Page 1 of 4 1234 LastLast
Results 1 to 10 of 33

Thread: Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic

  1. #1
    Junior Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    26

    Thumbs down Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic

    Yesterday my Windows 7 Laptop started slowing down. After about 5 minutes surfing the internet, the PC would slow down to a crawl. The CPU usuage was bedtween 80-100% and I noticed a slow network leak. It appears that the iexplore task start showing up after about 5 minutes from reboot. The number of iexplore task increases until you can not use the PC.
    The spybot scan log indicates no viruses or another words no problems.

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Dean-P-35 at 16:33:23 on 2012-04-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1327 [GMT -5:00]
    .
    SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
    C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
    C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\ProgramData\14XqPxvo.exe
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\ProgramData\14XqPxvo.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\ProgramData\14XqPxvo.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.startribune.com/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Smart Print BHO: {1658d3a1-9e13-4196-a82a-d70d70880f36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [cdloader] "C:\Users\Dean-P-35\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    uRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
    mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}\445616E602E4F667164756C60243531303C4 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AA509A52-01BF-484C-A834-18AF1267B04F} : DhcpNameServer = 8.8.8.8
    TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB} : NameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
    BHO-X64: QpBHO Class - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [(Default)]
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
    mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-3-29 135608]
    R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-6-3 270336]
    R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2011-3-29 126392]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-13 1153368]
    R2 SDFirewallService;Spybot-S&D 2 Firewall Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-5-31 3585696]
    R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-5-31 3834456]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-4-13 1082800]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-4-13 1149864]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-4-13 169624]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-29 2320920]
    R2 VZWConfigService;VZWConfigService;C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-2-11 169472]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-29 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
    S2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe" --> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [?]
    S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
    S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
    S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_001.sys --> C:\windows\system32\DRIVERS\NWRmNet_001.sys [?]
    S3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_022.sys --> C:\windows\system32\DRIVERS\NWRmNet_022.sys [?]
    S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_001.sys --> C:\windows\system32\DRIVERS\nwusbmdm_001.sys [?]
    S3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_022.sys --> C:\windows\system32\DRIVERS\nwusbmdm_022.sys [?]
    S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_001.sys --> C:\windows\system32\DRIVERS\nwusbser_001.sys [?]
    S3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_022.sys --> C:\windows\system32\DRIVERS\nwusbser_022.sys [?]
    S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_001.sys --> C:\windows\system32\DRIVERS\nwusbser2_001.sys [?]
    S3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_022.sys --> C:\windows\system32\DRIVERS\nwusbser2_022.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe_
    2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe
    2012-04-14 18:38:30 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
    2012-04-14 16:31:45 51712 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
    2012-04-14 14:35:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{084C90FC-AEB8-4D79-8B3E-199D792ED9A2}
    2012-04-14 14:35:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A1EEA238-42D6-4C5E-9D22-AFA527812B43}
    2012-04-13 22:05:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-04-13 20:55:51 -------- d-----w- C:\SpybotBootCD
    2012-04-13 19:49:05 5679896 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
    2012-04-13 18:26:25 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\5CF06878.exe
    2012-04-13 16:32:08 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-13 16:12:31 33792 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\9DF63B0B.exe
    2012-04-13 16:11:21 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A824C43E-1BAB-4B0A-9CBC-F5547567E2DA}
    2012-04-13 16:10:11 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6724D355-ADC6-424A-A3AB-F4F262BC503F}
    2012-04-13 16:09:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{958F9125-ED75-4B19-8B0A-EBD3C510F0DF}
    2012-04-13 16:09:32 -------- d-----w- C:\Users\Dean-P-35\Tracing
    2012-04-13 16:08:33 -------- d-----w- C:\windows\en
    2012-04-13 16:03:07 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
    2012-04-13 16:03:07 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
    2012-04-13 16:03:07 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
    2012-04-13 16:03:07 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
    2012-04-13 16:02:05 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{5EC34E75-0A65-401D-960A-708C27A59582}
    2012-04-13 16:01:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8F117FA-E1DC-40AB-A42F-5E1BB9DE1E86}
    2012-04-13 12:08:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{649FB6BB-1D7C-4B6D-BF4D-86A0B369650D}
    2012-04-12 21:59:18 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\DDA3363F.exe
    2012-04-12 21:10:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B0F50F37-BEFD-4BE9-A193-FE91269BA94B}
    2012-04-12 03:34:54 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-04-12 03:34:54 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-04-12 03:34:53 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-04-12 03:32:45 81408 ----a-w- C:\windows\System32\imagehlp.dll
    2012-04-12 03:32:45 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
    2012-04-12 03:32:45 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
    2012-04-12 03:32:44 5120 ----a-w- C:\windows\SysWow64\wmi.dll
    2012-04-12 03:32:44 5120 ----a-w- C:\windows\System32\wmi.dll
    2012-04-12 03:32:44 220672 ----a-w- C:\windows\System32\wintrust.dll
    2012-04-12 03:32:44 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
    2012-04-12 03:07:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4AD2639E-A12E-4219-BE0F-8335BAC8ABE8}
    2012-04-12 03:07:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9C1FB17F-E189-4AEB-8C79-87211A3CC039}
    2012-04-11 13:49:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{710CF3CC-F8FA-437B-BEA8-D56EBAFF1C70}
    2012-04-11 01:49:19 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A0507561-47DA-4E7B-B552-076E6702D501}
    2012-04-10 13:48:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{BB4F04B3-668E-40F1-8135-8941E55A4D38}
    2012-04-10 01:48:18 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9083E23F-6F32-46D9-8669-8E20C6E608E3}
    2012-04-09 13:47:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{733E5E37-8A2F-410C-AACB-4AFFE941B869}
    2012-04-09 01:45:36 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{195C6D3E-9D4A-4332-95C0-1C03FB1F38C1}
    2012-04-08 13:45:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8F976A5A-F4AE-446E-AE20-ECDE7E9EC295}
    2012-04-07 12:33:25 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{2E495B13-026F-4B14-A324-5AEEB2C4BDDD}
    2012-04-06 20:53:16 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7AD9F1C9-B570-409D-9ECB-2729481F0714}
    2012-04-06 01:00:53 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{C31F976D-FA94-4115-8BBE-40A6D872DD26}
    2012-04-05 13:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{91D934B8-B1D9-4D1A-804A-5524613F8412}
    2012-04-04 23:58:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{16AB1D3E-27FA-4106-BFDE-63FADA04A46D}
    2012-04-04 02:37:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4720F396-F045-4DCF-B2AD-3C0B09C06699}
    2012-04-03 14:37:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9D2B7D7D-438E-4A87-A0F5-F8E8AE92A0A2}
    2012-04-03 02:36:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{96F3C4D3-559A-4704-BFBF-5B959BD173CD}
    2012-04-02 05:06:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D41C5B75-A4C6-42F6-A19D-6D7882BC3D3B}
    2012-04-01 14:13:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{44A1807E-33EB-477A-ABDC-29D3FE49340B}
    2012-03-31 13:58:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D6D6049E-D3C5-418C-9D83-1651202D2E74}
    2012-03-30 16:14:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{73A3B573-AD1E-4979-89AB-A898F478B65B}
    2012-03-30 04:13:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E8F87748-028D-4991-AE21-10AD86DC205E}
    2012-03-29 16:12:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AE07EE6A-A867-4246-8D58-E8556C130EBB}
    2012-03-29 03:00:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{1C822190-2A18-4936-A063-26792E96E61B}
    2012-03-28 15:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8A7E574E-89E5-42CD-83E3-1E7061AFCA15}
    2012-03-28 14:59:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{490420E2-35B7-41EA-84F6-9993C325A88F}
    2012-03-28 02:59:27 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{22502869-C4D8-4608-A8E5-0F8D86E37098}
    2012-03-28 02:59:02 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0E4635CF-94A3-4E7A-B834-B616E27E84D2}
    2012-03-27 14:58:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E0170AFF-B7A0-416E-A164-08A071279942}
    2012-03-27 14:58:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{64502DA2-F8AF-44F8-8761-7B7D50A12F85}
    2012-03-27 02:57:46 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{DC855321-6CD1-4C6E-A13F-FDD48613EF50}
    2012-03-27 02:57:22 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{973263A7-7D70-4CC9-B383-0C9324401C02}
    2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2012-03-26 14:57:08 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FD8BFBBF-184E-4EF9-A438-0447CD8E1C63}
    2012-03-26 14:56:44 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{83944100-1791-4E75-965E-8F3315A52840}
    2012-03-25 15:34:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B13498D4-7193-49F8-B8B8-6D6B75A3C959}
    2012-03-25 15:34:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FEF13E03-2CD2-4F92-B4E1-364645AAAD43}
    2012-03-25 03:33:56 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8641FF32-9420-4F3A-9CA7-62EAA2B48639}
    2012-03-25 03:33:31 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{20E7A3BD-45E2-4841-971C-66A1323DEE52}
    2012-03-24 15:33:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E9C938D5-0117-495A-B9A7-7DCB4AE9FB33}
    2012-03-24 15:32:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3E2D8FF8-CF6E-43F7-B22B-594D184DD5BC}
    2012-03-24 03:32:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D92C6F46-489A-45FC-9C96-B94A469C73F4}
    2012-03-24 03:31:52 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3F7734BB-88B2-43BB-8CB7-E684C12A9D9E}
    2012-03-23 15:31:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F1EC186E-22EF-4CFC-910E-9F2CAFF3E1B1}
    2012-03-23 15:30:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B42F6FC3-48CB-4AB4-A22A-23918A96C107}
    2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr
    2012-03-22 05:17:29 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{509CCA2D-FB73-4AFE-B8A9-B894A74E426E}
    2012-03-22 05:17:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9AEA74C9-AFC4-4AFB-859B-698736644B19}
    2012-03-21 17:16:38 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{806352C6-F682-40E8-AD0A-A0C3C4DD348A}
    2012-03-21 17:16:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8AAB401-1902-477A-B6CA-6F25E5927349}
    2012-03-20 18:34:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{34591528-16C4-4BE5-B6D9-DCDA057C6D2E}
    2012-03-20 18:34:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8C73EA38-2983-4936-B254-21EC2348982E}
    2012-03-20 06:33:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F00F4FA7-DAF6-44EB-BB85-6CE016BD60C1}
    2012-03-20 06:33:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0BF8F1B2-A347-4CF0-9F2A-1D0F5E541FBA}
    2012-03-19 15:30:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7F906341-8F3E-4EC9-8D94-A5B0B4506500}
    2012-03-19 15:30:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{82DA7031-5377-4ACA-A6B3-A072AC40A4D2}
    2012-03-19 06:59:51 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{41DEE5E7-976E-4D65-98CE-69B9EBB7705D}
    2012-03-19 06:59:39 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AD711D22-0D0C-44A3-B661-E6CAA1295A09}
    2012-03-18 15:40:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{963BA519-1E21-4207-AD1E-94E5C337FD52}
    2012-03-18 15:39:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{520270DB-61FB-40DE-BEC7-0D8EE8F84E15}
    2012-03-18 02:51:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{42A2B5DA-32C6-49C6-872D-652F96E1C2D6}
    2012-03-18 02:51:34 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B564F154-EBF6-4A92-B0FC-54C87E0CF78B}
    2012-03-17 14:51:07 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{ABE2360B-DAEE-4BB1-A321-F7D8FD1CFB1A}
    2012-03-17 14:50:55 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8D5602A2-D88E-47D0-87BF-FF35A181B489}
    2012-03-17 02:50:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6BC5F052-1F2B-4CDD-869D-45A80BA3EB5F}
    2012-03-17 02:50:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{171DD523-9ED3-4CF3-BE64-38F09F834724}
    2012-03-16 14:49:59 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6E6796E5-5690-4D25-A09C-53DD772DEB65}
    2012-03-16 14:49:42 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{823776D3-B069-44AF-8BCA-74582FA3BB54}
    .
    ==================== Find3M ====================
    .
    2012-04-13 16:32:08 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-08 23:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
    2012-03-08 23:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
    2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-02-23 15:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
    2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
    2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
    2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
    2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 16:33:46.65 ===============
    Attached Files Attached Files
    Last edited by tashi; 2012-04-15 at 00:23. Reason: Moved from Spybot-S&D support to the malware removal forum where DDS logs are to be posted. :-)

  2. #2
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet, welcome to the forum.


    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    If asked to download Avast's definitions please do so.

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply


    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  3. #3
    Junior Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    26

    Default Multiple Bug Reports

    Thanks for your response.

    I just want you to know that I also submitted a email bug report before I submitted a bug report to the forum. At the time I could not find my ID/Password from 4 years ago and I honestly thought my email bug report would be added to the forum. About 24 hours ago I received a email response from (Jochen T. Team Spybot). I performed his instructions and sent an email response back to him yesterday. I informed him also that I had submitted a request to the forum. I have not heard back from him today.

    I do not want to waste resources with 2 of you working on the problem but I do not want to be left with nobody working on the problem. Can you contact him and come to an agreement on who will continue working on a resolution. I will hold off on executing your instructions until I hear back from you.

    Sorry for the confusion but I could not find my ID/Password so I submitted the email request first.

    silverbullet

  4. #4
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    I don't know what instructions he gave you to follow. I do see infections in the DDS log in this topic. The log was posted the same day as rhe topic was moved from the Spybot-S&D to the Malware forum.

    I'm not sure what a Bug report is. Is it related to bug within SpyBot or is it another method of cleaning a computer?
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  5. #5
    Junior Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    26

    Default Other Method was Email to Support Option Under Support

    Thanks for Reply:
    The other method was an email to support under the support tab. Since I have Not received an email back from him today, I will continue with you and send email to support that I am working with You.

    I can not attach the ".cab" file from the 2.0.7 Beta save of log files. It is too Big (21 MB).

    Assuming you work on Spybot 2.0.7 Beta, I will execute your last instructions and send you the output.

    Thanks for your help.

    The email exchange with Jochen is below for your reference.

    Dean


    =================================================
    Jochen EMAIL:
    Hello Dean,

    Please send us a complete bug report. In order to do so, please run Spybot - Search & Destroy and switch to Advanced Mode via the menu item Mode, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Please attach this file to your email and send it again to .

    best regards,
    Jochen T.
    Team Spybot
    ======================
    My Response:
    Jochen:
    I have attached the scan log but I need to update you on a few facts:

    1. When I finally found my Spybot ID/Password, I also submitted a problem report on the "Malware Removal" forum entittled
    "Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic" by Silverbullet.

    2.My user ID (Dean-P-35) on the Laptop does not display the desktop when I login now, so I am using another ID(Jean).

    3.Unfortunately, I found out that I had 2 versions of SpyBot installed and I both running at one time: 1.6.2 and 2.0.5.Beta.

    4. I had trouble uninstalling both but now I believe that I have both uninstalled and currently only 2.0.7.131 Beta installed.

    5. I did the deep scan with 2.0.7.131 SpyBot and did the fix problems and then saved the log. I have attached the log to this email.

    6. I still have problems

    Dean
    =============================

  6. #6
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet

    Just heard back, it's you and me. Please follow the instructions for running aswMBR.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  7. #7
    Junior Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    26

    Default aswMBR.exe txt file and Zip File

    Thanks Again
    Will Wait for your response.


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-17 11:44:11
    -----------------------------
    11:44:11.766 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:44:11.766 Number of processors: 4 586 0x2505
    11:44:11.766 ComputerName: TOSHIBA-A665 UserName: Jean
    11:44:13.108 Initialize success
    11:46:01.323 AVAST engine defs: 12041700
    11:46:22.007 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:46:22.009 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
    11:46:22.024 Disk 0 MBR read successfully
    11:46:22.027 Disk 0 MBR scan
    11:46:22.032 Disk 0 Windows VISTA default MBR code
    11:46:22.044 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    11:46:22.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
    11:46:22.097 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
    11:46:22.154 Disk 0 scanning C:\windows\system32\drivers
    11:46:33.130 Service scanning
    11:47:15.703 Modules scanning
    11:47:15.703 Disk 0 trace - called modules:
    11:47:15.781 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
    11:47:15.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069f1060]
    11:47:15.796 3 CLASSPNP.SYS[fffff8800199743f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069f0060]
    11:47:15.812 5 thpdrv.sys[fffff88001de9cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049ca050]
    11:47:18.136 AVAST engine scan C:\windows
    11:47:20.820 AVAST engine scan C:\windows\system32
    11:50:16.894 AVAST engine scan C:\windows\system32\drivers
    11:50:31.528 AVAST engine scan C:\Users\Jean
    11:53:22.236 File: C:\Users\Jean\AppData\Roaming\5CF06878.exe **INFECTED** Win32:Rootkit-gen [Rtk]
    11:53:22.298 File: C:\Users\Jean\AppData\Roaming\6B5F0FE8.exe **INFECTED** Win32:Downloader-NWY [Trj]
    11:53:33.668 File: C:\Users\Jean\AppData\Roaming\ohhjipgm.exe **INFECTED** Win32:Crypt-MLE [Trj]
    11:53:38.005 File: C:\Users\Jean\winlogon.exe **INFECTED** Win32:Downloader-NVR [Trj]
    11:53:44.120 AVAST engine scan C:\ProgramData
    11:56:31.741 Scan finished successfully
    11:57:27.102 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Desktop\MBR.dat"
    11:57:27.117 The log file has been saved successfully to "C:\Users\Jean\Desktop\aswMBR.txt"






    Dean
    Attached Files Attached Files
    Last edited by oldman960; 2012-04-18 at 01:34. Reason: pasted aswMBR.txt

  8. #8
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Right click on ComboFix.exe, click Run as Administrator & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please post back with the combofix log and a new HJT (hijackthis) log.

    Thanks
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  9. #9
    Junior Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    26

    Default Combofix Log-No HJT Log-Can't Find Executable

    ComboFix 12-04-17.01 - Jean 04/17/2012 18:54:18.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2459 [GMT -5:00]
    Running from: c:\users\Jean\Desktop\ComboFix.exe
    SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\14XqPxvo.exe
    c:\programdata\14XqPxvo.exe_
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    c:\users\Dean-P-35\AppData\Roaming\5CF06878.exe
    c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection
    c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe
    c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoActivate.ico
    c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoHelp.ico
    c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoUninstall.ico
    c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe
    c:\users\Dean-P-35\AppData\Roaming\DDA3363F.exe
    c:\users\Dean-P-35\uidsave.dat
    c:\users\Dean-P-35\WINDOWS
    c:\users\Dean-P-35\WINDOWS\Driver\0002.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\001.avi
    c:\users\Dean-P-35\WINDOWS\Driver\001.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\002.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\01.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\01.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\01ss.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\02.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\02.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\02sss.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\02ssss.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\02x.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\02y.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\03.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\03.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\0332.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\03uuu.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\04wwwww.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\05031202.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\05031203.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\0ddd4.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\0eeee2.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\0l4.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\0t1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\1.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\10.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\14444.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\15_004.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\1m.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\2.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\222.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\233.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\2m.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\2mov.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\3.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\3mov.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\4.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\4.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\4mov.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\5396_4_clip.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\6093_04_180sec_00.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\analdaughters_clips02.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\angel1.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\brazzersvault-penny-2.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\canhescore-alexistexas-1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x2.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x3.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x4.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\clip03.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\crissycreampie_chunk_1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\cwwlip03.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\Desktop.ini
    c:\users\Dean-P-35\WINDOWS\Driver\eastblocamateurs-dot-com-1.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__1.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__3.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\fetishonepass.com_01.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\gia1.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\hotbush-sexgames-2.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\housewife1on1-mariabellucci-1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kennakane-1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-2.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-madisonivy4-1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze-1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze5-2.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-laurenphoenix-2.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\pornstarxs_4559-1-3.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\realwifestories-kimberly-1.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\spcp-11.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\spcp-12.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\suziediamond_chunk_2.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\Thumbs.db
    c:\users\Dean-P-35\WINDOWS\Driver\v0131b.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\V03124_big_03.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\V09475_big_04.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_04.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_05.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\V21919_big_03.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\vid03.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\vid03.wmv
    c:\users\Dean-P-35\WINDOWS\Driver\videosz-the-girl-next-door-5-22.mpg
    c:\users\Dean-P-35\WINDOWS\Driver\videosz-trombone-blown-2-91.mpg
    c:\users\Dean_Standard_User\uidsave.dat
    c:\users\Jean\AppData\Roaming\5CF06878.exe
    c:\users\Jean\AppData\Roaming\6B5F0FE8.exe
    c:\users\Jean\AppData\Roaming\FA9C4BFD.exe
    c:\users\Jean\AppData\Roaming\ohhjipgm.exe
    c:\users\Jean\uidsave.dat
    c:\users\Jean\WINDOWS
    c:\users\Jean\winlogon.exe
    c:\windows\SysWow64\crrss.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At12.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean-P-35\AppData\Local\temp
    2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean_Standard_User\AppData\Local\temp
    2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Local\IsolatedStorage
    2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Roaming\Intuit
    2012-04-16 16:10 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2012-04-16 16:10 . 2012-04-16 16:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2012-04-15 22:53 . 2012-04-15 22:53 -------- d-----w- c:\users\Jean\AppData\Roaming\SoftGrid Client
    2012-04-14 20:47 . 2012-04-14 20:47 -------- d-----w- c:\program files (x86)\ERUNT
    2012-04-13 20:55 . 2012-04-13 20:55 -------- d-----w- C:\SpybotBootCD
    2012-04-13 19:49 . 2012-04-13 19:49 5679896 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
    2012-04-13 19:42 . 2012-04-17 16:50 -------- d-----w- c:\users\Jean\AppData\Local\CrashDumps
    2012-04-13 16:32 . 2012-04-13 16:32 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-13 16:09 . 2012-04-13 16:09 -------- d-----w- c:\users\Dean-P-35\Tracing
    2012-04-13 16:08 . 2012-04-13 16:08 -------- d-----w- c:\windows\en
    2012-04-13 16:03 . 2012-04-13 16:03 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
    2012-04-13 16:03 . 2012-04-13 16:03 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
    2012-04-13 16:03 . 2012-04-13 16:03 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
    2012-04-13 16:03 . 2012-04-13 16:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
    2012-04-12 03:34 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-12 03:34 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-12 03:34 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-04-12 03:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 03:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-12 03:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-12 03:32 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-12 03:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-12 03:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-12 03:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-13 16:32 . 2011-06-10 05:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-20 08:51 . 2012-04-14 18:38 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
    2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-02-23 15:18 . 2011-05-29 15:50 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-17 06:38 . 2012-03-14 14:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-14 14:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-14 14:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-14 14:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-10 06:36 . 2012-03-14 15:22 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-14 15:22 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-03 04:34 . 2012-03-14 15:55 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-01-25 06:38 . 2012-03-14 14:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 06:38 . 2012-03-14 14:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 06:33 . 2012-03-14 14:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-13 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
    "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-12-21 421888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 uvkohury;uvkohury;c:\windows\system32\drivers\uvkohury.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    R2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [x]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
    R3 ALSysIO;ALSysIO;c:\users\DEAN-P~1\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
    R3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_001.sys [x]
    R3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_022.sys [x]
    R3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_001.sys [x]
    R3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_022.sys [x]
    R3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_001.sys [x]
    R3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_022.sys [x]
    R3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_001.sys [x]
    R3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_022.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-12-08 135608]
    S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-06-03 270336]
    S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S2 VZWConfigService;VZWConfigService;c:\program files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-02-11 169472]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:32]
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
    .
    2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    Wow6432Node-HKLM-Run-crrss - c:\windows\system32\crrss.exe
    Notify-igfxcui - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    Toolbar-Locked - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
    AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-17 19:17:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-18 00:17
    .
    Pre-Run: 550,539,096,064 bytes free
    Post-Run: 551,791,751,168 bytes free
    .
    - - End Of File - - 323E745D4857735000C060B5935D403D

  10. #10
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi

    How's the computer?


    Download OTL to your desktop.
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following


      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.līk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      /md5stop


    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •