Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic
Yesterday my Windows 7 Laptop started slowing down. After about 5 minutes surfing the internet, the PC would slow down to a crawl. The CPU usuage was bedtween 80-100% and I noticed a slow network leak. It appears that the iexplore task start showing up after about 5 minutes from reboot. The number of iexplore task increases until you can not use the PC.
The spybot scan log indicates no viruses or another words no problems.
DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dean-P-35 at 16:33:23 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1327 [GMT -5:00]
.
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k HPService
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.startribune.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Smart Print BHO: {1658d3a1-9e13-4196-a82a-d70d70880f36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "C:\Users\Dean-P-35\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}\445616E602E4F667164756C60243531303C4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA509A52-01BF-484C-A834-18AF1267B04F} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB} : NameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
BHO-X64: QpBHO Class - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-3-29 135608]
R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-6-3 270336]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2011-3-29 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-13 1153368]
R2 SDFirewallService;Spybot-S&D 2 Firewall Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-5-31 3585696]
R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-5-31 3834456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-4-13 1082800]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-4-13 1149864]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-4-13 169624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-29 2320920]
R2 VZWConfigService;VZWConfigService;C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-2-11 169472]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe" --> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_001.sys --> C:\windows\system32\DRIVERS\NWRmNet_001.sys [?]
S3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_022.sys --> C:\windows\system32\DRIVERS\NWRmNet_022.sys [?]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_001.sys --> C:\windows\system32\DRIVERS\nwusbmdm_001.sys [?]
S3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_022.sys --> C:\windows\system32\DRIVERS\nwusbmdm_022.sys [?]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_001.sys --> C:\windows\system32\DRIVERS\nwusbser_001.sys [?]
S3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_022.sys --> C:\windows\system32\DRIVERS\nwusbser_022.sys [?]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_001.sys --> C:\windows\system32\DRIVERS\nwusbser2_001.sys [?]
S3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_022.sys --> C:\windows\system32\DRIVERS\nwusbser2_022.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe_
2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe
2012-04-14 18:38:30 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
2012-04-14 16:31:45 51712 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
2012-04-14 14:35:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{084C90FC-AEB8-4D79-8B3E-199D792ED9A2}
2012-04-14 14:35:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A1EEA238-42D6-4C5E-9D22-AFA527812B43}
2012-04-13 22:05:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-13 20:55:51 -------- d-----w- C:\SpybotBootCD
2012-04-13 19:49:05 5679896 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-04-13 18:26:25 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\5CF06878.exe
2012-04-13 16:32:08 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 16:12:31 33792 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\9DF63B0B.exe
2012-04-13 16:11:21 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A824C43E-1BAB-4B0A-9CBC-F5547567E2DA}
2012-04-13 16:10:11 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6724D355-ADC6-424A-A3AB-F4F262BC503F}
2012-04-13 16:09:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{958F9125-ED75-4B19-8B0A-EBD3C510F0DF}
2012-04-13 16:09:32 -------- d-----w- C:\Users\Dean-P-35\Tracing
2012-04-13 16:08:33 -------- d-----w- C:\windows\en
2012-04-13 16:03:07 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
2012-04-13 16:03:07 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
2012-04-13 16:03:07 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
2012-04-13 16:03:07 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
2012-04-13 16:02:05 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{5EC34E75-0A65-401D-960A-708C27A59582}
2012-04-13 16:01:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8F117FA-E1DC-40AB-A42F-5E1BB9DE1E86}
2012-04-13 12:08:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{649FB6BB-1D7C-4B6D-BF4D-86A0B369650D}
2012-04-12 21:59:18 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\DDA3363F.exe
2012-04-12 21:10:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B0F50F37-BEFD-4BE9-A193-FE91269BA94B}
2012-04-12 03:34:54 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 03:34:54 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:34:53 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:32:45 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 03:32:45 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 03:32:45 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 03:32:44 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 03:32:44 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 03:32:44 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 03:32:44 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-12 03:07:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4AD2639E-A12E-4219-BE0F-8335BAC8ABE8}
2012-04-12 03:07:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9C1FB17F-E189-4AEB-8C79-87211A3CC039}
2012-04-11 13:49:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{710CF3CC-F8FA-437B-BEA8-D56EBAFF1C70}
2012-04-11 01:49:19 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A0507561-47DA-4E7B-B552-076E6702D501}
2012-04-10 13:48:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{BB4F04B3-668E-40F1-8135-8941E55A4D38}
2012-04-10 01:48:18 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9083E23F-6F32-46D9-8669-8E20C6E608E3}
2012-04-09 13:47:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{733E5E37-8A2F-410C-AACB-4AFFE941B869}
2012-04-09 01:45:36 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{195C6D3E-9D4A-4332-95C0-1C03FB1F38C1}
2012-04-08 13:45:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8F976A5A-F4AE-446E-AE20-ECDE7E9EC295}
2012-04-07 12:33:25 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{2E495B13-026F-4B14-A324-5AEEB2C4BDDD}
2012-04-06 20:53:16 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7AD9F1C9-B570-409D-9ECB-2729481F0714}
2012-04-06 01:00:53 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{C31F976D-FA94-4115-8BBE-40A6D872DD26}
2012-04-05 13:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{91D934B8-B1D9-4D1A-804A-5524613F8412}
2012-04-04 23:58:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{16AB1D3E-27FA-4106-BFDE-63FADA04A46D}
2012-04-04 02:37:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4720F396-F045-4DCF-B2AD-3C0B09C06699}
2012-04-03 14:37:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9D2B7D7D-438E-4A87-A0F5-F8E8AE92A0A2}
2012-04-03 02:36:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{96F3C4D3-559A-4704-BFBF-5B959BD173CD}
2012-04-02 05:06:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D41C5B75-A4C6-42F6-A19D-6D7882BC3D3B}
2012-04-01 14:13:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{44A1807E-33EB-477A-ABDC-29D3FE49340B}
2012-03-31 13:58:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D6D6049E-D3C5-418C-9D83-1651202D2E74}
2012-03-30 16:14:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{73A3B573-AD1E-4979-89AB-A898F478B65B}
2012-03-30 04:13:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E8F87748-028D-4991-AE21-10AD86DC205E}
2012-03-29 16:12:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AE07EE6A-A867-4246-8D58-E8556C130EBB}
2012-03-29 03:00:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{1C822190-2A18-4936-A063-26792E96E61B}
2012-03-28 15:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8A7E574E-89E5-42CD-83E3-1E7061AFCA15}
2012-03-28 14:59:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{490420E2-35B7-41EA-84F6-9993C325A88F}
2012-03-28 02:59:27 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{22502869-C4D8-4608-A8E5-0F8D86E37098}
2012-03-28 02:59:02 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0E4635CF-94A3-4E7A-B834-B616E27E84D2}
2012-03-27 14:58:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E0170AFF-B7A0-416E-A164-08A071279942}
2012-03-27 14:58:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{64502DA2-F8AF-44F8-8761-7B7D50A12F85}
2012-03-27 02:57:46 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{DC855321-6CD1-4C6E-A13F-FDD48613EF50}
2012-03-27 02:57:22 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{973263A7-7D70-4CC9-B383-0C9324401C02}
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-26 14:57:08 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FD8BFBBF-184E-4EF9-A438-0447CD8E1C63}
2012-03-26 14:56:44 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{83944100-1791-4E75-965E-8F3315A52840}
2012-03-25 15:34:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B13498D4-7193-49F8-B8B8-6D6B75A3C959}
2012-03-25 15:34:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FEF13E03-2CD2-4F92-B4E1-364645AAAD43}
2012-03-25 03:33:56 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8641FF32-9420-4F3A-9CA7-62EAA2B48639}
2012-03-25 03:33:31 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{20E7A3BD-45E2-4841-971C-66A1323DEE52}
2012-03-24 15:33:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E9C938D5-0117-495A-B9A7-7DCB4AE9FB33}
2012-03-24 15:32:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3E2D8FF8-CF6E-43F7-B22B-594D184DD5BC}
2012-03-24 03:32:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D92C6F46-489A-45FC-9C96-B94A469C73F4}
2012-03-24 03:31:52 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3F7734BB-88B2-43BB-8CB7-E684C12A9D9E}
2012-03-23 15:31:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F1EC186E-22EF-4CFC-910E-9F2CAFF3E1B1}
2012-03-23 15:30:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B42F6FC3-48CB-4AB4-A22A-23918A96C107}
2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr
2012-03-22 05:17:29 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{509CCA2D-FB73-4AFE-B8A9-B894A74E426E}
2012-03-22 05:17:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9AEA74C9-AFC4-4AFB-859B-698736644B19}
2012-03-21 17:16:38 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{806352C6-F682-40E8-AD0A-A0C3C4DD348A}
2012-03-21 17:16:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8AAB401-1902-477A-B6CA-6F25E5927349}
2012-03-20 18:34:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{34591528-16C4-4BE5-B6D9-DCDA057C6D2E}
2012-03-20 18:34:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8C73EA38-2983-4936-B254-21EC2348982E}
2012-03-20 06:33:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F00F4FA7-DAF6-44EB-BB85-6CE016BD60C1}
2012-03-20 06:33:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0BF8F1B2-A347-4CF0-9F2A-1D0F5E541FBA}
2012-03-19 15:30:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7F906341-8F3E-4EC9-8D94-A5B0B4506500}
2012-03-19 15:30:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{82DA7031-5377-4ACA-A6B3-A072AC40A4D2}
2012-03-19 06:59:51 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{41DEE5E7-976E-4D65-98CE-69B9EBB7705D}
2012-03-19 06:59:39 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AD711D22-0D0C-44A3-B661-E6CAA1295A09}
2012-03-18 15:40:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{963BA519-1E21-4207-AD1E-94E5C337FD52}
2012-03-18 15:39:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{520270DB-61FB-40DE-BEC7-0D8EE8F84E15}
2012-03-18 02:51:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{42A2B5DA-32C6-49C6-872D-652F96E1C2D6}
2012-03-18 02:51:34 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B564F154-EBF6-4A92-B0FC-54C87E0CF78B}
2012-03-17 14:51:07 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{ABE2360B-DAEE-4BB1-A321-F7D8FD1CFB1A}
2012-03-17 14:50:55 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8D5602A2-D88E-47D0-87BF-FF35A181B489}
2012-03-17 02:50:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6BC5F052-1F2B-4CDD-869D-45A80BA3EB5F}
2012-03-17 02:50:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{171DD523-9ED3-4CF3-BE64-38F09F834724}
2012-03-16 14:49:59 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6E6796E5-5690-4D25-A09C-53DD772DEB65}
2012-03-16 14:49:42 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{823776D3-B069-44AF-8BCA-74582FA3BB54}
.
==================== Find3M ====================
.
2012-04-13 16:32:08 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 23:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 16:33:46.65 ===============
Other Method was Email to Support Option Under Support
Thanks for Reply:
The other method was an email to support under the support tab. Since I have Not received an email back from him today, I will continue with you and send email to support that I am working with You.
I can not attach the ".cab" file from the 2.0.7 Beta save of log files. It is too Big (21 MB).
Assuming you work on Spybot 2.0.7 Beta, I will execute your last instructions and send you the output.
Thanks for your help.
The email exchange with Jochen is below for your reference.
Dean
=================================================
Jochen EMAIL:
Hello Dean,
Please send us a complete bug report. In order to do so, please run Spybot - Search & Destroy and switch to Advanced Mode via the menu item Mode, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Please attach this file to your email and send it again to detections@spybot.info.
best regards,
Jochen T.
Team Spybot
======================
My Response:
Jochen:
I have attached the scan log but I need to update you on a few facts:
1. When I finally found my Spybot ID/Password, I also submitted a problem report on the "Malware Removal" forum entittled
"Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic" by Silverbullet.
2.My user ID (Dean-P-35) on the Laptop does not display the desktop when I login now, so I am using another ID(Jean).
3.Unfortunately, I found out that I had 2 versions of SpyBot installed and I both running at one time: 1.6.2 and 2.0.5.Beta.
4. I had trouble uninstalling both but now I believe that I have both uninstalled and currently only 2.0.7.131 Beta installed.
5. I did the deep scan with 2.0.7.131 SpyBot and did the fix problems and then saved the log. I have attached the log to this email.
6. I still have problems
Dean
=============================
aswMBR.exe txt file and Zip File
Thanks Again
Will Wait for your response.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-17 11:44:11
-----------------------------
11:44:11.766 OS Version: Windows x64 6.1.7601 Service Pack 1
11:44:11.766 Number of processors: 4 586 0x2505
11:44:11.766 ComputerName: TOSHIBA-A665 UserName: Jean
11:44:13.108 Initialize success
11:46:01.323 AVAST engine defs: 12041700
11:46:22.007 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:46:22.009 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
11:46:22.024 Disk 0 MBR read successfully
11:46:22.027 Disk 0 MBR scan
11:46:22.032 Disk 0 Windows VISTA default MBR code
11:46:22.044 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:46:22.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
11:46:22.097 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
11:46:22.154 Disk 0 scanning C:\windows\system32\drivers
11:46:33.130 Service scanning
11:47:15.703 Modules scanning
11:47:15.703 Disk 0 trace - called modules:
11:47:15.781 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
11:47:15.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069f1060]
11:47:15.796 3 CLASSPNP.SYS[fffff8800199743f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069f0060]
11:47:15.812 5 thpdrv.sys[fffff88001de9cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049ca050]
11:47:18.136 AVAST engine scan C:\windows
11:47:20.820 AVAST engine scan C:\windows\system32
11:50:16.894 AVAST engine scan C:\windows\system32\drivers
11:50:31.528 AVAST engine scan C:\Users\Jean
11:53:22.236 File: C:\Users\Jean\AppData\Roaming\5CF06878.exe **INFECTED** Win32:Rootkit-gen [Rtk]
11:53:22.298 File: C:\Users\Jean\AppData\Roaming\6B5F0FE8.exe **INFECTED** Win32:Downloader-NWY [Trj]
11:53:33.668 File: C:\Users\Jean\AppData\Roaming\ohhjipgm.exe **INFECTED** Win32:Crypt-MLE [Trj]
11:53:38.005 File: C:\Users\Jean\winlogon.exe **INFECTED** Win32:Downloader-NVR [Trj]
11:53:44.120 AVAST engine scan C:\ProgramData
11:56:31.741 Scan finished successfully
11:57:27.102 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Desktop\MBR.dat"
11:57:27.117 The log file has been saved successfully to "C:\Users\Jean\Desktop\aswMBR.txt"
Dean
Combofix Log-No HJT Log-Can't Find Executable
ComboFix 12-04-17.01 - Jean 04/17/2012 18:54:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2459 [GMT -5:00]
Running from: c:\users\Jean\Desktop\ComboFix.exe
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\14XqPxvo.exe
c:\programdata\14XqPxvo.exe_
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Dean-P-35\AppData\Roaming\5CF06878.exe
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoActivate.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoHelp.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoUninstall.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe
c:\users\Dean-P-35\AppData\Roaming\DDA3363F.exe
c:\users\Dean-P-35\uidsave.dat
c:\users\Dean-P-35\WINDOWS
c:\users\Dean-P-35\WINDOWS\Driver\0002.mpg
c:\users\Dean-P-35\WINDOWS\Driver\001.avi
c:\users\Dean-P-35\WINDOWS\Driver\001.mpg
c:\users\Dean-P-35\WINDOWS\Driver\002.mpg
c:\users\Dean-P-35\WINDOWS\Driver\01.mpg
c:\users\Dean-P-35\WINDOWS\Driver\01.wmv
c:\users\Dean-P-35\WINDOWS\Driver\01ss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02.mpg
c:\users\Dean-P-35\WINDOWS\Driver\02.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02sss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02ssss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02x.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02y.mpg
c:\users\Dean-P-35\WINDOWS\Driver\03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0332.wmv
c:\users\Dean-P-35\WINDOWS\Driver\03uuu.wmv
c:\users\Dean-P-35\WINDOWS\Driver\04wwwww.wmv
c:\users\Dean-P-35\WINDOWS\Driver\05031202.wmv
c:\users\Dean-P-35\WINDOWS\Driver\05031203.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0ddd4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0eeee2.mpg
c:\users\Dean-P-35\WINDOWS\Driver\0l4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0t1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\10.wmv
c:\users\Dean-P-35\WINDOWS\Driver\14444.wmv
c:\users\Dean-P-35\WINDOWS\Driver\15_004.wmv
c:\users\Dean-P-35\WINDOWS\Driver\1m.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\222.wmv
c:\users\Dean-P-35\WINDOWS\Driver\233.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2m.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\3mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\4.mpg
c:\users\Dean-P-35\WINDOWS\Driver\4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\4mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\5396_4_clip.wmv
c:\users\Dean-P-35\WINDOWS\Driver\6093_04_180sec_00.wmv
c:\users\Dean-P-35\WINDOWS\Driver\analdaughters_clips02.wmv
c:\users\Dean-P-35\WINDOWS\Driver\angel1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\brazzersvault-penny-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\canhescore-alexistexas-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x2.mpg
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x4.mpg
c:\users\Dean-P-35\WINDOWS\Driver\clip03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\crissycreampie_chunk_1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\cwwlip03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\Desktop.ini
c:\users\Dean-P-35\WINDOWS\Driver\eastblocamateurs-dot-com-1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\fetishonepass.com_01.wmv
c:\users\Dean-P-35\WINDOWS\Driver\gia1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\hotbush-sexgames-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\housewife1on1-mariabellucci-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kennakane-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-madisonivy4-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze5-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-laurenphoenix-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\pornstarxs_4559-1-3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\realwifestories-kimberly-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\spcp-11.wmv
c:\users\Dean-P-35\WINDOWS\Driver\spcp-12.wmv
c:\users\Dean-P-35\WINDOWS\Driver\suziediamond_chunk_2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\Thumbs.db
c:\users\Dean-P-35\WINDOWS\Driver\v0131b.wmv
c:\users\Dean-P-35\WINDOWS\Driver\V03124_big_03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V09475_big_04.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_04.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_05.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V21919_big_03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\vid03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\vid03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\videosz-the-girl-next-door-5-22.mpg
c:\users\Dean-P-35\WINDOWS\Driver\videosz-trombone-blown-2-91.mpg
c:\users\Dean_Standard_User\uidsave.dat
c:\users\Jean\AppData\Roaming\5CF06878.exe
c:\users\Jean\AppData\Roaming\6B5F0FE8.exe
c:\users\Jean\AppData\Roaming\FA9C4BFD.exe
c:\users\Jean\AppData\Roaming\ohhjipgm.exe
c:\users\Jean\uidsave.dat
c:\users\Jean\WINDOWS
c:\users\Jean\winlogon.exe
c:\windows\SysWow64\crrss.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean-P-35\AppData\Local\temp
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean_Standard_User\AppData\Local\temp
2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Local\IsolatedStorage
2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Roaming\Intuit
2012-04-16 16:10 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-04-16 16:10 . 2012-04-16 16:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-04-15 22:53 . 2012-04-15 22:53 -------- d-----w- c:\users\Jean\AppData\Roaming\SoftGrid Client
2012-04-14 20:47 . 2012-04-14 20:47 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-13 20:55 . 2012-04-13 20:55 -------- d-----w- C:\SpybotBootCD
2012-04-13 19:49 . 2012-04-13 19:49 5679896 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-04-13 19:42 . 2012-04-17 16:50 -------- d-----w- c:\users\Jean\AppData\Local\CrashDumps
2012-04-13 16:32 . 2012-04-13 16:32 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 16:09 . 2012-04-13 16:09 -------- d-----w- c:\users\Dean-P-35\Tracing
2012-04-13 16:08 . 2012-04-13 16:08 -------- d-----w- c:\windows\en
2012-04-13 16:03 . 2012-04-13 16:03 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
2012-04-13 16:03 . 2012-04-13 16:03 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
2012-04-13 16:03 . 2012-04-13 16:03 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
2012-04-13 16:03 . 2012-04-13 16:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
2012-04-12 03:34 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:34 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:34 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:32 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 16:32 . 2011-06-10 05:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 08:51 . 2012-04-14 18:38 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 15:18 . 2011-05-29 15:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 14:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 15:22 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:22 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:55 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 14:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-12-21 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 uvkohury;uvkohury;c:\windows\system32\drivers\uvkohury.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 ALSysIO;ALSysIO;c:\users\DEAN-P~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_001.sys [x]
R3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_022.sys [x]
R3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_001.sys [x]
R3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_022.sys [x]
R3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_001.sys [x]
R3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_022.sys [x]
R3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_001.sys [x]
R3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_022.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-12-08 135608]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-06-03 270336]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 VZWConfigService;VZWConfigService;c:\program files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-02-11 169472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:32]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-crrss - c:\windows\system32\crrss.exe
Notify-igfxcui - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-17 19:17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 00:17
.
Pre-Run: 550,539,096,064 bytes free
Post-Run: 551,791,751,168 bytes free
.
- - End Of File - - 323E745D4857735000C060B5935D403D
Computer Running good! + OTL Log Part 2
The computer is running very good and is back to its normal performance.
The only problem I have is that I can not get the desktop displayed for my old ID. After completing the logon process, It just displays a black screen with a open explorer window. After closing the explorer window, the screen is black and you can not do anything other that ctrl/alt/del. I think what happen is that the laptop battery was low and it tried to sleep and did not have enough battery to save the current environement 0f for my old ID desktop. Unless you have some expertise on this, don't spend any time on this. I will just save off what I need and create another ID.
OTL Log:
OTL logfile created on: 4/18/2012 7:58:50 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.37% Memory free
7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 506.72 Gb Free Space | 86.96% Space Free | Partition Type: NTFS
Computer Name: TOSHIBA-A665 | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (VZWConfigService) -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (Novatel Wireless Inc.)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)
SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe (Novatel Wireless Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NWUSBPort2_022) -- C:\Windows\SysNative\drivers\nwusbser2_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_022) -- C:\Windows\SysNative\drivers\nwusbser_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_022) -- C:\Windows\SysNative\drivers\nwusbmdm_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWRmNet_022) -- C:\Windows\SysNative\drivers\NWRmNet_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWRmNet_001) -- C:\Windows\SysNative\drivers\NWRmNet_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2_001) -- C:\Windows\SysNative\drivers\nwusbser2_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_001) -- C:\Windows\SysNative\drivers\nwusbser_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_001) -- C:\Windows\SysNative\drivers\nwusbmdm_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8652BADC-8B1B-4E5D-AB71-2E1641A7424F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0085586D-CAAC-42C9-98A0-49EED9294734}
IE - HKLM\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/logout.cgi?todo=logout
IE - HKCU\..\SearchScopes,DefaultScope = {44F0F890-B49A-4489-85D9-82054C81CB80}
IE - HKCU\..\SearchScopes\{000DF192-70DC-43F2-B141-3A7DF40D3819}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{44F0F890-B49A-4489-85D9-82054C81CB80}: "URL" = http://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6084C596-A53E-4017-B341-8AAE9C624078}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41647863&src=kw&q={searchTerms}&locale=&apn_ptnrs=1R&apn_dtid=YYYYYYYYUS&apn_uid=1264D3D0-0958-41EB-A9A7-051855E39954&apn_sauid=D0DA637F-AC69-4B1B-B6F9-8D55843EC31B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/12/12 16:45:39 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/04/18 06:27:07 | 000,441,863 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15209 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/04/18 07:51:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/04/18 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Windows Live
[2012/04/18 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\{C13938E5-6E86-48DD-8184-E33D36F7FBB1}
[2012/04/18 07:20:43 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\{50B8DA10-9568-40D8-915D-DF19E3D8D042}
[2012/04/18 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Windows Live Writer
[2012/04/18 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Windows Live Writer
[2012/04/17 18:50:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/17 18:50:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/17 18:50:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/17 18:50:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/17 18:50:23 | 004,466,721 | R--- | C] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/04/17 11:44:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2012/04/17 10:12:43 | 000,000,000 | ---D | C] -- C:\Users\Jean\Documents\TurboTax
[2012/04/17 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\IsolatedStorage
[2012/04/17 10:07:15 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Intuit
[2012/04/16 11:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/04/16 11:10:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012/04/16 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/04/16 11:04:49 | 045,641,536 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe
[2012/04/15 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\SoftGrid Client
[2012/04/14 15:50:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/04/14 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\spybot
[2012/04/13 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/13 15:55:51 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2012/04/13 14:42:49 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\CrashDumps
[2012/04/13 11:32:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 11:08:33 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/04/11 22:35:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/11 22:35:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/11 22:35:16 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/11 22:35:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/11 22:35:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/11 22:35:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/11 22:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/11 22:35:15 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/11 22:35:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/11 22:35:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/11 22:35:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/11 22:34:54 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/11 22:34:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/11 22:34:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/11 22:32:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/11 22:32:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/11 22:32:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/03/22 14:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/18 07:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/18 07:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/04/18 07:25:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 07:14:17 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/18 07:11:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/18 06:27:07 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/18 06:26:33 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062707.backup
[2012/04/18 00:31:17 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062633.backup
[2012/04/17 19:21:32 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 19:21:32 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 19:16:46 | 000,780,156 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/17 19:16:46 | 000,660,982 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/17 19:16:46 | 000,121,620 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/17 19:09:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-003117.backup
[2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 18:40:52 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/04/17 11:59:27 | 000,000,565 | ---- | M] () -- C:\Users\Jean\Desktop\MBR.zip
[2012/04/17 11:57:27 | 000,000,512 | ---- | M] () -- C:\Users\Jean\Desktop\MBR.dat
[2012/04/17 11:23:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2012/04/16 14:35:38 | 000,605,431 | ---- | M] () -- C:\Users\Jean\Desktop\Desktop-20120416-143537.png
[2012/04/16 11:47:51 | 000,012,397 | ---- | M] () -- C:\Users\Jean\Desktop\Scan Results.2012-04-16 11-46-28
[2012/04/16 11:10:55 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/04/16 10:47:45 | 045,641,536 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe
[2012/04/16 08:17:55 | 000,007,614 | ---- | M] () -- C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
[2012/04/14 15:47:38 | 000,000,944 | ---- | M] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/04/14 15:47:38 | 000,000,920 | ---- | M] () -- C:\Users\Jean\Desktop\ERUNT.lnk
[2012/04/14 11:02:54 | 000,003,505 | ---- | M] () -- C:\windows\wininit.ini
[2012/04/13 15:58:34 | 000,000,505 | ---- | M] () -- C:\Users\Jean\Desktop\Programs and Features - Shortcut.lnk
[2012/04/13 11:32:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 11:32:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 11:14:15 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/04/12 15:24:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/31 09:30:55 | 000,000,018 | ---- | M] () -- C:\windows\phsrch5.ini
[2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2012/03/20 10:13:30 | 411,188,288 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/03/20 01:47:18 | 000,777,744 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/17 18:50:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/17 18:50:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/17 18:50:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/17 18:50:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/17 18:50:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/17 11:59:27 | 000,000,565 | ---- | C] () -- C:\Users\Jean\Desktop\MBR.zip
[2012/04/17 11:57:27 | 000,000,512 | ---- | C] () -- C:\Users\Jean\Desktop\MBR.dat
[2012/04/16 14:35:37 | 000,605,431 | ---- | C] () -- C:\Users\Jean\Desktop\Desktop-20120416-143537.png
[2012/04/16 11:47:51 | 000,012,397 | ---- | C] () -- C:\Users\Jean\Desktop\Scan Results.2012-04-16 11-46-28
[2012/04/16 11:10:55 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/04/16 11:10:55 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/04/15 18:36:13 | 000,007,614 | ---- | C] () -- C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
[2012/04/14 15:47:38 | 000,000,944 | ---- | C] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/04/14 15:47:38 | 000,000,920 | ---- | C] () -- C:\Users\Jean\Desktop\ERUNT.lnk
[2012/04/13 15:58:34 | 000,000,505 | ---- | C] () -- C:\Users\Jean\Desktop\Programs and Features - Shortcut.lnk
[2012/04/13 11:32:08 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 10:21:05 | 000,003,505 | ---- | C] () -- C:\windows\wininit.ini
[2011/12/31 12:13:13 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/12/25 14:11:26 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/12/12 13:46:16 | 000,206,568 | ---- | C] () -- C:\windows\hpwins28.dat
[2011/12/12 12:55:55 | 000,207,287 | ---- | C] () -- C:\windows\hpwins28.dat.temp
[2011/12/12 11:01:47 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
[2011/12/11 17:12:10 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
[2011/11/20 10:07:23 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 18:30:47 | 000,211,046 | ---- | C] () -- C:\windows\hpoins21.dat
[2011/10/04 18:30:47 | 000,005,474 | ---- | C] () -- C:\windows\hpomdl21.dat
[2011/08/30 14:08:56 | 000,000,018 | ---- | C] () -- C:\windows\phsrch5.ini
[2011/07/08 15:23:02 | 000,000,506 | ---- | C] () -- C:\windows\ODBC.INI
[2011/04/30 09:47:33 | 000,777,744 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/29 09:42:33 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2010/07/29 07:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 07:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 07:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 06:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 06:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
========== LOP Check ==========
[2011/12/31 12:25:26 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\PCStitch Pro
[2011/12/31 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Radium Technologies
[2012/04/15 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\SoftGrid Client
[2011/06/16 18:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Toshiba
[2012/04/18 07:20:30 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Windows Live Writer
[2012/02/14 18:43:04 | 000,032,628 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< * >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- \bootmgr
[2010/10/28 14:45:28 | 000,008,192 | RHS- | M] () -- \BOOTSECT.BAK
[2012/04/17 19:17:32 | 000,029,976 | ---- | M] () -- \ComboFix.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1028.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1031.txt
[2007/11/07 10:00:40 | 000,010,134 | ---- | M] () -- \eula.1033.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1036.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1040.txt
[2007/11/07 10:00:40 | 000,000,118 | ---- | M] () -- \eula.1041.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1042.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.2052.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.3082.txt
[2012/03/03 15:50:29 | 050,507,776 | ---- | M] () -- \Firl-2012-03-03.QDF-backup
[2012/03/11 14:38:38 | 050,601,984 | ---- | M] () -- \Firl-2012-03-11.QDF-backup
[2007/11/07 10:00:40 | 000,001,110 | ---- | M] () -- \globdata.ini
[2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- \hiberfil.sys
[2007/11/07 10:00:40 | 000,000,843 | ---- | M] () -- \install.ini
[2007/11/07 10:03:18 | 000,076,304 | ---- | M] () -- \install.res.1028.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] () -- \install.res.1031.dll
[2007/11/07 10:03:18 | 000,091,152 | ---- | M] () -- \install.res.1033.dll
[2007/11/07 10:03:18 | 000,097,296 | ---- | M] () -- \install.res.1036.dll
[2007/11/07 10:03:18 | 000,095,248 | ---- | M] () -- \install.res.1040.dll
[2007/11/07 10:03:18 | 000,081,424 | ---- | M] () -- \install.res.1041.dll
[2007/11/07 10:03:18 | 000,079,888 | ---- | M] () -- \install.res.1042.dll
[2007/11/07 10:03:18 | 000,075,792 | ---- | M] () -- \install.res.2052.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] () -- \install.res.3082.dll
[2004/08/16 11:53:58 | 000,001,059 | -H-- | M] () -- \IPH.PH
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] () -- \msdia80.dll
[2012/04/17 19:09:19 | 4079,665,152 | -HS- | M] () -- \pagefile.sys
[2007/11/07 10:00:40 | 000,005,686 | ---- | M] () -- \vcredist.bmp
[2007/11/07 10:09:22 | 001,442,522 | ---- | M] () -- \VC_RED.cab
[2007/11/07 10:12:28 | 000,232,960 | ---- | M] () -- \VC_RED.MSI
[2011/06/16 08:14:08 | 000,004,548 | ---- | M] () -- \WirelessDiagLog.csv
[2011/01/16 08:08:48 | 000,004,418 | ---- | M] () -- \WRA_Colors.txt
< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/28 14:45:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/04/17 19:17:32 | 000,029,976 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 10:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 10:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2012/03/03 15:50:29 | 050,507,776 | ---- | M] () -- C:\Firl-2012-03-03.QDF-backup
[2012/03/11 14:38:38 | 050,601,984 | ---- | M] () -- C:\Firl-2012-03-11.QDF-backup
[2007/11/07 10:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 10:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 10:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 10:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 10:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 10:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 10:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 10:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 10:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/16 11:53:58 | 000,001,059 | -H-- | M] () -- C:\IPH.PH
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/04/17 19:09:19 | 4079,665,152 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 10:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 10:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 10:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011/06/16 08:14:08 | 000,004,548 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/01/16 08:08:48 | 000,004,418 | ---- | M] () -- C:\WRA_Colors.txt
< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Desktop\*.exe >
[2012/04/17 11:23:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2012/04/17 18:40:52 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/04/18 07:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/04/16 10:47:45 | 045,641,536 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/07 17:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
explorer Fix Worked-2 Log Files-2 Attached file
The explorer fix worked. Will work on later after virus removed- Thanks
Computer working good.
mbam log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.19.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jean :: TOSHIBA-A665 [administrator]
4/19/2012 10:23:26 AM
mbam-log-2012-04-19 (10-23-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255262
Time elapsed: 3 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Dean-P-35\Desktop\Antivirus Protection.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
(end)
Yes, After I rebooted and Logged in, explorer was running
I start task manager, kill the one instance of explorer, start a new explorer process thur task manager and I get my desktop back.
Whether I only log off or shutdown and reboot, the desktop does not display unless I follow your process.
Answers: 1.)"My Documents" 2.)No Change Same Problem 3).No Change Same Problem
Quote:
Originally Posted by
oldman960
Hi Silverbullet,
There are several cuases for this but no one sure fix. As it appears to be only the one account that is effected I think we can rule out a hardare problem.
The explorer window that opens, does it have a name? ie: my document, my pictures etc
No name,Just "Dean-P-35 -->My Documents"
Try booting to safe mode and see if the problem still persists.
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Same problem?
Yes Same Problem
Next try a clean boot:
Let's try a clean boot and see if the computer is any better. You may not have all the functionality as only a minimal set of drivers and startup programs will load at startup.
click start and type
msconfig.exe in the search box and press enter.
On the
General tab- check Selective startup
- uncheck Load startup items
click the
Services tab
- check select the Hide all Microsoft services
- check Disable all.
- Click Ok
- Click Restart
Any better?
***Same Problem***
OTL Fix Worked by Desktop is back!==Thank You
OTL Log:
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus Protection deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus Protection 2012 SM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PC Health Status deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\qudqt4wswdse deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Dean-P-35\winlogon.exe" deleted successfully.
C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jean\Downloads\cmd.bat deleted successfully.
C:\Users\Jean\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.40.0 log created on 04222012_143813
No other Issues, the Laptop is back to normal-Thank You very much
Thanks again. Everything is back to normal.
On Business trip fornext 2 weeks- Will Perform Tasks when Back
Thanks for all your help
Dean