Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic

  1. #11
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default Computer Running good! + OTL Log Part 2

    The computer is running very good and is back to its normal performance.

    The only problem I have is that I can not get the desktop displayed for my old ID. After completing the logon process, It just displays a black screen with a open explorer window. After closing the explorer window, the screen is black and you can not do anything other that ctrl/alt/del. I think what happen is that the laptop battery was low and it tried to sleep and did not have enough battery to save the current environement 0f for my old ID desktop. Unless you have some expertise on this, don't spend any time on this. I will just save off what I need and create another ID.

    OTL Log:
    OTL logfile created on: 4/18/2012 7:58:50 AM - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jean\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.37% Memory free
    7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.67 Gb Total Space | 506.72 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-A665 | User Name: Jean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jean\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
    SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (VZWConfigService) -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (Novatel Wireless Inc.)
    SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
    SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)
    SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe (Novatel Wireless Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
    DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (NWUSBPort2_022) -- C:\Windows\SysNative\drivers\nwusbser2_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBPort_022) -- C:\Windows\SysNative\drivers\nwusbser_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBModem_022) -- C:\Windows\SysNative\drivers\nwusbmdm_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWRmNet_022) -- C:\Windows\SysNative\drivers\NWRmNet_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWRmNet_001) -- C:\Windows\SysNative\drivers\NWRmNet_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
    DRV:64bit: - (NWUSBPort2_001) -- C:\Windows\SysNative\drivers\nwusbser2_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBPort_001) -- C:\Windows\SysNative\drivers\nwusbser_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBModem_001) -- C:\Windows\SysNative\drivers\nwusbmdm_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
    DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
    DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
    DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
    DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
    DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
    DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
    DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{8652BADC-8B1B-4E5D-AB71-2E1641A7424F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0085586D-CAAC-42C9-98A0-49EED9294734}
    IE - HKLM\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/logout.cgi?todo=logout
    IE - HKCU\..\SearchScopes,DefaultScope = {44F0F890-B49A-4489-85D9-82054C81CB80}
    IE - HKCU\..\SearchScopes\{000DF192-70DC-43F2-B141-3A7DF40D3819}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
    IE - HKCU\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKCU\..\SearchScopes\{44F0F890-B49A-4489-85D9-82054C81CB80}: "URL" = http://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6084C596-A53E-4017-B341-8AAE9C624078}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41647863&src=kw&q={searchTerms}&locale=&apn_ptnrs=1R&apn_dtid=YYYYYYYYUS&apn_uid=1264D3D0-0958-41EB-A9A7-051855E39954&apn_sauid=D0DA637F-AC69-4B1B-B6F9-8D55843EC31B
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/12/12 16:45:39 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/04/18 06:27:07 | 000,441,863 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15209 more lines...
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/18 07:51:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
    [2012/04/18 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Windows Live
    [2012/04/18 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\{C13938E5-6E86-48DD-8184-E33D36F7FBB1}
    [2012/04/18 07:20:43 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\{50B8DA10-9568-40D8-915D-DF19E3D8D042}
    [2012/04/18 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Windows Live Writer
    [2012/04/18 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Windows Live Writer
    [2012/04/17 18:50:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/04/17 18:50:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/04/17 18:50:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/04/17 18:50:52 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/17 18:50:23 | 004,466,721 | R--- | C] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
    [2012/04/17 11:44:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
    [2012/04/17 10:12:43 | 000,000,000 | ---D | C] -- C:\Users\Jean\Documents\TurboTax
    [2012/04/17 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\IsolatedStorage
    [2012/04/17 10:07:15 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Intuit
    [2012/04/16 11:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2012/04/16 11:10:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
    [2012/04/16 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2012/04/16 11:04:49 | 045,641,536 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe
    [2012/04/15 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\SoftGrid Client
    [2012/04/14 15:50:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/04/14 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\spybot
    [2012/04/13 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/04/13 15:55:51 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
    [2012/04/13 14:42:49 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\CrashDumps
    [2012/04/13 11:32:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/04/13 11:08:33 | 000,000,000 | ---D | C] -- C:\windows\en
    [2012/04/11 22:35:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2012/04/11 22:35:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2012/04/11 22:35:16 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2012/04/11 22:35:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2012/04/11 22:35:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
    [2012/04/11 22:35:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
    [2012/04/11 22:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2012/04/11 22:35:15 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2012/04/11 22:35:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2012/04/11 22:35:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2012/04/11 22:35:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2012/04/11 22:34:54 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2012/04/11 22:34:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2012/04/11 22:34:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2012/04/11 22:32:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
    [2012/04/11 22:32:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
    [2012/04/11 22:32:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
    [2012/03/22 14:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/18 07:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/18 07:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
    [2012/04/18 07:25:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/04/18 07:14:17 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/18 07:11:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/04/18 06:27:07 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/04/18 06:26:33 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062707.backup
    [2012/04/18 00:31:17 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062633.backup
    [2012/04/17 19:21:32 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/17 19:21:32 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/17 19:16:46 | 000,780,156 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/04/17 19:16:46 | 000,660,982 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/04/17 19:16:46 | 000,121,620 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/04/17 19:09:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-003117.backup
    [2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/17 18:40:52 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
    [2012/04/17 11:59:27 | 000,000,565 | ---- | M] () -- C:\Users\Jean\Desktop\MBR.zip
    [2012/04/17 11:57:27 | 000,000,512 | ---- | M] () -- C:\Users\Jean\Desktop\MBR.dat
    [2012/04/17 11:23:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
    [2012/04/16 14:35:38 | 000,605,431 | ---- | M] () -- C:\Users\Jean\Desktop\Desktop-20120416-143537.png
    [2012/04/16 11:47:51 | 000,012,397 | ---- | M] () -- C:\Users\Jean\Desktop\Scan Results.2012-04-16 11-46-28
    [2012/04/16 11:10:55 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/04/16 10:47:45 | 045,641,536 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe
    [2012/04/16 08:17:55 | 000,007,614 | ---- | M] () -- C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
    [2012/04/14 15:47:38 | 000,000,944 | ---- | M] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
    [2012/04/14 15:47:38 | 000,000,920 | ---- | M] () -- C:\Users\Jean\Desktop\ERUNT.lnk
    [2012/04/14 11:02:54 | 000,003,505 | ---- | M] () -- C:\windows\wininit.ini
    [2012/04/13 15:58:34 | 000,000,505 | ---- | M] () -- C:\Users\Jean\Desktop\Programs and Features - Shortcut.lnk
    [2012/04/13 11:32:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/04/13 11:32:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/04/13 11:14:15 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/04/12 15:24:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/03/31 09:30:55 | 000,000,018 | ---- | M] () -- C:\windows\phsrch5.ini
    [2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
    [2012/03/20 10:13:30 | 411,188,288 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/03/20 01:47:18 | 000,777,744 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/17 18:50:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/04/17 18:50:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/04/17 18:50:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/04/17 18:50:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/04/17 18:50:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/04/17 11:59:27 | 000,000,565 | ---- | C] () -- C:\Users\Jean\Desktop\MBR.zip
    [2012/04/17 11:57:27 | 000,000,512 | ---- | C] () -- C:\Users\Jean\Desktop\MBR.dat
    [2012/04/16 14:35:37 | 000,605,431 | ---- | C] () -- C:\Users\Jean\Desktop\Desktop-20120416-143537.png
    [2012/04/16 11:47:51 | 000,012,397 | ---- | C] () -- C:\Users\Jean\Desktop\Scan Results.2012-04-16 11-46-28
    [2012/04/16 11:10:55 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2012/04/16 11:10:55 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/04/15 18:36:13 | 000,007,614 | ---- | C] () -- C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
    [2012/04/14 15:47:38 | 000,000,944 | ---- | C] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
    [2012/04/14 15:47:38 | 000,000,920 | ---- | C] () -- C:\Users\Jean\Desktop\ERUNT.lnk
    [2012/04/13 15:58:34 | 000,000,505 | ---- | C] () -- C:\Users\Jean\Desktop\Programs and Features - Shortcut.lnk
    [2012/04/13 11:32:08 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/04/13 10:21:05 | 000,003,505 | ---- | C] () -- C:\windows\wininit.ini
    [2011/12/31 12:13:13 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
    [2011/12/25 14:11:26 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
    [2011/12/12 13:46:16 | 000,206,568 | ---- | C] () -- C:\windows\hpwins28.dat
    [2011/12/12 12:55:55 | 000,207,287 | ---- | C] () -- C:\windows\hpwins28.dat.temp
    [2011/12/12 11:01:47 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
    [2011/12/11 17:12:10 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
    [2011/11/20 10:07:23 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/10/04 18:30:47 | 000,211,046 | ---- | C] () -- C:\windows\hpoins21.dat
    [2011/10/04 18:30:47 | 000,005,474 | ---- | C] () -- C:\windows\hpomdl21.dat
    [2011/08/30 14:08:56 | 000,000,018 | ---- | C] () -- C:\windows\phsrch5.ini
    [2011/07/08 15:23:02 | 000,000,506 | ---- | C] () -- C:\windows\ODBC.INI
    [2011/04/30 09:47:33 | 000,777,744 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/04/29 09:42:33 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
    [2010/07/29 07:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
    [2010/07/29 07:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
    [2010/07/29 07:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
    [2010/07/29 06:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
    [2010/07/29 06:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

    ========== LOP Check ==========

    [2011/12/31 12:25:26 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\PCStitch Pro
    [2011/12/31 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Radium Technologies
    [2012/04/15 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\SoftGrid Client
    [2011/06/16 18:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Toshiba
    [2012/04/18 07:20:30 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Windows Live Writer
    [2012/02/14 18:43:04 | 000,032,628 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < * >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- \bootmgr
    [2010/10/28 14:45:28 | 000,008,192 | RHS- | M] () -- \BOOTSECT.BAK
    [2012/04/17 19:17:32 | 000,029,976 | ---- | M] () -- \ComboFix.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1028.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1031.txt
    [2007/11/07 10:00:40 | 000,010,134 | ---- | M] () -- \eula.1033.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1036.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1040.txt
    [2007/11/07 10:00:40 | 000,000,118 | ---- | M] () -- \eula.1041.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1042.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.2052.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.3082.txt
    [2012/03/03 15:50:29 | 050,507,776 | ---- | M] () -- \Firl-2012-03-03.QDF-backup
    [2012/03/11 14:38:38 | 050,601,984 | ---- | M] () -- \Firl-2012-03-11.QDF-backup
    [2007/11/07 10:00:40 | 000,001,110 | ---- | M] () -- \globdata.ini
    [2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- \hiberfil.sys
    [2007/11/07 10:00:40 | 000,000,843 | ---- | M] () -- \install.ini
    [2007/11/07 10:03:18 | 000,076,304 | ---- | M] () -- \install.res.1028.dll
    [2007/11/07 10:03:18 | 000,096,272 | ---- | M] () -- \install.res.1031.dll
    [2007/11/07 10:03:18 | 000,091,152 | ---- | M] () -- \install.res.1033.dll
    [2007/11/07 10:03:18 | 000,097,296 | ---- | M] () -- \install.res.1036.dll
    [2007/11/07 10:03:18 | 000,095,248 | ---- | M] () -- \install.res.1040.dll
    [2007/11/07 10:03:18 | 000,081,424 | ---- | M] () -- \install.res.1041.dll
    [2007/11/07 10:03:18 | 000,079,888 | ---- | M] () -- \install.res.1042.dll
    [2007/11/07 10:03:18 | 000,075,792 | ---- | M] () -- \install.res.2052.dll
    [2007/11/07 10:03:18 | 000,096,272 | ---- | M] () -- \install.res.3082.dll
    [2004/08/16 11:53:58 | 000,001,059 | -H-- | M] () -- \IPH.PH
    [2005/09/23 00:39:38 | 000,894,976 | ---- | M] () -- \msdia80.dll
    [2012/04/17 19:09:19 | 4079,665,152 | -HS- | M] () -- \pagefile.sys
    [2007/11/07 10:00:40 | 000,005,686 | ---- | M] () -- \vcredist.bmp
    [2007/11/07 10:09:22 | 001,442,522 | ---- | M] () -- \VC_RED.cab
    [2007/11/07 10:12:28 | 000,232,960 | ---- | M] () -- \VC_RED.MSI
    [2011/06/16 08:14:08 | 000,004,548 | ---- | M] () -- \WirelessDiagLog.csv
    [2011/01/16 08:08:48 | 000,004,418 | ---- | M] () -- \WRA_Colors.txt

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/10/28 14:45:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/04/17 19:17:32 | 000,029,976 | ---- | M] () -- C:\ComboFix.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 10:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 10:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2012/03/03 15:50:29 | 050,507,776 | ---- | M] () -- C:\Firl-2012-03-03.QDF-backup
    [2012/03/11 14:38:38 | 050,601,984 | ---- | M] () -- C:\Firl-2012-03-11.QDF-backup
    [2007/11/07 10:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 10:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 10:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 10:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 10:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 10:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 10:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 10:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 10:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 10:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 10:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2004/08/16 11:53:58 | 000,001,059 | -H-- | M] () -- C:\IPH.PH
    [2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/04/17 19:09:19 | 4079,665,152 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 10:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 10:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 10:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2011/06/16 08:14:08 | 000,004,548 | ---- | M] () -- C:\WirelessDiagLog.csv
    [2011/01/16 08:08:48 | 000,004,418 | ---- | M] () -- C:\WRA_Colors.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/17 11:23:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
    [2012/04/17 18:40:52 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
    [2012/04/18 07:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
    [2012/04/16 10:47:45 | 045,641,536 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.ADML >
    [2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

    < MD5 for: EXPLORER.ADMX >
    [2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2012/02/07 17:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
    [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

  2. #12
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default OTL Part 2

    < MD5 for: EXPLORER.EXE.MUI >
    [2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
    [2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
    [2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
    [2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-A80E4F97.PF >
    [2012/04/18 07:42:10 | 000,160,046 | ---- | M] () MD5=CB356BA4854D22FEE97768AE5BE0105C -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

    < MD5 for: IEXPLORE.EXE - SHORTCUT.LNK >
    [2012/04/14 09:30:18 | 000,001,404 | ---- | M] () MD5=1C51AABB2CCECDAD67236BF2E7916340 -- C:\Users\Dean-P-35\Desktop\iexplore.exe - Shortcut.lnk

    < MD5 for: IEXPLORE.EXE >
    [2010/09/07 23:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
    [2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
    [2010/09/08 00:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
    [2010/09/08 00:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
    [2010/09/07 23:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
    [2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
    [2011/04/30 09:05:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2011/04/30 09:05:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\ERDNT\cache86\iexplore.exe
    [2011/04/30 09:05:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
    [2011/02/24 00:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
    [2011/02/24 01:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
    [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
    [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
    [2011/02/24 01:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
    [2011/04/30 09:05:56 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Program Files\Internet Explorer\iexplore.exe
    [2011/04/30 09:05:56 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
    [2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe

    < MD5 for: IEXPLORE.EXE(1).6224.DMP >
    [2011/12/12 17:48:02 | 005,162,867 | ---- | M] () MD5=AF7B3B27F5D2B5AFD360A6DA1D90CA0B -- C:\Users\Dean_Standard_User\AppData\Local\CrashDumps\iexplore.exe(1).6224.dmp

    < MD5 for: IEXPLORE.EXE(1).7560.DMP >
    [2012/01/19 15:23:48 | 007,692,752 | ---- | M] () MD5=23A7EACD3C61DEDFA990C617824992AB -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe(1).7560.dmp

    < MD5 for: IEXPLORE.EXE.1080.DMP >
    [2012/04/16 13:15:39 | 003,074,420 | ---- | M] () MD5=C93587F3F9D978C3F9F06930A28BD471 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.1080.dmp

    < MD5 for: IEXPLORE.EXE.11732.DMP >
    [2012/04/13 14:50:00 | 005,137,597 | ---- | M] () MD5=1164385AF3C84F2B57A8C6C5D99775B5 -- C:\Users\Jean\AppData\Local\CrashDumps\iexplore.exe.11732.dmp

    < MD5 for: IEXPLORE.EXE.1196.DMP >
    [2012/04/16 11:21:18 | 005,160,167 | ---- | M] () MD5=22B2BBE938A998A04EF2E3F5BF12F9E3 -- C:\Users\Jean\AppData\Local\CrashDumps\iexplore.exe.1196.dmp

    < MD5 for: IEXPLORE.EXE.1408.DMP >
    [2012/04/16 22:13:33 | 002,184,345 | ---- | M] () MD5=ABBDD196AC414238590AD2F94F850EAC -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.1408.dmp

    < MD5 for: IEXPLORE.EXE.352.DMP >
    [2012/04/17 04:21:30 | 003,134,154 | ---- | M] () MD5=05CF862D2AF166D812CC0EC099378B7F -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.352.dmp

    < MD5 for: IEXPLORE.EXE.4320.DMP >
    [2012/04/16 13:19:29 | 003,246,945 | ---- | M] () MD5=048869D9A4F524F7D139DDD44B23C2B5 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.4320.dmp

    < MD5 for: IEXPLORE.EXE.4840.DMP >
    [2012/04/16 15:25:29 | 003,141,263 | ---- | M] () MD5=D28A40C34EDF9FAFD54BF1F71391CD16 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.4840.dmp

    < MD5 for: IEXPLORE.EXE.5020.DMP >
    [2012/04/16 16:32:55 | 003,083,231 | ---- | M] () MD5=394AC6238314E6505DB84367BEB5E277 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.5020.dmp

    < MD5 for: IEXPLORE.EXE.5872.DMP >
    [2011/12/03 11:56:30 | 006,880,837 | ---- | M] () MD5=54E7CA6CD3CA13B6B1561E818582FD32 -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe.5872.dmp

    < MD5 for: IEXPLORE.EXE.6224.DMP >
    [2011/12/12 17:47:59 | 005,164,627 | ---- | M] () MD5=11054B59C6F77DB1E0E5EAE4829B8171 -- C:\Users\Dean_Standard_User\AppData\Local\CrashDumps\iexplore.exe.6224.dmp

    < MD5 for: IEXPLORE.EXE.6916.DMP >
    [2012/04/16 12:07:09 | 003,441,480 | ---- | M] () MD5=442B116B6EE648CD8F47BAE2972ECEAE -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.6916.dmp

    < MD5 for: IEXPLORE.EXE.7136.DMP >
    [2011/12/20 18:50:52 | 006,772,212 | ---- | M] () MD5=B2D67F420037727672FCAAA3EA2CBBBF -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe.7136.dmp

    < MD5 for: IEXPLORE.EXE.7560.DMP >
    [2012/01/19 15:23:45 | 007,738,912 | ---- | M] () MD5=DB97DD6BE43ABFB2E3D8A3BA0AD2E5F9 -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe.7560.dmp

    < MD5 for: IEXPLORE.EXE.7684.DMP >
    [2012/04/17 10:11:34 | 004,165,700 | ---- | M] () MD5=DA226CB7C90E4C6ECE24791490C26B3D -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.7684.dmp

    < MD5 for: IEXPLORE.EXE.7892.DMP >
    [2012/04/16 12:07:57 | 003,271,408 | ---- | M] () MD5=980C4B8BA30F3086EA2580FAB6F12249 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.7892.dmp

    < MD5 for: IEXPLORE.EXE.8128.DMP >
    [2012/04/17 10:13:28 | 003,196,762 | ---- | M] () MD5=D0C92C14D06219917022C86F3026366A -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.8128.dmp

    < MD5 for: IEXPLORE.EXE.MUI >
    [2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
    [2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
    [2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
    [2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
    [2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
    [2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
    [2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-4B6C9213.PF >
    [2012/04/18 07:50:41 | 000,382,466 | ---- | M] () MD5=7016041921AF75D6B3261095F3429AB6 -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

    < MD5 for: IEXPLORE.EXE-908C99F8.PF >
    [2012/04/14 16:08:29 | 000,341,448 | ---- | M] () MD5=9D49636AD028DF92496FDB4B09A54188 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

    < MD5 for: WINLOGON.ADML >
    [2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

    < MD5 for: WINLOGON.ADMX >
    [2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\windows\SysNative\en-US\winlogon.exe.mui
    [2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
    [2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

    < MD5 for: WINLOGON.EXE.VIR >
    [2011/07/15 23:24:22 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D3E039ABB08729671DE24A71A6163DA2 -- C:\Qoobox\Quarantine\C\Users\Jean\winlogon.exe.vir

    < MD5 for: WINLOGON.EXE-B020DC41.PF >
    [2012/04/18 07:14:23 | 000,026,976 | ---- | M] () MD5=70CF4EE0A4F243AC86152DA758F33AE9 -- C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf

    < MD5 for: WINLOGON.MFL >
    [2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\windows\SysNative\wbem\en-US\winlogon.mfl
    [2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

    < MD5 for: WINLOGON.MOF >
    [2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\windows\SysNative\wbem\winlogon.mof
    [2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

    < >

    < End of report >

  3. #13
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default Extras Log

    OTL Extras logfile created on: 4/18/2012 7:58:50 AM - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jean\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.37% Memory free
    7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.67 Gb Total Space | 506.72 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-A665 | User Name: Jean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
    "{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi Software
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "ProInst" = Intel PROSet Wireless
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1BD7620A-E5D9-4E57-A7A1-08BFA9005BAC}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
    "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4ED66399-6D95-43C0-964B-D2B9C8EC52FB}" = VZAccess Manager
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{5F29D5E7-8C01-4695-8A38-9F94BC3EAD40}" = TurboTax 2011 wmniper
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
    "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EA5860B-9027-4864-81D0-2A5B82D41821}" = TurboTax 2010 wmniper
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AA9CCE14-D83E-4d12-9C1A-79EF7EBA4175}" = HP Smart Print 1.0.9.0
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
    "{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B705AA09-2E48-4095-904C-F6CE8B97DEF6}" = Active@ Partition Recovery
    "{B7DB5A25-D1C8-4B2C-9C6A-67FBD37A3E3D}" = DeLorme Phone Data 2011
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CBA640FF-4754-4DB7-AC90-64D007FA8ACD}" = MiFi4510 Mobile Broadband Drivers
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0AE9222-C133-4135-BE5B-BE6ED6D6D78B}" = DeLorme Street Atlas USA 2011 Plus
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{DB32A38E-4D83-49F9-9E69-4D0929C5F175}" = PCStitch 9
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E4B4E964-8A4B-4AA7-867E-80BF9571DD00}" = Verizon Mobile Broadband Drivers
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{F678343D-CDCD-41F5-A638-6FE502C76CB7}" = Living Cookbook
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ERUNT_is1" = ERUNT 1.1j
    "Google Chrome" = Google Chrome
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "NortonPCCheckup" = Toshiba Laptop Checkup
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PdaNet_is1" = PdaNet for Android 3.02
    "Picasa 3" = Picasa 3
    "TOSHIBA Game Console" = WildTangent ORB Game Console
    "transformer_ie" = Widevine Media Transformer Plugin 5.0.0
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "VMSpc v.2.5" = VMSpc v.2.5
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WT088682" = Bejeweled 2 Deluxe
    "WT088696" = Chuzzle Deluxe
    "WT088750" = Jewel Quest - Heritage
    "WT088759" = Polar Bowler
    "WT089366" = Cake Mania - Lights, Camera, Action!(TM)
    "WT089368" = FATE - The Traitor Soul
    "WT089379" = Mystery P.I. - The London Caper
    "WT089381" = Slingo Supreme
    "WT089386" = Governor of Poker 2 Premium Edition
    "WT089395" = Plants vs. Zombies - Game of the Year
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

  4. #14
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    That may be an explorer problem. Try this on the broblem account. After you close the explorer window use cont-alt-delete to open Task Manager,

    • look in the lists of processes for explorer.exe
    • if it's there click on it and click end process


    Next
    • click File
    • click new task (run)
    • type explorer
    • click ok
    Did the desktop load? We can come back to this after the machine is clean if you wish.

    Back to cleaning

    Please follow all previous instructions regarding security programs.

    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE


    Code:
    File::
    c:\windows\system32\drivers\uvkohury.sys
    
    Driver::
    uvkohury
    In the notepad
    • Click File, Save as..., and set the Save in to your Desktop
    • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
    • Click save

    Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

    This will start ComboFix again.Close all browser/windows first.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**





    Next

    Download and save to your desktop Malwarebytes Anti-Malware

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Please post back with
    • combofix log
    • MBAM log
    Member of UNITE and ASAP

  5. #15
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default explorer Fix Worked-2 Log Files-2 Attached file

    The explorer fix worked. Will work on later after virus removed- Thanks
    Computer working good.


    mbam log:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.19.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jean :: TOSHIBA-A665 [administrator]

    4/19/2012 10:23:26 AM
    mbam-log-2012-04-19 (10-23-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 255262
    Time elapsed: 3 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Dean-P-35\Desktop\Antivirus Protection.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

    (end)

  6. #16
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    Ok we can come back to it if it's still a problem.

    One more scan to check for stragglers.

    As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
    • Do not use this instance of your browser for anything besides doing this scan
    • When the scan is complete and the results saved, close that instance of your browser
    • Open a new one the usual way and post the results in this topic.



    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    Go here to run an online scannner from
    ESET

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.
    Please post the ESET log if there is one.
    Member of UNITE and ASAP

  7. #17
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default ESET Scan Log-14 Threats

    :\ProgramData\Spybot - Search & Destroy\Recovery\WinAutoRunul.zip Win32/Bagle.gen.zip worm
    C:\Qoobox\Quarantine\C\ProgramData\14XqPxvo.exe.vir Win32/TrojanClicker.Agent.NEB trojan
    C:\Qoobox\Quarantine\C\ProgramData\14XqPxvo.exe_.vir Win32/TrojanClicker.Agent.NEB trojan
    C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe.vir a variant of Win32/Kryptik.AEAY trojan
    C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe.vir a variant of Win32/Kryptik.ADZI trojan
    C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\5CF06878.exe.vir Win32/TrojanClicker.Agent.NEB trojan
    C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\DDA3363F.exe.vir Win32/TrojanClicker.Agent.NEB trojan
    C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\5CF06878.exe.vir Win32/TrojanClicker.Agent.NEB trojan
    C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\6B5F0FE8.exe.vir a variant of Win32/Kryptik.ADYC trojan
    C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\FA9C4BFD.exe.vir Win32/TrojanClicker.Agent.NEB trojan
    C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\ohhjipgm.exe.vir a variant of Win32/Kryptik.AEIQ trojan
    C:\Qoobox\Quarantine\C\Users\Jean\winlogon.exe.vir Win32/Opachki.P trojan
    C:\Qoobox\Quarantine\C\Windows\SysWOW64\crrss.exe.vir Win32/Opachki.P trojan
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAutoRunul.zip Win32/Bagle.gen.zip worm

  8. #18
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    The ESET detections are files quarantined by Spybot or files we have quarantined. You can empty Spybot's quarantined and the others will be removed when we remove the tools.

    The computer appears to be clean. Was the "fix" for explorer not opening permanent or is the problem still present?
    Member of UNITE and ASAP

  9. #19
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default

    The laptop continues to work great.
    The fix worked but the same problem exists after logging in the next time.

  10. #20
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    Was there any instance of explorer running after you rebooted? That is did you need to end the explorer process before launching a new one via task manager?
    Member of UNITE and ASAP

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •