Yesterday my Windows 7 Laptop started slowing down. After about 5 minutes surfing the internet, the PC would slow down to a crawl. The CPU usuage was bedtween 80-100% and I noticed a slow network leak. It appears that the iexplore task start showing up after about 5 minutes from reboot. The number of iexplore task increases until you can not use the PC.
The spybot scan log indicates no viruses or another words no problems.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dean-P-35 at 16:33:23 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1327 [GMT -5:00]
.
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k HPService
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.startribune.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Smart Print BHO: {1658d3a1-9e13-4196-a82a-d70d70880f36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "C:\Users\Dean-P-35\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}\445616E602E4F667164756C60243531303C4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA509A52-01BF-484C-A834-18AF1267B04F} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB} : NameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
BHO-X64: QpBHO Class - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-3-29 135608]
R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-6-3 270336]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2011-3-29 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-13 1153368]
R2 SDFirewallService;Spybot-S&D 2 Firewall Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-5-31 3585696]
R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-5-31 3834456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-4-13 1082800]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-4-13 1149864]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-4-13 169624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-29 2320920]
R2 VZWConfigService;VZWConfigService;C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-2-11 169472]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe" --> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_001.sys --> C:\windows\system32\DRIVERS\NWRmNet_001.sys [?]
S3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_022.sys --> C:\windows\system32\DRIVERS\NWRmNet_022.sys [?]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_001.sys --> C:\windows\system32\DRIVERS\nwusbmdm_001.sys [?]
S3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_022.sys --> C:\windows\system32\DRIVERS\nwusbmdm_022.sys [?]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_001.sys --> C:\windows\system32\DRIVERS\nwusbser_001.sys [?]
S3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_022.sys --> C:\windows\system32\DRIVERS\nwusbser_022.sys [?]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_001.sys --> C:\windows\system32\DRIVERS\nwusbser2_001.sys [?]
S3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_022.sys --> C:\windows\system32\DRIVERS\nwusbser2_022.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe_
2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe
2012-04-14 18:38:30 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
2012-04-14 16:31:45 51712 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
2012-04-14 14:35:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{084C90FC-AEB8-4D79-8B3E-199D792ED9A2}
2012-04-14 14:35:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A1EEA238-42D6-4C5E-9D22-AFA527812B43}
2012-04-13 22:05:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-13 20:55:51 -------- d-----w- C:\SpybotBootCD
2012-04-13 19:49:05 5679896 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-04-13 18:26:25 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\5CF06878.exe
2012-04-13 16:32:08 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 16:12:31 33792 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\9DF63B0B.exe
2012-04-13 16:11:21 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A824C43E-1BAB-4B0A-9CBC-F5547567E2DA}
2012-04-13 16:10:11 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6724D355-ADC6-424A-A3AB-F4F262BC503F}
2012-04-13 16:09:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{958F9125-ED75-4B19-8B0A-EBD3C510F0DF}
2012-04-13 16:09:32 -------- d-----w- C:\Users\Dean-P-35\Tracing
2012-04-13 16:08:33 -------- d-----w- C:\windows\en
2012-04-13 16:03:07 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
2012-04-13 16:03:07 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
2012-04-13 16:03:07 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
2012-04-13 16:03:07 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
2012-04-13 16:02:05 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{5EC34E75-0A65-401D-960A-708C27A59582}
2012-04-13 16:01:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8F117FA-E1DC-40AB-A42F-5E1BB9DE1E86}
2012-04-13 12:08:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{649FB6BB-1D7C-4B6D-BF4D-86A0B369650D}
2012-04-12 21:59:18 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\DDA3363F.exe
2012-04-12 21:10:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B0F50F37-BEFD-4BE9-A193-FE91269BA94B}
2012-04-12 03:34:54 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 03:34:54 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:34:53 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:32:45 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 03:32:45 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 03:32:45 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 03:32:44 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 03:32:44 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 03:32:44 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 03:32:44 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-12 03:07:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4AD2639E-A12E-4219-BE0F-8335BAC8ABE8}
2012-04-12 03:07:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9C1FB17F-E189-4AEB-8C79-87211A3CC039}
2012-04-11 13:49:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{710CF3CC-F8FA-437B-BEA8-D56EBAFF1C70}
2012-04-11 01:49:19 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A0507561-47DA-4E7B-B552-076E6702D501}
2012-04-10 13:48:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{BB4F04B3-668E-40F1-8135-8941E55A4D38}
2012-04-10 01:48:18 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9083E23F-6F32-46D9-8669-8E20C6E608E3}
2012-04-09 13:47:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{733E5E37-8A2F-410C-AACB-4AFFE941B869}
2012-04-09 01:45:36 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{195C6D3E-9D4A-4332-95C0-1C03FB1F38C1}
2012-04-08 13:45:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8F976A5A-F4AE-446E-AE20-ECDE7E9EC295}
2012-04-07 12:33:25 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{2E495B13-026F-4B14-A324-5AEEB2C4BDDD}
2012-04-06 20:53:16 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7AD9F1C9-B570-409D-9ECB-2729481F0714}
2012-04-06 01:00:53 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{C31F976D-FA94-4115-8BBE-40A6D872DD26}
2012-04-05 13:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{91D934B8-B1D9-4D1A-804A-5524613F8412}
2012-04-04 23:58:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{16AB1D3E-27FA-4106-BFDE-63FADA04A46D}
2012-04-04 02:37:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4720F396-F045-4DCF-B2AD-3C0B09C06699}
2012-04-03 14:37:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9D2B7D7D-438E-4A87-A0F5-F8E8AE92A0A2}
2012-04-03 02:36:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{96F3C4D3-559A-4704-BFBF-5B959BD173CD}
2012-04-02 05:06:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D41C5B75-A4C6-42F6-A19D-6D7882BC3D3B}
2012-04-01 14:13:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{44A1807E-33EB-477A-ABDC-29D3FE49340B}
2012-03-31 13:58:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D6D6049E-D3C5-418C-9D83-1651202D2E74}
2012-03-30 16:14:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{73A3B573-AD1E-4979-89AB-A898F478B65B}
2012-03-30 04:13:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E8F87748-028D-4991-AE21-10AD86DC205E}
2012-03-29 16:12:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AE07EE6A-A867-4246-8D58-E8556C130EBB}
2012-03-29 03:00:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{1C822190-2A18-4936-A063-26792E96E61B}
2012-03-28 15:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8A7E574E-89E5-42CD-83E3-1E7061AFCA15}
2012-03-28 14:59:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{490420E2-35B7-41EA-84F6-9993C325A88F}
2012-03-28 02:59:27 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{22502869-C4D8-4608-A8E5-0F8D86E37098}
2012-03-28 02:59:02 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0E4635CF-94A3-4E7A-B834-B616E27E84D2}
2012-03-27 14:58:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E0170AFF-B7A0-416E-A164-08A071279942}
2012-03-27 14:58:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{64502DA2-F8AF-44F8-8761-7B7D50A12F85}
2012-03-27 02:57:46 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{DC855321-6CD1-4C6E-A13F-FDD48613EF50}
2012-03-27 02:57:22 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{973263A7-7D70-4CC9-B383-0C9324401C02}
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-26 14:57:08 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FD8BFBBF-184E-4EF9-A438-0447CD8E1C63}
2012-03-26 14:56:44 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{83944100-1791-4E75-965E-8F3315A52840}
2012-03-25 15:34:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B13498D4-7193-49F8-B8B8-6D6B75A3C959}
2012-03-25 15:34:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FEF13E03-2CD2-4F92-B4E1-364645AAAD43}
2012-03-25 03:33:56 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8641FF32-9420-4F3A-9CA7-62EAA2B48639}
2012-03-25 03:33:31 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{20E7A3BD-45E2-4841-971C-66A1323DEE52}
2012-03-24 15:33:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E9C938D5-0117-495A-B9A7-7DCB4AE9FB33}
2012-03-24 15:32:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3E2D8FF8-CF6E-43F7-B22B-594D184DD5BC}
2012-03-24 03:32:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D92C6F46-489A-45FC-9C96-B94A469C73F4}
2012-03-24 03:31:52 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3F7734BB-88B2-43BB-8CB7-E684C12A9D9E}
2012-03-23 15:31:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F1EC186E-22EF-4CFC-910E-9F2CAFF3E1B1}
2012-03-23 15:30:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B42F6FC3-48CB-4AB4-A22A-23918A96C107}
2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr
2012-03-22 05:17:29 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{509CCA2D-FB73-4AFE-B8A9-B894A74E426E}
2012-03-22 05:17:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9AEA74C9-AFC4-4AFB-859B-698736644B19}
2012-03-21 17:16:38 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{806352C6-F682-40E8-AD0A-A0C3C4DD348A}
2012-03-21 17:16:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8AAB401-1902-477A-B6CA-6F25E5927349}
2012-03-20 18:34:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{34591528-16C4-4BE5-B6D9-DCDA057C6D2E}
2012-03-20 18:34:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8C73EA38-2983-4936-B254-21EC2348982E}
2012-03-20 06:33:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F00F4FA7-DAF6-44EB-BB85-6CE016BD60C1}
2012-03-20 06:33:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0BF8F1B2-A347-4CF0-9F2A-1D0F5E541FBA}
2012-03-19 15:30:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7F906341-8F3E-4EC9-8D94-A5B0B4506500}
2012-03-19 15:30:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{82DA7031-5377-4ACA-A6B3-A072AC40A4D2}
2012-03-19 06:59:51 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{41DEE5E7-976E-4D65-98CE-69B9EBB7705D}
2012-03-19 06:59:39 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AD711D22-0D0C-44A3-B661-E6CAA1295A09}
2012-03-18 15:40:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{963BA519-1E21-4207-AD1E-94E5C337FD52}
2012-03-18 15:39:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{520270DB-61FB-40DE-BEC7-0D8EE8F84E15}
2012-03-18 02:51:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{42A2B5DA-32C6-49C6-872D-652F96E1C2D6}
2012-03-18 02:51:34 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B564F154-EBF6-4A92-B0FC-54C87E0CF78B}
2012-03-17 14:51:07 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{ABE2360B-DAEE-4BB1-A321-F7D8FD1CFB1A}
2012-03-17 14:50:55 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8D5602A2-D88E-47D0-87BF-FF35A181B489}
2012-03-17 02:50:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6BC5F052-1F2B-4CDD-869D-45A80BA3EB5F}
2012-03-17 02:50:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{171DD523-9ED3-4CF3-BE64-38F09F834724}
2012-03-16 14:49:59 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6E6796E5-5690-4D25-A09C-53DD772DEB65}
2012-03-16 14:49:42 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{823776D3-B069-44AF-8BCA-74582FA3BB54}
.
==================== Find3M ====================
.
2012-04-13 16:32:08 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 23:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 16:33:46.65 ===============

Hi Silverbullet, welcome to the forum.


To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

If asked to download Avast's definitions please do so.

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Thanks for your response.

I just want you to know that I also submitted a email bug report before I submitted a bug report to the forum. At the time I could not find my ID/Password from 4 years ago and I honestly thought my email bug report would be added to the forum. About 24 hours ago I received a email response from (Jochen T. Team Spybot). I performed his instructions and sent an email response back to him yesterday. I informed him also that I had submitted a request to the forum. I have not heard back from him today.

I do not want to waste resources with 2 of you working on the problem but I do not want to be left with nobody working on the problem. Can you contact him and come to an agreement on who will continue working on a resolution. I will hold off on executing your instructions until I hear back from you.

Sorry for the confusion but I could not find my ID/Password so I submitted the email request first.

silverbullet

Hi Silverbullet,

I don't know what instructions he gave you to follow. I do see infections in the DDS log in this topic. The log was posted the same day as rhe topic was moved from the Spybot-S&D to the Malware forum.

I'm not sure what a Bug report is. Is it related to bug within SpyBot or is it another method of cleaning a computer?

Thanks for Reply:
The other method was an email to support under the support tab. Since I have Not received an email back from him today, I will continue with you and send email to support that I am working with You.

I can not attach the ".cab" file from the 2.0.7 Beta save of log files. It is too Big (21 MB).

Assuming you work on Spybot 2.0.7 Beta, I will execute your last instructions and send you the output.

Thanks for your help.

The email exchange with Jochen is below for your reference.

Dean


=================================================
Jochen EMAIL:
Hello Dean,

Please send us a complete bug report. In order to do so, please run Spybot - Search & Destroy and switch to Advanced Mode via the menu item Mode, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Please attach this file to your email and send it again to detections@spybot.info.

best regards,
Jochen T.
Team Spybot
======================
My Response:
Jochen:
I have attached the scan log but I need to update you on a few facts:

1. When I finally found my Spybot ID/Password, I also submitted a problem report on the "Malware Removal" forum entittled
"Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic" by Silverbullet.

2.My user ID (Dean-P-35) on the Laptop does not display the desktop when I login now, so I am using another ID(Jean).

3.Unfortunately, I found out that I had 2 versions of SpyBot installed and I both running at one time: 1.6.2 and 2.0.5.Beta.

4. I had trouble uninstalling both but now I believe that I have both uninstalled and currently only 2.0.7.131 Beta installed.

5. I did the deep scan with 2.0.7.131 SpyBot and did the fix problems and then saved the log. I have attached the log to this email.

6. I still have problems

Dean
=============================

Hi Silverbullet

Just heard back, it's you and me. Please follow the instructions for running aswMBR.

Thanks Again
Will Wait for your response.


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-17 11:44:11
-----------------------------
11:44:11.766 OS Version: Windows x64 6.1.7601 Service Pack 1
11:44:11.766 Number of processors: 4 586 0x2505
11:44:11.766 ComputerName: TOSHIBA-A665 UserName: Jean
11:44:13.108 Initialize success
11:46:01.323 AVAST engine defs: 12041700
11:46:22.007 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:46:22.009 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
11:46:22.024 Disk 0 MBR read successfully
11:46:22.027 Disk 0 MBR scan
11:46:22.032 Disk 0 Windows VISTA default MBR code
11:46:22.044 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:46:22.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
11:46:22.097 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
11:46:22.154 Disk 0 scanning C:\windows\system32\drivers
11:46:33.130 Service scanning
11:47:15.703 Modules scanning
11:47:15.703 Disk 0 trace - called modules:
11:47:15.781 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
11:47:15.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069f1060]
11:47:15.796 3 CLASSPNP.SYS[fffff8800199743f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069f0060]
11:47:15.812 5 thpdrv.sys[fffff88001de9cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049ca050]
11:47:18.136 AVAST engine scan C:\windows
11:47:20.820 AVAST engine scan C:\windows\system32
11:50:16.894 AVAST engine scan C:\windows\system32\drivers
11:50:31.528 AVAST engine scan C:\Users\Jean
11:53:22.236 File: C:\Users\Jean\AppData\Roaming\5CF06878.exe **INFECTED** Win32:Rootkit-gen [Rtk]
11:53:22.298 File: C:\Users\Jean\AppData\Roaming\6B5F0FE8.exe **INFECTED** Win32:Downloader-NWY [Trj]
11:53:33.668 File: C:\Users\Jean\AppData\Roaming\ohhjipgm.exe **INFECTED** Win32:Crypt-MLE [Trj]
11:53:38.005 File: C:\Users\Jean\winlogon.exe **INFECTED** Win32:Downloader-NVR [Trj]
11:53:44.120 AVAST engine scan C:\ProgramData
11:56:31.741 Scan finished successfully
11:57:27.102 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Desktop\MBR.dat"
11:57:27.117 The log file has been saved successfully to "C:\Users\Jean\Desktop\aswMBR.txt"






Dean

Hi Silverbullet,


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Right click on ComboFix.exe, click Run as Administrator & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log and a new HJT (hijackthis) log.

Thanks

ComboFix 12-04-17.01 - Jean 04/17/2012 18:54:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2459 [GMT -5:00]
Running from: c:\users\Jean\Desktop\ComboFix.exe
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\14XqPxvo.exe
c:\programdata\14XqPxvo.exe_
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Dean-P-35\AppData\Roaming\5CF06878.exe
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoActivate.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoHelp.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoUninstall.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe
c:\users\Dean-P-35\AppData\Roaming\DDA3363F.exe
c:\users\Dean-P-35\uidsave.dat
c:\users\Dean-P-35\WINDOWS
c:\users\Dean-P-35\WINDOWS\Driver\0002.mpg
c:\users\Dean-P-35\WINDOWS\Driver\001.avi
c:\users\Dean-P-35\WINDOWS\Driver\001.mpg
c:\users\Dean-P-35\WINDOWS\Driver\002.mpg
c:\users\Dean-P-35\WINDOWS\Driver\01.mpg
c:\users\Dean-P-35\WINDOWS\Driver\01.wmv
c:\users\Dean-P-35\WINDOWS\Driver\01ss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02.mpg
c:\users\Dean-P-35\WINDOWS\Driver\02.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02sss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02ssss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02x.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02y.mpg
c:\users\Dean-P-35\WINDOWS\Driver\03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0332.wmv
c:\users\Dean-P-35\WINDOWS\Driver\03uuu.wmv
c:\users\Dean-P-35\WINDOWS\Driver\04wwwww.wmv
c:\users\Dean-P-35\WINDOWS\Driver\05031202.wmv
c:\users\Dean-P-35\WINDOWS\Driver\05031203.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0ddd4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0eeee2.mpg
c:\users\Dean-P-35\WINDOWS\Driver\0l4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0t1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\10.wmv
c:\users\Dean-P-35\WINDOWS\Driver\14444.wmv
c:\users\Dean-P-35\WINDOWS\Driver\15_004.wmv
c:\users\Dean-P-35\WINDOWS\Driver\1m.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\222.wmv
c:\users\Dean-P-35\WINDOWS\Driver\233.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2m.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\3mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\4.mpg
c:\users\Dean-P-35\WINDOWS\Driver\4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\4mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\5396_4_clip.wmv
c:\users\Dean-P-35\WINDOWS\Driver\6093_04_180sec_00.wmv
c:\users\Dean-P-35\WINDOWS\Driver\analdaughters_clips02.wmv
c:\users\Dean-P-35\WINDOWS\Driver\angel1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\brazzersvault-penny-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\canhescore-alexistexas-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x2.mpg
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x4.mpg
c:\users\Dean-P-35\WINDOWS\Driver\clip03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\crissycreampie_chunk_1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\cwwlip03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\Desktop.ini
c:\users\Dean-P-35\WINDOWS\Driver\eastblocamateurs-dot-com-1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\fetishonepass.com_01.wmv
c:\users\Dean-P-35\WINDOWS\Driver\gia1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\hotbush-sexgames-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\housewife1on1-mariabellucci-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kennakane-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-madisonivy4-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze5-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-laurenphoenix-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\pornstarxs_4559-1-3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\realwifestories-kimberly-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\spcp-11.wmv
c:\users\Dean-P-35\WINDOWS\Driver\spcp-12.wmv
c:\users\Dean-P-35\WINDOWS\Driver\suziediamond_chunk_2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\Thumbs.db
c:\users\Dean-P-35\WINDOWS\Driver\v0131b.wmv
c:\users\Dean-P-35\WINDOWS\Driver\V03124_big_03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V09475_big_04.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_04.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_05.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V21919_big_03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\vid03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\vid03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\videosz-the-girl-next-door-5-22.mpg
c:\users\Dean-P-35\WINDOWS\Driver\videosz-trombone-blown-2-91.mpg
c:\users\Dean_Standard_User\uidsave.dat
c:\users\Jean\AppData\Roaming\5CF06878.exe
c:\users\Jean\AppData\Roaming\6B5F0FE8.exe
c:\users\Jean\AppData\Roaming\FA9C4BFD.exe
c:\users\Jean\AppData\Roaming\ohhjipgm.exe
c:\users\Jean\uidsave.dat
c:\users\Jean\WINDOWS
c:\users\Jean\winlogon.exe
c:\windows\SysWow64\crrss.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean-P-35\AppData\Local\temp
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean_Standard_User\AppData\Local\temp
2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Local\IsolatedStorage
2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Roaming\Intuit
2012-04-16 16:10 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-04-16 16:10 . 2012-04-16 16:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-04-15 22:53 . 2012-04-15 22:53 -------- d-----w- c:\users\Jean\AppData\Roaming\SoftGrid Client
2012-04-14 20:47 . 2012-04-14 20:47 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-13 20:55 . 2012-04-13 20:55 -------- d-----w- C:\SpybotBootCD
2012-04-13 19:49 . 2012-04-13 19:49 5679896 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-04-13 19:42 . 2012-04-17 16:50 -------- d-----w- c:\users\Jean\AppData\Local\CrashDumps
2012-04-13 16:32 . 2012-04-13 16:32 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 16:09 . 2012-04-13 16:09 -------- d-----w- c:\users\Dean-P-35\Tracing
2012-04-13 16:08 . 2012-04-13 16:08 -------- d-----w- c:\windows\en
2012-04-13 16:03 . 2012-04-13 16:03 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
2012-04-13 16:03 . 2012-04-13 16:03 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
2012-04-13 16:03 . 2012-04-13 16:03 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
2012-04-13 16:03 . 2012-04-13 16:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
2012-04-12 03:34 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:34 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:34 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:32 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 16:32 . 2011-06-10 05:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 08:51 . 2012-04-14 18:38 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 15:18 . 2011-05-29 15:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 14:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 15:22 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:22 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:55 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 14:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-12-21 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 uvkohury;uvkohury;c:\windows\system32\drivers\uvkohury.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 ALSysIO;ALSysIO;c:\users\DEAN-P~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_001.sys [x]
R3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_022.sys [x]
R3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_001.sys [x]
R3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_022.sys [x]
R3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_001.sys [x]
R3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_022.sys [x]
R3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_001.sys [x]
R3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_022.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-12-08 135608]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-06-03 270336]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 VZWConfigService;VZWConfigService;c:\program files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-02-11 169472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:32]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-crrss - c:\windows\system32\crrss.exe
Notify-igfxcui - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-17 19:17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 00:17
.
Pre-Run: 550,539,096,064 bytes free
Post-Run: 551,791,751,168 bytes free
.
- - End Of File - - 323E745D4857735000C060B5935D403D

Hi

How's the computer?


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

The computer is running very good and is back to its normal performance.

The only problem I have is that I can not get the desktop displayed for my old ID. After completing the logon process, It just displays a black screen with a open explorer window. After closing the explorer window, the screen is black and you can not do anything other that ctrl/alt/del. I think what happen is that the laptop battery was low and it tried to sleep and did not have enough battery to save the current environement 0f for my old ID desktop. Unless you have some expertise on this, don't spend any time on this. I will just save off what I need and create another ID.

OTL Log:
OTL logfile created on: 4/18/2012 7:58:50 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.37% Memory free
7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 506.72 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-A665 | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (VZWConfigService) -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (Novatel Wireless Inc.)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)
SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe (Novatel Wireless Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NWUSBPort2_022) -- C:\Windows\SysNative\drivers\nwusbser2_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_022) -- C:\Windows\SysNative\drivers\nwusbser_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_022) -- C:\Windows\SysNative\drivers\nwusbmdm_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWRmNet_022) -- C:\Windows\SysNative\drivers\NWRmNet_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWRmNet_001) -- C:\Windows\SysNative\drivers\NWRmNet_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2_001) -- C:\Windows\SysNative\drivers\nwusbser2_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_001) -- C:\Windows\SysNative\drivers\nwusbser_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_001) -- C:\Windows\SysNative\drivers\nwusbmdm_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8652BADC-8B1B-4E5D-AB71-2E1641A7424F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0085586D-CAAC-42C9-98A0-49EED9294734}
IE - HKLM\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/logout.cgi?todo=logout
IE - HKCU\..\SearchScopes,DefaultScope = {44F0F890-B49A-4489-85D9-82054C81CB80}
IE - HKCU\..\SearchScopes\{000DF192-70DC-43F2-B141-3A7DF40D3819}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{44F0F890-B49A-4489-85D9-82054C81CB80}: "URL" = http://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6084C596-A53E-4017-B341-8AAE9C624078}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41647863&src=kw&q={searchTerms}&locale=&apn_ptnrs=1R&apn_dtid=YYYYYYYYUS&apn_uid=1264D3D0-0958-41EB-A9A7-051855E39954&apn_sauid=D0DA637F-AC69-4B1B-B6F9-8D55843EC31B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/12/12 16:45:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/18 06:27:07 | 000,441,863 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15209 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 07:51:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/04/18 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Windows Live
[2012/04/18 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\{C13938E5-6E86-48DD-8184-E33D36F7FBB1}
[2012/04/18 07:20:43 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\{50B8DA10-9568-40D8-915D-DF19E3D8D042}
[2012/04/18 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Windows Live Writer
[2012/04/18 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Windows Live Writer
[2012/04/17 18:50:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/17 18:50:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/17 18:50:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/17 18:50:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/17 18:50:23 | 004,466,721 | R--- | C] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/04/17 11:44:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2012/04/17 10:12:43 | 000,000,000 | ---D | C] -- C:\Users\Jean\Documents\TurboTax
[2012/04/17 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\IsolatedStorage
[2012/04/17 10:07:15 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Intuit
[2012/04/16 11:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/04/16 11:10:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012/04/16 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/04/16 11:04:49 | 045,641,536 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe
[2012/04/15 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\SoftGrid Client
[2012/04/14 15:50:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/04/14 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\spybot
[2012/04/13 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/13 15:55:51 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2012/04/13 14:42:49 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\CrashDumps
[2012/04/13 11:32:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 11:08:33 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/04/11 22:35:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/11 22:35:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/11 22:35:16 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/11 22:35:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/11 22:35:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/11 22:35:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/11 22:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/11 22:35:15 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/11 22:35:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/11 22:35:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/11 22:35:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/11 22:34:54 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/11 22:34:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/11 22:34:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/11 22:32:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/11 22:32:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/11 22:32:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/03/22 14:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 07:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/18 07:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/04/18 07:25:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 07:14:17 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/18 07:11:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/18 06:27:07 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/18 06:26:33 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062707.backup
[2012/04/18 00:31:17 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062633.backup
[2012/04/17 19:21:32 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 19:21:32 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 19:16:46 | 000,780,156 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/17 19:16:46 | 000,660,982 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/17 19:16:46 | 000,121,620 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/17 19:09:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-003117.backup
[2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 18:40:52 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/04/17 11:59:27 | 000,000,565 | ---- | M] () -- C:\Users\Jean\Desktop\MBR.zip
[2012/04/17 11:57:27 | 000,000,512 | ---- | M] () -- C:\Users\Jean\Desktop\MBR.dat
[2012/04/17 11:23:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2012/04/16 14:35:38 | 000,605,431 | ---- | M] () -- C:\Users\Jean\Desktop\Desktop-20120416-143537.png
[2012/04/16 11:47:51 | 000,012,397 | ---- | M] () -- C:\Users\Jean\Desktop\Scan Results.2012-04-16 11-46-28
[2012/04/16 11:10:55 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/04/16 10:47:45 | 045,641,536 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe
[2012/04/16 08:17:55 | 000,007,614 | ---- | M] () -- C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
[2012/04/14 15:47:38 | 000,000,944 | ---- | M] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/04/14 15:47:38 | 000,000,920 | ---- | M] () -- C:\Users\Jean\Desktop\ERUNT.lnk
[2012/04/14 11:02:54 | 000,003,505 | ---- | M] () -- C:\windows\wininit.ini
[2012/04/13 15:58:34 | 000,000,505 | ---- | M] () -- C:\Users\Jean\Desktop\Programs and Features - Shortcut.lnk
[2012/04/13 11:32:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 11:32:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 11:14:15 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/04/12 15:24:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/31 09:30:55 | 000,000,018 | ---- | M] () -- C:\windows\phsrch5.ini
[2012/03/22 14:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2012/03/20 10:13:30 | 411,188,288 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/03/20 01:47:18 | 000,777,744 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 18:50:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/17 18:50:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/17 18:50:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/17 18:50:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/17 18:50:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/17 11:59:27 | 000,000,565 | ---- | C] () -- C:\Users\Jean\Desktop\MBR.zip
[2012/04/17 11:57:27 | 000,000,512 | ---- | C] () -- C:\Users\Jean\Desktop\MBR.dat
[2012/04/16 14:35:37 | 000,605,431 | ---- | C] () -- C:\Users\Jean\Desktop\Desktop-20120416-143537.png
[2012/04/16 11:47:51 | 000,012,397 | ---- | C] () -- C:\Users\Jean\Desktop\Scan Results.2012-04-16 11-46-28
[2012/04/16 11:10:55 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/04/16 11:10:55 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/04/15 18:36:13 | 000,007,614 | ---- | C] () -- C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
[2012/04/14 15:47:38 | 000,000,944 | ---- | C] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/04/14 15:47:38 | 000,000,920 | ---- | C] () -- C:\Users\Jean\Desktop\ERUNT.lnk
[2012/04/13 15:58:34 | 000,000,505 | ---- | C] () -- C:\Users\Jean\Desktop\Programs and Features - Shortcut.lnk
[2012/04/13 11:32:08 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 10:21:05 | 000,003,505 | ---- | C] () -- C:\windows\wininit.ini
[2011/12/31 12:13:13 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/12/25 14:11:26 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/12/12 13:46:16 | 000,206,568 | ---- | C] () -- C:\windows\hpwins28.dat
[2011/12/12 12:55:55 | 000,207,287 | ---- | C] () -- C:\windows\hpwins28.dat.temp
[2011/12/12 11:01:47 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
[2011/12/11 17:12:10 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
[2011/11/20 10:07:23 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 18:30:47 | 000,211,046 | ---- | C] () -- C:\windows\hpoins21.dat
[2011/10/04 18:30:47 | 000,005,474 | ---- | C] () -- C:\windows\hpomdl21.dat
[2011/08/30 14:08:56 | 000,000,018 | ---- | C] () -- C:\windows\phsrch5.ini
[2011/07/08 15:23:02 | 000,000,506 | ---- | C] () -- C:\windows\ODBC.INI
[2011/04/30 09:47:33 | 000,777,744 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/29 09:42:33 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2010/07/29 07:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 07:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 07:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 06:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 06:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2011/12/31 12:25:26 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\PCStitch Pro
[2011/12/31 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Radium Technologies
[2012/04/15 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\SoftGrid Client
[2011/06/16 18:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Toshiba
[2012/04/18 07:20:30 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Windows Live Writer
[2012/02/14 18:43:04 | 000,032,628 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< * >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- \bootmgr
[2010/10/28 14:45:28 | 000,008,192 | RHS- | M] () -- \BOOTSECT.BAK
[2012/04/17 19:17:32 | 000,029,976 | ---- | M] () -- \ComboFix.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1028.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1031.txt
[2007/11/07 10:00:40 | 000,010,134 | ---- | M] () -- \eula.1033.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1036.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1040.txt
[2007/11/07 10:00:40 | 000,000,118 | ---- | M] () -- \eula.1041.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.1042.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.2052.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- \eula.3082.txt
[2012/03/03 15:50:29 | 050,507,776 | ---- | M] () -- \Firl-2012-03-03.QDF-backup
[2012/03/11 14:38:38 | 050,601,984 | ---- | M] () -- \Firl-2012-03-11.QDF-backup
[2007/11/07 10:00:40 | 000,001,110 | ---- | M] () -- \globdata.ini
[2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- \hiberfil.sys
[2007/11/07 10:00:40 | 000,000,843 | ---- | M] () -- \install.ini
[2007/11/07 10:03:18 | 000,076,304 | ---- | M] () -- \install.res.1028.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] () -- \install.res.1031.dll
[2007/11/07 10:03:18 | 000,091,152 | ---- | M] () -- \install.res.1033.dll
[2007/11/07 10:03:18 | 000,097,296 | ---- | M] () -- \install.res.1036.dll
[2007/11/07 10:03:18 | 000,095,248 | ---- | M] () -- \install.res.1040.dll
[2007/11/07 10:03:18 | 000,081,424 | ---- | M] () -- \install.res.1041.dll
[2007/11/07 10:03:18 | 000,079,888 | ---- | M] () -- \install.res.1042.dll
[2007/11/07 10:03:18 | 000,075,792 | ---- | M] () -- \install.res.2052.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] () -- \install.res.3082.dll
[2004/08/16 11:53:58 | 000,001,059 | -H-- | M] () -- \IPH.PH
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] () -- \msdia80.dll
[2012/04/17 19:09:19 | 4079,665,152 | -HS- | M] () -- \pagefile.sys
[2007/11/07 10:00:40 | 000,005,686 | ---- | M] () -- \vcredist.bmp
[2007/11/07 10:09:22 | 001,442,522 | ---- | M] () -- \VC_RED.cab
[2007/11/07 10:12:28 | 000,232,960 | ---- | M] () -- \VC_RED.MSI
[2011/06/16 08:14:08 | 000,004,548 | ---- | M] () -- \WirelessDiagLog.csv
[2011/01/16 08:08:48 | 000,004,418 | ---- | M] () -- \WRA_Colors.txt

< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/28 14:45:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/04/17 19:17:32 | 000,029,976 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 10:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 10:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 10:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2012/03/03 15:50:29 | 050,507,776 | ---- | M] () -- C:\Firl-2012-03-03.QDF-backup
[2012/03/11 14:38:38 | 050,601,984 | ---- | M] () -- C:\Firl-2012-03-11.QDF-backup
[2007/11/07 10:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/04/17 19:09:19 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 10:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 10:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 10:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 10:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 10:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 10:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 10:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 10:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 10:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/16 11:53:58 | 000,001,059 | -H-- | M] () -- C:\IPH.PH
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/04/17 19:09:19 | 4079,665,152 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 10:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 10:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 10:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011/06/16 08:14:08 | 000,004,548 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/01/16 08:08:48 | 000,004,418 | ---- | M] () -- C:\WRA_Colors.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/04/17 11:23:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2012/04/17 18:40:52 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/04/18 07:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/04/16 10:47:45 | 045,641,536 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Jean\Desktop\spybotsd-2.0.7-beta5.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/07 17:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2012/04/18 07:42:10 | 000,160,046 | ---- | M] () MD5=CB356BA4854D22FEE97768AE5BE0105C -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE - SHORTCUT.LNK >
[2012/04/14 09:30:18 | 000,001,404 | ---- | M] () MD5=1C51AABB2CCECDAD67236BF2E7916340 -- C:\Users\Dean-P-35\Desktop\iexplore.exe - Shortcut.lnk

< MD5 for: IEXPLORE.EXE >
[2010/09/07 23:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2010/09/08 00:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 00:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/09/07 23:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2011/04/30 09:05:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2011/04/30 09:05:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/04/30 09:05:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2011/02/24 00:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/02/24 01:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/02/24 01:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2011/04/30 09:05:56 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/04/30 09:05:56 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe

< MD5 for: IEXPLORE.EXE(1).6224.DMP >
[2011/12/12 17:48:02 | 005,162,867 | ---- | M] () MD5=AF7B3B27F5D2B5AFD360A6DA1D90CA0B -- C:\Users\Dean_Standard_User\AppData\Local\CrashDumps\iexplore.exe(1).6224.dmp

< MD5 for: IEXPLORE.EXE(1).7560.DMP >
[2012/01/19 15:23:48 | 007,692,752 | ---- | M] () MD5=23A7EACD3C61DEDFA990C617824992AB -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe(1).7560.dmp

< MD5 for: IEXPLORE.EXE.1080.DMP >
[2012/04/16 13:15:39 | 003,074,420 | ---- | M] () MD5=C93587F3F9D978C3F9F06930A28BD471 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.1080.dmp

< MD5 for: IEXPLORE.EXE.11732.DMP >
[2012/04/13 14:50:00 | 005,137,597 | ---- | M] () MD5=1164385AF3C84F2B57A8C6C5D99775B5 -- C:\Users\Jean\AppData\Local\CrashDumps\iexplore.exe.11732.dmp

< MD5 for: IEXPLORE.EXE.1196.DMP >
[2012/04/16 11:21:18 | 005,160,167 | ---- | M] () MD5=22B2BBE938A998A04EF2E3F5BF12F9E3 -- C:\Users\Jean\AppData\Local\CrashDumps\iexplore.exe.1196.dmp

< MD5 for: IEXPLORE.EXE.1408.DMP >
[2012/04/16 22:13:33 | 002,184,345 | ---- | M] () MD5=ABBDD196AC414238590AD2F94F850EAC -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.1408.dmp

< MD5 for: IEXPLORE.EXE.352.DMP >
[2012/04/17 04:21:30 | 003,134,154 | ---- | M] () MD5=05CF862D2AF166D812CC0EC099378B7F -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.352.dmp

< MD5 for: IEXPLORE.EXE.4320.DMP >
[2012/04/16 13:19:29 | 003,246,945 | ---- | M] () MD5=048869D9A4F524F7D139DDD44B23C2B5 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.4320.dmp

< MD5 for: IEXPLORE.EXE.4840.DMP >
[2012/04/16 15:25:29 | 003,141,263 | ---- | M] () MD5=D28A40C34EDF9FAFD54BF1F71391CD16 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.4840.dmp

< MD5 for: IEXPLORE.EXE.5020.DMP >
[2012/04/16 16:32:55 | 003,083,231 | ---- | M] () MD5=394AC6238314E6505DB84367BEB5E277 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.5020.dmp

< MD5 for: IEXPLORE.EXE.5872.DMP >
[2011/12/03 11:56:30 | 006,880,837 | ---- | M] () MD5=54E7CA6CD3CA13B6B1561E818582FD32 -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe.5872.dmp

< MD5 for: IEXPLORE.EXE.6224.DMP >
[2011/12/12 17:47:59 | 005,164,627 | ---- | M] () MD5=11054B59C6F77DB1E0E5EAE4829B8171 -- C:\Users\Dean_Standard_User\AppData\Local\CrashDumps\iexplore.exe.6224.dmp

< MD5 for: IEXPLORE.EXE.6916.DMP >
[2012/04/16 12:07:09 | 003,441,480 | ---- | M] () MD5=442B116B6EE648CD8F47BAE2972ECEAE -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.6916.dmp

< MD5 for: IEXPLORE.EXE.7136.DMP >
[2011/12/20 18:50:52 | 006,772,212 | ---- | M] () MD5=B2D67F420037727672FCAAA3EA2CBBBF -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe.7136.dmp

< MD5 for: IEXPLORE.EXE.7560.DMP >
[2012/01/19 15:23:45 | 007,738,912 | ---- | M] () MD5=DB97DD6BE43ABFB2E3D8A3BA0AD2E5F9 -- C:\Users\Dean-P-35\AppData\Local\CrashDumps\iexplore.exe.7560.dmp

< MD5 for: IEXPLORE.EXE.7684.DMP >
[2012/04/17 10:11:34 | 004,165,700 | ---- | M] () MD5=DA226CB7C90E4C6ECE24791490C26B3D -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.7684.dmp

< MD5 for: IEXPLORE.EXE.7892.DMP >
[2012/04/16 12:07:57 | 003,271,408 | ---- | M] () MD5=980C4B8BA30F3086EA2580FAB6F12249 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.7892.dmp

< MD5 for: IEXPLORE.EXE.8128.DMP >
[2012/04/17 10:13:28 | 003,196,762 | ---- | M] () MD5=D0C92C14D06219917022C86F3026366A -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\iexplore.exe.8128.dmp

< MD5 for: IEXPLORE.EXE.MUI >
[2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2011/04/30 09:05:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9213.PF >
[2012/04/18 07:50:41 | 000,382,466 | ---- | M] () MD5=7016041921AF75D6B3261095F3429AB6 -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2012/04/14 16:08:29 | 000,341,448 | ---- | M] () MD5=9D49636AD028DF92496FDB4B09A54188 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: WINLOGON.ADML >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.EXE.VIR >
[2011/07/15 23:24:22 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D3E039ABB08729671DE24A71A6163DA2 -- C:\Qoobox\Quarantine\C\Users\Jean\winlogon.exe.vir

< MD5 for: WINLOGON.EXE-B020DC41.PF >
[2012/04/18 07:14:23 | 000,026,976 | ---- | M] () MD5=70CF4EE0A4F243AC86152DA758F33AE9 -- C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf

< MD5 for: WINLOGON.MFL >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< >

< End of report >

OTL Extras logfile created on: 4/18/2012 7:58:50 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.37% Memory free
7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 506.72 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-A665 | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1BD7620A-E5D9-4E57-A7A1-08BFA9005BAC}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4ED66399-6D95-43C0-964B-D2B9C8EC52FB}" = VZAccess Manager
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5F29D5E7-8C01-4695-8A38-9F94BC3EAD40}" = TurboTax 2011 wmniper
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA5860B-9027-4864-81D0-2A5B82D41821}" = TurboTax 2010 wmniper
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA9CCE14-D83E-4d12-9C1A-79EF7EBA4175}" = HP Smart Print 1.0.9.0
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B705AA09-2E48-4095-904C-F6CE8B97DEF6}" = Active@ Partition Recovery
"{B7DB5A25-D1C8-4B2C-9C6A-67FBD37A3E3D}" = DeLorme Phone Data 2011
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CBA640FF-4754-4DB7-AC90-64D007FA8ACD}" = MiFi4510 Mobile Broadband Drivers
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0AE9222-C133-4135-BE5B-BE6ED6D6D78B}" = DeLorme Street Atlas USA 2011 Plus
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DB32A38E-4D83-49F9-9E69-4D0929C5F175}" = PCStitch 9
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E4B4E964-8A4B-4AA7-867E-80BF9571DD00}" = Verizon Mobile Broadband Drivers
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F678343D-CDCD-41F5-A638-6FE502C76CB7}" = Living Cookbook
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PdaNet_is1" = PdaNet for Android 3.02
"Picasa 3" = Picasa 3
"TOSHIBA Game Console" = WildTangent ORB Game Console
"transformer_ie" = Widevine Media Transformer Plugin 5.0.0
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"VMSpc v.2.5" = VMSpc v.2.5
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT089366" = Cake Mania - Lights, Camera, Action!(TM)
"WT089368" = FATE - The Traitor Soul
"WT089379" = Mystery P.I. - The London Caper
"WT089381" = Slingo Supreme
"WT089386" = Governor of Poker 2 Premium Edition
"WT089395" = Plants vs. Zombies - Game of the Year
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Hi Silverbullet,

That may be an explorer problem. Try this on the broblem account. After you close the explorer window use cont-alt-delete to open Task Manager,


look in the lists of processes for explorer.exe
if it's there click on it and click end process


Next
click File
click new task (run)
type explorer
click ok

Did the desktop load? We can come back to this after the machine is clean if you wish.

Back to cleaning

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



File::
c:\windows\system32\drivers\uvkohury.sys

Driver::
uvkohury


In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif



Next

Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
combofix log
MBAM log

The explorer fix worked. Will work on later after virus removed- Thanks
Computer working good.


mbam log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jean :: TOSHIBA-A665 [administrator]

4/19/2012 10:23:26 AM
mbam-log-2012-04-19 (10-23-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255262
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Dean-P-35\Desktop\Antivirus Protection.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

(end)

Hi Silverbullet,

Ok we can come back to it if it's still a problem.

One more scan to check for stragglers.

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.



*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.
Please post the ESET log if there is one.

:\ProgramData\Spybot - Search & Destroy\Recovery\WinAutoRunul.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\ProgramData\14XqPxvo.exe.vir Win32/TrojanClicker.Agent.NEB trojan
C:\Qoobox\Quarantine\C\ProgramData\14XqPxvo.exe_.vir Win32/TrojanClicker.Agent.NEB trojan
C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe.vir a variant of Win32/Kryptik.AEAY trojan
C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe.vir a variant of Win32/Kryptik.ADZI trojan
C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\5CF06878.exe.vir Win32/TrojanClicker.Agent.NEB trojan
C:\Qoobox\Quarantine\C\Users\Dean-P-35\AppData\Roaming\DDA3363F.exe.vir Win32/TrojanClicker.Agent.NEB trojan
C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\5CF06878.exe.vir Win32/TrojanClicker.Agent.NEB trojan
C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\6B5F0FE8.exe.vir a variant of Win32/Kryptik.ADYC trojan
C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\FA9C4BFD.exe.vir Win32/TrojanClicker.Agent.NEB trojan
C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\ohhjipgm.exe.vir a variant of Win32/Kryptik.AEIQ trojan
C:\Qoobox\Quarantine\C\Users\Jean\winlogon.exe.vir Win32/Opachki.P trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\crrss.exe.vir Win32/Opachki.P trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAutoRunul.zip Win32/Bagle.gen.zip worm

Hi Silverbullet,

The ESET detections are files quarantined by Spybot or files we have quarantined. You can empty Spybot's quarantined and the others will be removed when we remove the tools.

The computer appears to be clean. Was the "fix" for explorer not opening permanent or is the problem still present?

The laptop continues to work great.
The fix worked but the same problem exists after logging in the next time.

Hi Silverbullet,

Was there any instance of explorer running after you rebooted? That is did you need to end the explorer process before launching a new one via task manager?

I start task manager, kill the one instance of explorer, start a new explorer process thur task manager and I get my desktop back.

Whether I only log off or shutdown and reboot, the desktop does not display unless I follow your process.

Hi Silverbullet,

There are several cuases for this but no one sure fix. As it appears to be only the one account that is effected I think we can rule out a hardare problem.

The explorer window that opens, does it have a name? ie: my document, my pictures etc

Try booting to safe mode and see if the problem still persists.


Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Same problem?

Next try a clean boot:

Let's try a clean boot and see if the computer is any better. You may not have all the functionality as only a minimal set of drivers and startup programs will load at startup.

click start and type msconfig.exe in the search box and press enter.

On the General tab
check Selective startup
uncheck Load startup items


click the Services tab
check select the Hide all Microsoft services
check Disable all.
Click Ok
Click Restart
Any better?

Hi Silverbullet,

There are several cuases for this but no one sure fix. As it appears to be only the one account that is effected I think we can rule out a hardare problem.

The explorer window that opens, does it have a name? ie: my document, my pictures etc
No name,Just "Dean-P-35 -->My Documents"

Try booting to safe mode and see if the problem still persists.


Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Same problem?
Yes Same Problem

Next try a clean boot:

Let's try a clean boot and see if the computer is any better. You may not have all the functionality as only a minimal set of drivers and startup programs will load at startup.

click start and type msconfig.exe in the search box and press enter.

On the General tab
check Selective startup
uncheck Load startup items


click the Services tab
check select the Hide all Microsoft services
check Disable all.
Click Ok
Click Restart
Any better?
***Same Problem***

Hi Silverbullet,

That gets us a bit closer.

We'll work from the effected account.

First go back into msconfig and reset everything you changed back to how it was before. Reboot and log back into that account.

Run OTL from the effected account with the following settings:


When the window appears, underneath Output at the top change it to Minimal Output
Check the bax beside "scan all users"
UNCheck the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following (do not copy the word code)

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|shell /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Please post the OTL.txt produced.

OTL logfile created on: 4/22/2012 7:33:12 AM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jean\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 59.12% Memory free
7.60 Gb Paging File | 5.80 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 513.05 Gb Free Space | 88.05% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-A665 | User Name: Dean-P-35 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jean\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (VZWConfigService) -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (Novatel Wireless Inc.)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)
SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe (Novatel Wireless Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NWUSBPort2_022) -- C:\Windows\SysNative\drivers\nwusbser2_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_022) -- C:\Windows\SysNative\drivers\nwusbser_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_022) -- C:\Windows\SysNative\drivers\nwusbmdm_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWRmNet_022) -- C:\Windows\SysNative\drivers\NWRmNet_022.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWRmNet_001) -- C:\Windows\SysNative\drivers\NWRmNet_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2_001) -- C:\Windows\SysNative\drivers\nwusbser2_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_001) -- C:\Windows\SysNative\drivers\nwusbser_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_001) -- C:\Windows\SysNative\drivers\nwusbmdm_001.sys (Novatel Wireless Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8652BADC-8B1B-4E5D-AB71-2E1641A7424F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0085586D-CAAC-42C9-98A0-49EED9294734}
IE - HKLM\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startribune.com/
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes\{391A3668-29CE-4E8C-8005-20E6BE0D13ED}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=63FB6EE5-0D44-4F57-964F-9FB17B5349C2&apn_sauid=EAF31677-8952-496B-BD94-933CD74C91DB
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes\{97B1AC55-3162-4E8C-B669-A9505BED6022}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41647863&src=kw&q={searchTerms}&locale=&apn_ptnrs=1R&apn_dtid=YYYYYYYYUS&apn_uid=1264D3D0-0958-41EB-A9A7-051855E39954&apn_sauid=D0DA637F-AC69-4B1B-B6F9-8D55843EC31B
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/12/12 16:45:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/18 21:16:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection] "C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe" /STARTUP File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection 2012 SM] C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [cdloader] C:\Users\Dean-P-35\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [qudqt4wswdse] C:\Users\DEAN-P~1\AppData\Local\Temp\17D5.tmp File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [winlogon] C:\Users\Dean-P-35\winlogon.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004 Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004 Winlogon: Shell - ("C:\Users\Dean-P-35\winlogon.exe") - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 07:32:32 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{3ACE5AAD-D866-4677-B152-B44A67156B7B}
[2012/04/22 07:32:20 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{5137B8FF-1C8E-4488-8391-D48A4EA8EAA7}
[2012/04/21 20:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/21 20:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/21 19:40:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/04/21 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8CEA2458-024E-42D6-B772-84D0616C2076}
[2012/04/21 08:13:41 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{67836833-5FCA-4CFA-978A-396313171E8E}
[2012/04/20 09:08:12 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{EA0607A4-73F6-43EB-AB48-88103C17C699}
[2012/04/20 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{0A424C42-3F63-4019-803D-0D5E87E99AC3}
[2012/04/19 11:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/19 10:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/19 10:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/19 10:21:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/19 10:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/19 09:20:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/18 21:40:58 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\temp
[2012/04/18 20:34:13 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{6F51EF51-E11B-4105-8CB9-52BEBD5C50F4}
[2012/04/18 20:33:50 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A87D0BDB-65BD-492D-B812-91971C706DB7}
[2012/04/17 18:50:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/17 18:50:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/17 18:50:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/16 13:17:29 | 000,000,000 | R--D | C] -- C:\Users\Dean-P-35\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/16 11:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/04/16 11:10:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012/04/16 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/04/14 15:54:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dean-P-35\Desktop\dds.scr
[2012/04/14 15:50:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/04/14 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\spybot
[2012/04/14 09:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{084C90FC-AEB8-4D79-8B3E-199D792ED9A2}
[2012/04/14 09:35:01 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A1EEA238-42D6-4C5E-9D22-AFA527812B43}
[2012/04/13 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/13 15:55:51 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2012/04/13 11:32:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 11:11:21 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A824C43E-1BAB-4B0A-9CBC-F5547567E2DA}
[2012/04/13 11:10:11 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{6724D355-ADC6-424A-A3AB-F4F262BC503F}
[2012/04/13 11:09:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{958F9125-ED75-4B19-8B0A-EBD3C510F0DF}
[2012/04/13 11:08:33 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/04/13 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{5EC34E75-0A65-401D-960A-708C27A59582}
[2012/04/13 11:01:37 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A8F117FA-E1DC-40AB-A42F-5E1BB9DE1E86}
[2012/04/13 07:08:40 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{649FB6BB-1D7C-4B6D-BF4D-86A0B369650D}
[2012/04/12 16:10:20 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{B0F50F37-BEFD-4BE9-A193-FE91269BA94B}
[2012/04/11 22:35:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/11 22:35:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/11 22:35:16 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/11 22:35:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/11 22:35:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/11 22:35:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/11 22:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/11 22:35:15 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/11 22:35:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/11 22:35:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/11 22:35:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/11 22:34:54 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/11 22:34:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/11 22:34:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/11 22:32:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/11 22:32:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/11 22:32:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/04/11 22:07:57 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{4AD2639E-A12E-4219-BE0F-8335BAC8ABE8}
[2012/04/11 22:07:23 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{9C1FB17F-E189-4AEB-8C79-87211A3CC039}
[2012/04/11 08:49:54 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{710CF3CC-F8FA-437B-BEA8-D56EBAFF1C70}
[2012/04/10 20:49:19 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A0507561-47DA-4E7B-B552-076E6702D501}
[2012/04/10 08:48:54 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{BB4F04B3-668E-40F1-8135-8941E55A4D38}
[2012/04/09 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{9083E23F-6F32-46D9-8669-8E20C6E608E3}
[2012/04/09 08:47:37 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{733E5E37-8A2F-410C-AACB-4AFFE941B869}
[2012/04/08 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{195C6D3E-9D4A-4332-95C0-1C03FB1F38C1}
[2012/04/08 08:45:00 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8F976A5A-F4AE-446E-AE20-ECDE7E9EC295}
[2012/04/07 07:33:25 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{2E495B13-026F-4B14-A324-5AEEB2C4BDDD}
[2012/04/06 15:53:16 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{7AD9F1C9-B570-409D-9ECB-2729481F0714}
[2012/04/05 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{C31F976D-FA94-4115-8BBE-40A6D872DD26}
[2012/04/05 08:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{91D934B8-B1D9-4D1A-804A-5524613F8412}
[2012/04/04 18:58:23 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{16AB1D3E-27FA-4106-BFDE-63FADA04A46D}
[2012/04/03 21:37:40 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{4720F396-F045-4DCF-B2AD-3C0B09C06699}
[2012/04/03 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{9D2B7D7D-438E-4A87-A0F5-F8E8AE92A0A2}
[2012/04/02 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{96F3C4D3-559A-4704-BFBF-5B959BD173CD}
[2012/04/02 00:06:09 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{D41C5B75-A4C6-42F6-A19D-6D7882BC3D3B}
[2012/04/01 09:13:01 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{44A1807E-33EB-477A-ABDC-29D3FE49340B}
[2012/03/31 08:58:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{D6D6049E-D3C5-418C-9D83-1651202D2E74}
[2012/03/30 11:14:00 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{73A3B573-AD1E-4979-89AB-A898F478B65B}
[2012/03/29 23:13:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{E8F87748-028D-4991-AE21-10AD86DC205E}
[2012/03/29 11:12:57 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{AE07EE6A-A867-4246-8D58-E8556C130EBB}
[2012/03/28 22:00:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{1C822190-2A18-4936-A063-26792E96E61B}
[2012/03/28 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8A7E574E-89E5-42CD-83E3-1E7061AFCA15}
[2012/03/28 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{490420E2-35B7-41EA-84F6-9993C325A88F}
[2012/03/27 21:59:27 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{22502869-C4D8-4608-A8E5-0F8D86E37098}
[2012/03/27 21:59:02 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{0E4635CF-94A3-4E7A-B834-B616E27E84D2}
[2012/03/27 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{E0170AFF-B7A0-416E-A164-08A071279942}
[2012/03/27 09:58:12 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{64502DA2-F8AF-44F8-8761-7B7D50A12F85}
[2012/03/26 21:57:46 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{DC855321-6CD1-4C6E-A13F-FDD48613EF50}
[2012/03/26 21:57:22 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{973263A7-7D70-4CC9-B383-0C9324401C02}
[2012/03/26 09:57:08 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{FD8BFBBF-184E-4EF9-A438-0447CD8E1C63}
[2012/03/26 09:56:44 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{83944100-1791-4E75-965E-8F3315A52840}
[2012/03/25 10:34:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{B13498D4-7193-49F8-B8B8-6D6B75A3C959}
[2012/03/25 10:34:20 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{FEF13E03-2CD2-4F92-B4E1-364645AAAD43}
[2012/03/24 22:33:56 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8641FF32-9420-4F3A-9CA7-62EAA2B48639}
[2012/03/24 22:33:31 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{20E7A3BD-45E2-4841-971C-66A1323DEE52}
[2012/03/24 10:33:06 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{E9C938D5-0117-495A-B9A7-7DCB4AE9FB33}
[2012/03/24 10:32:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{3E2D8FF8-CF6E-43F7-B22B-594D184DD5BC}
[2012/03/23 22:32:17 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{D92C6F46-489A-45FC-9C96-B94A469C73F4}
[2012/03/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{3F7734BB-88B2-43BB-8CB7-E684C12A9D9E}
[2012/03/23 15:05:07 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\Documents\RV Motorhome Brochure
[2012/03/23 10:31:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{F1EC186E-22EF-4CFC-910E-9F2CAFF3E1B1}
[2012/03/23 10:30:58 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{B42F6FC3-48CB-4AB4-A22A-23918A96C107}
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 07:31:41 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 07:31:41 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 07:27:37 | 000,783,592 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/22 07:27:37 | 000,663,110 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/22 07:27:37 | 000,122,648 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/22 07:25:11 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/22 07:23:33 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 07:23:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/22 07:22:58 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 06:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/21 20:38:13 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/04/21 20:38:05 | 000,797,742 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/19 10:21:50 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 21:16:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/18 06:26:33 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062707.backup
[2012/04/18 00:31:17 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062633.backup
[2012/04/17 19:09:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-003117.backup
[2012/04/16 11:10:55 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/04/14 16:55:05 | 000,001,942 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk
[2012/04/14 15:47:38 | 000,000,944 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/04/14 15:47:38 | 000,000,920 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\ERUNT.lnk
[2012/04/14 15:10:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dean-P-35\Desktop\dds.scr
[2012/04/14 14:37:31 | 000,001,327 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/14 14:37:31 | 000,001,303 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\Spybot - Search & Destroy.lnk
[2012/04/14 11:02:54 | 000,003,505 | ---- | M] () -- C:\windows\wininit.ini
[2012/04/14 09:48:34 | 000,001,452 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/14 09:30:18 | 000,001,404 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\iexplore.exe - Shortcut.lnk
[2012/04/13 18:19:02 | 000,000,384 | ---- | M] () -- C:\Users\Dean-P-35\AppData\Roaming\Network Meter_Settings.ini
[2012/04/13 11:32:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 11:32:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/12 15:24:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/11 10:06:10 | 000,331,565 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\2011 Federal Tax Rate Table.pdf
[2012/04/08 13:21:05 | 000,188,474 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\f990ez--2010.pdf
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/03/31 09:30:55 | 000,000,018 | ---- | M] () -- C:\windows\phsrch5.ini
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 07:19:25 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/04/22 07:19:25 | 000,002,010 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/21 20:38:01 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/19 10:21:50 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/17 18:50:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/17 18:50:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/17 18:50:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/17 18:50:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/17 18:50:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/16 11:10:55 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/04/16 11:10:55 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/04/14 16:55:05 | 000,001,942 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk
[2012/04/14 15:47:38 | 000,000,944 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2012/04/14 15:47:38 | 000,000,920 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\ERUNT.lnk
[2012/04/14 09:48:34 | 000,001,452 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/14 09:30:18 | 000,001,404 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\iexplore.exe - Shortcut.lnk
[2012/04/13 17:05:08 | 000,001,327 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/13 17:05:08 | 000,001,303 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\Spybot - Search & Destroy.lnk
[2012/04/13 11:32:08 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 10:21:05 | 000,003,505 | ---- | C] () -- C:\windows\wininit.ini
[2012/04/11 10:06:10 | 000,331,565 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\2011 Federal Tax Rate Table.pdf
[2012/04/08 13:21:05 | 000,188,474 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\f990ez--2010.pdf
[2011/12/31 12:13:13 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/12/25 14:11:26 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/12/12 13:46:16 | 000,206,568 | ---- | C] () -- C:\windows\hpwins28.dat
[2011/12/12 12:55:55 | 000,207,287 | ---- | C] () -- C:\windows\hpwins28.dat.temp
[2011/12/12 11:01:47 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
[2011/12/11 17:12:10 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
[2011/11/20 10:07:23 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 18:30:47 | 000,211,046 | ---- | C] () -- C:\windows\hpoins21.dat
[2011/10/04 18:30:47 | 000,005,474 | ---- | C] () -- C:\windows\hpomdl21.dat
[2011/08/30 14:08:56 | 000,000,018 | ---- | C] () -- C:\windows\phsrch5.ini
[2011/07/08 15:23:02 | 000,000,506 | ---- | C] () -- C:\windows\ODBC.INI
[2011/05/31 14:15:08 | 000,000,384 | ---- | C] () -- C:\Users\Dean-P-35\AppData\Roaming\Network Meter_Settings.ini
[2011/05/04 08:03:33 | 000,027,648 | ---- | C] () -- C:\Users\Dean-P-35\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 09:47:33 | 000,797,742 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/29 09:42:33 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2010/07/29 07:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 07:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 07:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 06:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 06:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

========== Custom Scans ==========

< HKEY_current_user\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon|shell /rs >

< End of report >

Hi Silverbullet,

Let's see if this will do it.


Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection] "C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe" /STARTUP File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection 2012 SM] C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [qudqt4wswdse] C:\Users\DEAN-P~1\AppData\Local\Temp\17D5.tmp File not found
O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [winlogon] C:\Users\Dean-P-35\winlogon.exe File not found
O20 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004 Winlogon: Shell - ("C:\Users\Dean-P-35\winlogon.exe") - File not found
[2012/04/14 16:55:05 | 000,001,942 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk

:Files
ipconfig /flushdns /c

:Commands
[createrestorepoint]


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer
Please post the OTL fix log.

OTL Log:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus Protection deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus Protection 2012 SM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PC Health Status deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\qudqt4wswdse deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Dean-P-35\winlogon.exe" deleted successfully.
C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jean\Downloads\cmd.bat deleted successfully.
C:\Users\Jean\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.40.0 log created on 04222012_143813

Hi Silverbullet,

Good. Any other issues with the computer?

Thanks again. Everything is back to normal.

Hi Silverbullet,

I don't see an antivirus program installed on this computer. I'll give you some links to some good free ones. You can install one after you remove the tools.

We'll clean up the tools now.

From your desktop, please delete, if present
any notepads/logs that we created
aswMBR.exe
mbr.zip
mbr.dat
DDS.scr


Next

Click the Start button. Copy and paste the following line into the search box and hit enter


Combofix /uninstall


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.


Antivirus programs

Download and install one of these programs.

Avast (http://www.avast.com/free-antivirus-download)
Help and support can be found here Avast Forum (http://forum.avast.com/)
Antivir PersonalEditionClassic (http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html)
Help and support can be found here Avira Personal Support Forum (http://www.free-av.com/en/support/index.html)
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)
Support (http://go.microsoft.com/fwlink/?LinkID=153442)


Updates

Java

You can get the newest version of Java 32bit and 64bit from HERE (http://www.oracle.com/technetwork/java/javase/downloads/index.html)

in the Java Platform, Standard Edition section click the download button under JRE
Accept the Accept License Agreement
download Windows x86 (32-bit) Offline and Windows x64 (64-bit)
save them to your desktop, do not install them yet


Click start > Control panel
under Programs click Uninstall a program
Uninstall
Java(TM) 6 Update 30 (64-bit)
Java(TM) 6 Update 30



Next

Install the new java by double clicking the files you downlloaded. Remember to decline the Ask ToolBar.

Next

Click your start button > Control Panel
Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
On the General tab, Click Settings under Temporary Internet Files.
On the Temporary Files Settings screen, Click Delete Files.
check all boxes
Click OK
Do the sme with the 64bit applet.


Adobe Reader

You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources. If you choose FoxIt be sure to decline the FoxIt toolbar when it is offered during the install.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 9.5.1 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall and install an antivirus program. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE (http://www.addictivetips.com/windows-tips/windows-7-firewall-outbound-protection/) .


You will need to reinstall the Custom Hosts file that Spybot had previously installed.
1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)

Please post back if you have any problems.

Take care

Thanks for all your help
Dean

Hi Silverbullet,

You are more than welcome. Take care, keep safe.

Since this issue appears to be resolved ... this Topic has been closed.