a40;Google Update Service (gupdate1ca72bd14627a40);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-20 37064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-05-05 12:20:35 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{920650cd-6cf8-4d1c-99cb-a325b2388e2f}\mpengine.dll
2013-05-04 18:47:38 -------- d-----w- c:\program files\iPod(228)
2013-05-04 18:47:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(238)
2013-05-04 18:47:31 -------- d-----w- c:\program files\iTunes(229)
2013-05-04 18:46:39 -------- d-----w- c:\users\lee\appdata\local\Apple Computer
2013-05-04 18:02:51 -------- d-----w- c:\program files\CPUID
2013-05-04 17:09:03 181808 ----a-w- c:\windows\RegBootClean.exe
2013-05-02 13:53:05 -------- d-----w- c:\users\lee\appdata\local\CrashDumps
2013-05-02 12:11:39 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-28 18:21:47 -------- d-----w- c:\programdata\TuneUp Software
2013-04-28 18:21:31 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-28 17:52:34 -------- d-----w- c:\users\lee\appdata\roaming\GlarySoft
2013-04-28 17:51:46 -------- d-----w- c:\program files\Glarysoft
2013-04-28 17:50:46 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2013-04-28 17:50:46 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9252c40d-da8a-485b-bdd5-b588133d0dd1}\gapaengine.dll
2013-04-28 17:12:32 -------- d-----w- c:\users\lee\appdata\local\Apple
2013-04-28 16:46:45 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-28 16:19:02 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-04-28 16:19:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-04-28 16:19:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-28 16:19:02 149616 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-04-28 16:19:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-04-28 16:19:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-11 19:55:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-11 19:54:55 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-04-11 19:54:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-11 19:27:54 -------- d-----w- c:\users\lee\appdata\local\Google
2013-04-11 18:47:51 -------- d-----w- c:\programdata\PCPitstop
2013-04-11 18:47:50 -------- d-----w- c:\program files\PCPitstop
2013-04-11 18:42:30 172032 ----a-w- c:\windows\system32\igfxres.dll
2013-04-11 18:18:05 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 18:18:05 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 18:18:04 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-11 18:18:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 18:17:33 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-04-11 18:17:31 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-04-11 18:17:30 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-04-11 18:17:29 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-11 18:17:29 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-04-11 18:17:27 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-11 18:17:26 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 18:17:25 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-11 18:17:24 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-11 18:12:58 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-11 18:12:35 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2013-04-11 17:49:24 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{705b806e-d74e-43e2-8f00-a24af14e9c7d}\mpengine.dll
2013-04-11 17:34:25 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-11 17:02:44 -------- d-----w- c:\users\lee\appdata\local\MFAData
2013-04-11 16:45:37 -------- d-----w- c:\windows\pss
2013-04-11 16:25:20 -------- d-----w- c:\users\lee\appdata\roaming\HpUpdate
2013-04-11 16:20:32 -------- d-----w- c:\users\lee\appdata\local\Toshiba
2013-04-11 16:18:20 -------- d-----w- c:\users\lee\appdata\local\VirtualStore
2013-04-11 11:43:39 -------- d-sh--w- C:\found.003
.
==================== Find3M ====================
.
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 18:19:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-28 18:19:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 19:17:42.46 ===============