Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic
Yesterday my Windows 7 Laptop started slowing down. After about 5 minutes surfing the internet, the PC would slow down to a crawl. The CPU usuage was bedtween 80-100% and I noticed a slow network leak. It appears that the iexplore task start showing up after about 5 minutes from reboot. The number of iexplore task increases until you can not use the PC.
The spybot scan log indicates no viruses or another words no problems.
DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dean-P-35 at 16:33:23 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1327 [GMT -5:00]
.
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k HPService
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\14XqPxvo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DEAN-P~1\AppData\Roaming\5CF06878.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.startribune.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Smart Print BHO: {1658d3a1-9e13-4196-a82a-d70d70880f36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [cdloader] "C:\Users\Dean-P-35\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\DEAN-P~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}\445616E602E4F667164756C60243531303C4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA509A52-01BF-484C-A834-18AF1267B04F} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB} : NameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
BHO-X64: QpBHO Class - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-3-29 135608]
R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-6-3 270336]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2011-3-29 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-13 1153368]
R2 SDFirewallService;Spybot-S&D 2 Firewall Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-5-31 3585696]
R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-5-31 3834456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-4-13 1082800]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-4-13 1149864]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-4-13 169624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-29 2320920]
R2 VZWConfigService;VZWConfigService;C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-2-11 169472]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe" --> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_001.sys --> C:\windows\system32\DRIVERS\NWRmNet_001.sys [?]
S3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;C:\windows\system32\DRIVERS\NWRmNet_022.sys --> C:\windows\system32\DRIVERS\NWRmNet_022.sys [?]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_001.sys --> C:\windows\system32\DRIVERS\nwusbmdm_001.sys [?]
S3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;C:\windows\system32\DRIVERS\nwusbmdm_022.sys --> C:\windows\system32\DRIVERS\nwusbmdm_022.sys [?]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_001.sys --> C:\windows\system32\DRIVERS\nwusbser_001.sys [?]
S3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;C:\windows\system32\DRIVERS\nwusbser_022.sys --> C:\windows\system32\DRIVERS\nwusbser_022.sys [?]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_001.sys --> C:\windows\system32\DRIVERS\nwusbser2_001.sys [?]
S3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;C:\windows\system32\DRIVERS\nwusbser2_022.sys --> C:\windows\system32\DRIVERS\nwusbser2_022.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe_
2012-04-14 19:50:49 93696 ----a-w- C:\ProgramData\14XqPxvo.exe
2012-04-14 18:38:30 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
2012-04-14 16:31:45 51712 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe
2012-04-14 14:35:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{084C90FC-AEB8-4D79-8B3E-199D792ED9A2}
2012-04-14 14:35:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A1EEA238-42D6-4C5E-9D22-AFA527812B43}
2012-04-13 22:05:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-13 20:55:51 -------- d-----w- C:\SpybotBootCD
2012-04-13 19:49:05 5679896 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-04-13 18:26:25 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\5CF06878.exe
2012-04-13 16:32:08 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 16:12:31 33792 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\9DF63B0B.exe
2012-04-13 16:11:21 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A824C43E-1BAB-4B0A-9CBC-F5547567E2DA}
2012-04-13 16:10:11 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6724D355-ADC6-424A-A3AB-F4F262BC503F}
2012-04-13 16:09:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{958F9125-ED75-4B19-8B0A-EBD3C510F0DF}
2012-04-13 16:09:32 -------- d-----w- C:\Users\Dean-P-35\Tracing
2012-04-13 16:08:33 -------- d-----w- C:\windows\en
2012-04-13 16:03:07 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
2012-04-13 16:03:07 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
2012-04-13 16:03:07 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
2012-04-13 16:03:07 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
2012-04-13 16:02:05 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{5EC34E75-0A65-401D-960A-708C27A59582}
2012-04-13 16:01:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8F117FA-E1DC-40AB-A42F-5E1BB9DE1E86}
2012-04-13 12:08:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{649FB6BB-1D7C-4B6D-BF4D-86A0B369650D}
2012-04-12 21:59:18 93696 ----a-w- C:\Users\Dean-P-35\AppData\Roaming\DDA3363F.exe
2012-04-12 21:10:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B0F50F37-BEFD-4BE9-A193-FE91269BA94B}
2012-04-12 03:34:54 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 03:34:54 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:34:53 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:32:45 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 03:32:45 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 03:32:45 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 03:32:44 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 03:32:44 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 03:32:44 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 03:32:44 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-12 03:07:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4AD2639E-A12E-4219-BE0F-8335BAC8ABE8}
2012-04-12 03:07:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9C1FB17F-E189-4AEB-8C79-87211A3CC039}
2012-04-11 13:49:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{710CF3CC-F8FA-437B-BEA8-D56EBAFF1C70}
2012-04-11 01:49:19 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A0507561-47DA-4E7B-B552-076E6702D501}
2012-04-10 13:48:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{BB4F04B3-668E-40F1-8135-8941E55A4D38}
2012-04-10 01:48:18 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9083E23F-6F32-46D9-8669-8E20C6E608E3}
2012-04-09 13:47:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{733E5E37-8A2F-410C-AACB-4AFFE941B869}
2012-04-09 01:45:36 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{195C6D3E-9D4A-4332-95C0-1C03FB1F38C1}
2012-04-08 13:45:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8F976A5A-F4AE-446E-AE20-ECDE7E9EC295}
2012-04-07 12:33:25 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{2E495B13-026F-4B14-A324-5AEEB2C4BDDD}
2012-04-06 20:53:16 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7AD9F1C9-B570-409D-9ECB-2729481F0714}
2012-04-06 01:00:53 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{C31F976D-FA94-4115-8BBE-40A6D872DD26}
2012-04-05 13:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{91D934B8-B1D9-4D1A-804A-5524613F8412}
2012-04-04 23:58:23 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{16AB1D3E-27FA-4106-BFDE-63FADA04A46D}
2012-04-04 02:37:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{4720F396-F045-4DCF-B2AD-3C0B09C06699}
2012-04-03 14:37:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9D2B7D7D-438E-4A87-A0F5-F8E8AE92A0A2}
2012-04-03 02:36:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{96F3C4D3-559A-4704-BFBF-5B959BD173CD}
2012-04-02 05:06:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D41C5B75-A4C6-42F6-A19D-6D7882BC3D3B}
2012-04-01 14:13:01 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{44A1807E-33EB-477A-ABDC-29D3FE49340B}
2012-03-31 13:58:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D6D6049E-D3C5-418C-9D83-1651202D2E74}
2012-03-30 16:14:00 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{73A3B573-AD1E-4979-89AB-A898F478B65B}
2012-03-30 04:13:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E8F87748-028D-4991-AE21-10AD86DC205E}
2012-03-29 16:12:57 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AE07EE6A-A867-4246-8D58-E8556C130EBB}
2012-03-29 03:00:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{1C822190-2A18-4936-A063-26792E96E61B}
2012-03-28 15:00:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8A7E574E-89E5-42CD-83E3-1E7061AFCA15}
2012-03-28 14:59:54 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{490420E2-35B7-41EA-84F6-9993C325A88F}
2012-03-28 02:59:27 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{22502869-C4D8-4608-A8E5-0F8D86E37098}
2012-03-28 02:59:02 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0E4635CF-94A3-4E7A-B834-B616E27E84D2}
2012-03-27 14:58:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E0170AFF-B7A0-416E-A164-08A071279942}
2012-03-27 14:58:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{64502DA2-F8AF-44F8-8761-7B7D50A12F85}
2012-03-27 02:57:46 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{DC855321-6CD1-4C6E-A13F-FDD48613EF50}
2012-03-27 02:57:22 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{973263A7-7D70-4CC9-B383-0C9324401C02}
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-26 14:57:08 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FD8BFBBF-184E-4EF9-A438-0447CD8E1C63}
2012-03-26 14:56:44 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{83944100-1791-4E75-965E-8F3315A52840}
2012-03-25 15:34:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B13498D4-7193-49F8-B8B8-6D6B75A3C959}
2012-03-25 15:34:20 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{FEF13E03-2CD2-4F92-B4E1-364645AAAD43}
2012-03-25 03:33:56 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8641FF32-9420-4F3A-9CA7-62EAA2B48639}
2012-03-25 03:33:31 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{20E7A3BD-45E2-4841-971C-66A1323DEE52}
2012-03-24 15:33:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{E9C938D5-0117-495A-B9A7-7DCB4AE9FB33}
2012-03-24 15:32:43 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3E2D8FF8-CF6E-43F7-B22B-594D184DD5BC}
2012-03-24 03:32:17 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{D92C6F46-489A-45FC-9C96-B94A469C73F4}
2012-03-24 03:31:52 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{3F7734BB-88B2-43BB-8CB7-E684C12A9D9E}
2012-03-23 15:31:24 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F1EC186E-22EF-4CFC-910E-9F2CAFF3E1B1}
2012-03-23 15:30:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B42F6FC3-48CB-4AB4-A22A-23918A96C107}
2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr
2012-03-22 05:17:29 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{509CCA2D-FB73-4AFE-B8A9-B894A74E426E}
2012-03-22 05:17:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{9AEA74C9-AFC4-4AFB-859B-698736644B19}
2012-03-21 17:16:38 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{806352C6-F682-40E8-AD0A-A0C3C4DD348A}
2012-03-21 17:16:09 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{A8AAB401-1902-477A-B6CA-6F25E5927349}
2012-03-20 18:34:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{34591528-16C4-4BE5-B6D9-DCDA057C6D2E}
2012-03-20 18:34:04 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8C73EA38-2983-4936-B254-21EC2348982E}
2012-03-20 06:33:37 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{F00F4FA7-DAF6-44EB-BB85-6CE016BD60C1}
2012-03-20 06:33:12 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{0BF8F1B2-A347-4CF0-9F2A-1D0F5E541FBA}
2012-03-19 15:30:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{7F906341-8F3E-4EC9-8D94-A5B0B4506500}
2012-03-19 15:30:35 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{82DA7031-5377-4ACA-A6B3-A072AC40A4D2}
2012-03-19 06:59:51 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{41DEE5E7-976E-4D65-98CE-69B9EBB7705D}
2012-03-19 06:59:39 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{AD711D22-0D0C-44A3-B661-E6CAA1295A09}
2012-03-18 15:40:06 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{963BA519-1E21-4207-AD1E-94E5C337FD52}
2012-03-18 15:39:49 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{520270DB-61FB-40DE-BEC7-0D8EE8F84E15}
2012-03-18 02:51:58 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{42A2B5DA-32C6-49C6-872D-652F96E1C2D6}
2012-03-18 02:51:34 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{B564F154-EBF6-4A92-B0FC-54C87E0CF78B}
2012-03-17 14:51:07 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{ABE2360B-DAEE-4BB1-A321-F7D8FD1CFB1A}
2012-03-17 14:50:55 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{8D5602A2-D88E-47D0-87BF-FF35A181B489}
2012-03-17 02:50:40 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6BC5F052-1F2B-4CDD-869D-45A80BA3EB5F}
2012-03-17 02:50:28 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{171DD523-9ED3-4CF3-BE64-38F09F834724}
2012-03-16 14:49:59 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{6E6796E5-5690-4D25-A09C-53DD772DEB65}
2012-03-16 14:49:42 -------- d-----w- C:\Users\Dean-P-35\AppData\Local\{823776D3-B069-44AF-8BCA-74582FA3BB54}
.
==================== Find3M ====================
.
2012-04-13 16:32:08 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 23:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 16:33:46.65 ===============
Other Method was Email to Support Option Under Support
Thanks for Reply:
The other method was an email to support under the support tab. Since I have Not received an email back from him today, I will continue with you and send email to support that I am working with You.
I can not attach the ".cab" file from the 2.0.7 Beta save of log files. It is too Big (21 MB).
Assuming you work on Spybot 2.0.7 Beta, I will execute your last instructions and send you the output.
Thanks for your help.
The email exchange with Jochen is below for your reference.
Dean
=================================================
Jochen EMAIL:
Hello Dean,
Please send us a complete bug report. In order to do so, please run Spybot - Search & Destroy and switch to Advanced Mode via the menu item Mode, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Please attach this file to your email and send it again to detections@spybot.info.
best regards,
Jochen T.
Team Spybot
======================
My Response:
Jochen:
I have attached the scan log but I need to update you on a few facts:
1. When I finally found my Spybot ID/Password, I also submitted a problem report on the "Malware Removal" forum entittled
"Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic" by Silverbullet.
2.My user ID (Dean-P-35) on the Laptop does not display the desktop when I login now, so I am using another ID(Jean).
3.Unfortunately, I found out that I had 2 versions of SpyBot installed and I both running at one time: 1.6.2 and 2.0.5.Beta.
4. I had trouble uninstalling both but now I believe that I have both uninstalled and currently only 2.0.7.131 Beta installed.
5. I did the deep scan with 2.0.7.131 SpyBot and did the fix problems and then saved the log. I have attached the log to this email.
6. I still have problems
Dean
=============================
aswMBR.exe txt file and Zip File
Thanks Again
Will Wait for your response.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-17 11:44:11
-----------------------------
11:44:11.766 OS Version: Windows x64 6.1.7601 Service Pack 1
11:44:11.766 Number of processors: 4 586 0x2505
11:44:11.766 ComputerName: TOSHIBA-A665 UserName: Jean
11:44:13.108 Initialize success
11:46:01.323 AVAST engine defs: 12041700
11:46:22.007 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:46:22.009 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
11:46:22.024 Disk 0 MBR read successfully
11:46:22.027 Disk 0 MBR scan
11:46:22.032 Disk 0 Windows VISTA default MBR code
11:46:22.044 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:46:22.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
11:46:22.097 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
11:46:22.154 Disk 0 scanning C:\windows\system32\drivers
11:46:33.130 Service scanning
11:47:15.703 Modules scanning
11:47:15.703 Disk 0 trace - called modules:
11:47:15.781 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
11:47:15.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069f1060]
11:47:15.796 3 CLASSPNP.SYS[fffff8800199743f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069f0060]
11:47:15.812 5 thpdrv.sys[fffff88001de9cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049ca050]
11:47:18.136 AVAST engine scan C:\windows
11:47:20.820 AVAST engine scan C:\windows\system32
11:50:16.894 AVAST engine scan C:\windows\system32\drivers
11:50:31.528 AVAST engine scan C:\Users\Jean
11:53:22.236 File: C:\Users\Jean\AppData\Roaming\5CF06878.exe **INFECTED** Win32:Rootkit-gen [Rtk]
11:53:22.298 File: C:\Users\Jean\AppData\Roaming\6B5F0FE8.exe **INFECTED** Win32:Downloader-NWY [Trj]
11:53:33.668 File: C:\Users\Jean\AppData\Roaming\ohhjipgm.exe **INFECTED** Win32:Crypt-MLE [Trj]
11:53:38.005 File: C:\Users\Jean\winlogon.exe **INFECTED** Win32:Downloader-NVR [Trj]
11:53:44.120 AVAST engine scan C:\ProgramData
11:56:31.741 Scan finished successfully
11:57:27.102 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Desktop\MBR.dat"
11:57:27.117 The log file has been saved successfully to "C:\Users\Jean\Desktop\aswMBR.txt"
Dean
Combofix Log-No HJT Log-Can't Find Executable
ComboFix 12-04-17.01 - Jean 04/17/2012 18:54:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2459 [GMT -5:00]
Running from: c:\users\Jean\Desktop\ComboFix.exe
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\14XqPxvo.exe
c:\programdata\14XqPxvo.exe_
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Dean-P-35\AppData\Roaming\5CF06878.exe
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoActivate.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoHelp.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\IcoUninstall.ico
c:\users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe
c:\users\Dean-P-35\AppData\Roaming\DDA3363F.exe
c:\users\Dean-P-35\uidsave.dat
c:\users\Dean-P-35\WINDOWS
c:\users\Dean-P-35\WINDOWS\Driver\0002.mpg
c:\users\Dean-P-35\WINDOWS\Driver\001.avi
c:\users\Dean-P-35\WINDOWS\Driver\001.mpg
c:\users\Dean-P-35\WINDOWS\Driver\002.mpg
c:\users\Dean-P-35\WINDOWS\Driver\01.mpg
c:\users\Dean-P-35\WINDOWS\Driver\01.wmv
c:\users\Dean-P-35\WINDOWS\Driver\01ss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02.mpg
c:\users\Dean-P-35\WINDOWS\Driver\02.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02sss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02ssss.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02x.wmv
c:\users\Dean-P-35\WINDOWS\Driver\02y.mpg
c:\users\Dean-P-35\WINDOWS\Driver\03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0332.wmv
c:\users\Dean-P-35\WINDOWS\Driver\03uuu.wmv
c:\users\Dean-P-35\WINDOWS\Driver\04wwwww.wmv
c:\users\Dean-P-35\WINDOWS\Driver\05031202.wmv
c:\users\Dean-P-35\WINDOWS\Driver\05031203.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0ddd4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0eeee2.mpg
c:\users\Dean-P-35\WINDOWS\Driver\0l4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\0t1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\10.wmv
c:\users\Dean-P-35\WINDOWS\Driver\14444.wmv
c:\users\Dean-P-35\WINDOWS\Driver\15_004.wmv
c:\users\Dean-P-35\WINDOWS\Driver\1m.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\222.wmv
c:\users\Dean-P-35\WINDOWS\Driver\233.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2m.wmv
c:\users\Dean-P-35\WINDOWS\Driver\2mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\3mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\4.mpg
c:\users\Dean-P-35\WINDOWS\Driver\4.wmv
c:\users\Dean-P-35\WINDOWS\Driver\4mov.wmv
c:\users\Dean-P-35\WINDOWS\Driver\5396_4_clip.wmv
c:\users\Dean-P-35\WINDOWS\Driver\6093_04_180sec_00.wmv
c:\users\Dean-P-35\WINDOWS\Driver\analdaughters_clips02.wmv
c:\users\Dean-P-35\WINDOWS\Driver\angel1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\brazzersvault-penny-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\canhescore-alexistexas-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x2.mpg
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\chicksgonewild3_x4.mpg
c:\users\Dean-P-35\WINDOWS\Driver\clip03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\crissycreampie_chunk_1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\cwwlip03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\Desktop.ini
c:\users\Dean-P-35\WINDOWS\Driver\eastblocamateurs-dot-com-1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\Euangels_2__3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\fetishonepass.com_01.wmv
c:\users\Dean-P-35\WINDOWS\Driver\gia1.mpg
c:\users\Dean-P-35\WINDOWS\Driver\hotbush-sexgames-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\housewife1on1-mariabellucci-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kennakane-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-kimberlykane-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\mysistershotfriend-madisonivy4-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-alliehaze5-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\naughtyoffice-laurenphoenix-2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\pornstarxs_4559-1-3.mpg
c:\users\Dean-P-35\WINDOWS\Driver\realwifestories-kimberly-1.wmv
c:\users\Dean-P-35\WINDOWS\Driver\spcp-11.wmv
c:\users\Dean-P-35\WINDOWS\Driver\spcp-12.wmv
c:\users\Dean-P-35\WINDOWS\Driver\suziediamond_chunk_2.wmv
c:\users\Dean-P-35\WINDOWS\Driver\Thumbs.db
c:\users\Dean-P-35\WINDOWS\Driver\v0131b.wmv
c:\users\Dean-P-35\WINDOWS\Driver\V03124_big_03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V09475_big_04.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_04.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V20138_big_05.mpg
c:\users\Dean-P-35\WINDOWS\Driver\V21919_big_03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\vid03.mpg
c:\users\Dean-P-35\WINDOWS\Driver\vid03.wmv
c:\users\Dean-P-35\WINDOWS\Driver\videosz-the-girl-next-door-5-22.mpg
c:\users\Dean-P-35\WINDOWS\Driver\videosz-trombone-blown-2-91.mpg
c:\users\Dean_Standard_User\uidsave.dat
c:\users\Jean\AppData\Roaming\5CF06878.exe
c:\users\Jean\AppData\Roaming\6B5F0FE8.exe
c:\users\Jean\AppData\Roaming\FA9C4BFD.exe
c:\users\Jean\AppData\Roaming\ohhjipgm.exe
c:\users\Jean\uidsave.dat
c:\users\Jean\WINDOWS
c:\users\Jean\winlogon.exe
c:\windows\SysWow64\crrss.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean-P-35\AppData\Local\temp
2012-04-18 00:00 . 2012-04-18 00:00 -------- d-----w- c:\users\Dean_Standard_User\AppData\Local\temp
2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Local\IsolatedStorage
2012-04-17 15:07 . 2012-04-17 15:07 -------- d-----w- c:\users\Jean\AppData\Roaming\Intuit
2012-04-16 16:10 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-04-16 16:10 . 2012-04-16 16:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-04-15 22:53 . 2012-04-15 22:53 -------- d-----w- c:\users\Jean\AppData\Roaming\SoftGrid Client
2012-04-14 20:47 . 2012-04-14 20:47 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-13 20:55 . 2012-04-13 20:55 -------- d-----w- C:\SpybotBootCD
2012-04-13 19:49 . 2012-04-13 19:49 5679896 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-04-13 19:42 . 2012-04-17 16:50 -------- d-----w- c:\users\Jean\AppData\Local\CrashDumps
2012-04-13 16:32 . 2012-04-13 16:32 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 16:09 . 2012-04-13 16:09 -------- d-----w- c:\users\Dean-P-35\Tracing
2012-04-13 16:08 . 2012-04-13 16:08 -------- d-----w- c:\windows\en
2012-04-13 16:03 . 2012-04-13 16:03 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DSETUP.dll
2012-04-13 16:03 . 2012-04-13 16:03 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\DXSETUP.exe
2012-04-13 16:03 . 2012-04-13 16:03 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea5051cd1cd198e01\dsetup32.dll
2012-04-13 16:03 . 2012-04-13 16:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea8a4dc71cd198e02\MeshBetaRemover.exe
2012-04-12 03:34 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:34 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:34 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:32 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 16:32 . 2011-06-10 05:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 08:51 . 2012-04-14 18:38 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0C2E292-F94F-4E6F-A268-02535FFD21DE}\mpengine.dll
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 15:18 . 2011-05-29 15:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 14:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 15:22 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:22 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:55 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 14:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-12-21 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 uvkohury;uvkohury;c:\windows\system32\drivers\uvkohury.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 ALSysIO;ALSysIO;c:\users\DEAN-P~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_001.sys [x]
R3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_022.sys [x]
R3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_001.sys [x]
R3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_022.sys [x]
R3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_001.sys [x]
R3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_022.sys [x]
R3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_001.sys [x]
R3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_022.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-12-08 135608]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [2010-06-03 270336]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 VZWConfigService;VZWConfigService;c:\program files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2011-02-11 169472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:32]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-crrss - c:\windows\system32\crrss.exe
Notify-igfxcui - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,4d,c0,c5,47,3b,6f,4b,ab,d9,96,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-17 19:17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 00:17
.
Pre-Run: 550,539,096,064 bytes free
Post-Run: 551,791,751,168 bytes free
.
- - End Of File - - 323E745D4857735000C060B5935D403D