Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: Multiple iexplore tasks slow "Windows 7" Laptop & Unknown Network Traffic

  1. #21
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default Yes, After I rebooted and Logged in, explorer was running

    I start task manager, kill the one instance of explorer, start a new explorer process thur task manager and I get my desktop back.

    Whether I only log off or shutdown and reboot, the desktop does not display unless I follow your process.

  2. #22
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    There are several cuases for this but no one sure fix. As it appears to be only the one account that is effected I think we can rule out a hardare problem.

    The explorer window that opens, does it have a name? ie: my document, my pictures etc

    Try booting to safe mode and see if the problem still persists.

    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Same problem?

    Next try a clean boot:

    Let's try a clean boot and see if the computer is any better. You may not have all the functionality as only a minimal set of drivers and startup programs will load at startup.

    click start and type msconfig.exe in the search box and press enter.

    On the General tab
    • check Selective startup
    • uncheck Load startup items


    click the Services tab
    • check select the Hide all Microsoft services
    • check Disable all.
    • Click Ok
    • Click Restart
    Any better?
    Member of UNITE and ASAP

  3. #23
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Angry Answers: 1.)"My Documents" 2.)No Change Same Problem 3).No Change Same Problem

    Quote Originally Posted by oldman960 View Post
    Hi Silverbullet,

    There are several cuases for this but no one sure fix. As it appears to be only the one account that is effected I think we can rule out a hardare problem.

    The explorer window that opens, does it have a name? ie: my document, my pictures etc
    No name,Just "Dean-P-35 -->My Documents"

    Try booting to safe mode and see if the problem still persists.

    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Same problem?
    Yes Same Problem

    Next try a clean boot:

    Let's try a clean boot and see if the computer is any better. You may not have all the functionality as only a minimal set of drivers and startup programs will load at startup.

    click start and type msconfig.exe in the search box and press enter.

    On the General tab
    • check Selective startup
    • uncheck Load startup items


    click the Services tab
    • check select the Hide all Microsoft services
    • check Disable all.
    • Click Ok
    • Click Restart
    Any better?
    ***Same Problem***

  4. #24
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    That gets us a bit closer.

    We'll work from the effected account.

    First go back into msconfig and reset everything you changed back to how it was before. Reboot and log back into that account.

    Run OTL from the effected account with the following settings:

    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the bax beside "scan all users"
    • UNCheck the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following (do not copy the word code)
      Code:
      HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|shell /rs
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Please post the OTL.txt produced.
    Last edited by oldman960; 2012-04-22 at 10:08.
    Member of UNITE and ASAP

  5. #25
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default OTL.TXT Log

    OTL logfile created on: 4/22/2012 7:33:12 AM - Run 2
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jean\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 59.12% Memory free
    7.60 Gb Paging File | 5.80 Gb Available in Paging File | 76.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.67 Gb Total Space | 513.05 Gb Free Space | 88.05% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-A665 | User Name: Dean-P-35 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jean\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
    SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe (Symantec Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (VZWConfigService) -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (Novatel Wireless Inc.)
    SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
    SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)
    SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe (Novatel Wireless Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
    DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (NWUSBPort2_022) -- C:\Windows\SysNative\drivers\nwusbser2_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBPort_022) -- C:\Windows\SysNative\drivers\nwusbser_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBModem_022) -- C:\Windows\SysNative\drivers\nwusbmdm_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWRmNet_022) -- C:\Windows\SysNative\drivers\NWRmNet_022.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWRmNet_001) -- C:\Windows\SysNative\drivers\NWRmNet_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
    DRV:64bit: - (NWUSBPort2_001) -- C:\Windows\SysNative\drivers\nwusbser2_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBPort_001) -- C:\Windows\SysNative\drivers\nwusbser_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (NWUSBModem_001) -- C:\Windows\SysNative\drivers\nwusbmdm_001.sys (Novatel Wireless Inc.)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
    DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
    DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
    DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
    DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
    DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
    DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
    DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{8652BADC-8B1B-4E5D-AB71-2E1641A7424F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0085586D-CAAC-42C9-98A0-49EED9294734}
    IE - HKLM\..\SearchScopes\{0085586D-CAAC-42C9-98A0-49EED9294734}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startribune.com/
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes\{391A3668-29CE-4E8C-8005-20E6BE0D13ED}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=63FB6EE5-0D44-4F57-964F-9FB17B5349C2&apn_sauid=EAF31677-8952-496B-BD94-933CD74C91DB
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\SearchScopes\{97B1AC55-3162-4E8C-B669-A9505BED6022}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41647863&src=kw&q={searchTerms}&locale=&apn_ptnrs=1R&apn_dtid=YYYYYYYYUS&apn_uid=1264D3D0-0958-41EB-A9A7-051855E39954&apn_sauid=D0DA637F-AC69-4B1B-B6F9-8D55843EC31B
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/12/12 16:45:39 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/04/18 21:16:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection] "C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe" /STARTUP File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection 2012 SM] C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [cdloader] C:\Users\Dean-P-35\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [qudqt4wswdse] C:\Users\DEAN-P~1\AppData\Local\Temp\17D5.tmp File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [winlogon] C:\Users\Dean-P-35\winlogon.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O15 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D92E38F-8E27-4098-A6B7-8C44F0DF97E6}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA68D792-5613-49DA-95DA-A2CA5A9EADBB}: NameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004 Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004 Winlogon: Shell - ("C:\Users\Dean-P-35\winlogon.exe") - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/22 07:32:32 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{3ACE5AAD-D866-4677-B152-B44A67156B7B}
    [2012/04/22 07:32:20 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{5137B8FF-1C8E-4488-8391-D48A4EA8EAA7}
    [2012/04/21 20:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/04/21 20:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/04/21 19:40:54 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2012/04/21 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8CEA2458-024E-42D6-B772-84D0616C2076}
    [2012/04/21 08:13:41 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{67836833-5FCA-4CFA-978A-396313171E8E}
    [2012/04/20 09:08:12 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{EA0607A4-73F6-43EB-AB48-88103C17C699}
    [2012/04/20 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{0A424C42-3F63-4019-803D-0D5E87E99AC3}
    [2012/04/19 11:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/04/19 10:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/19 10:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/19 10:21:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/04/19 10:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/19 09:20:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/18 21:40:58 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\temp
    [2012/04/18 20:34:13 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{6F51EF51-E11B-4105-8CB9-52BEBD5C50F4}
    [2012/04/18 20:33:50 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A87D0BDB-65BD-492D-B812-91971C706DB7}
    [2012/04/17 18:50:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/04/17 18:50:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/04/17 18:50:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/04/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/16 13:17:29 | 000,000,000 | R--D | C] -- C:\Users\Dean-P-35\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/04/16 11:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2012/04/16 11:10:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
    [2012/04/16 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2012/04/14 15:54:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dean-P-35\Desktop\dds.scr
    [2012/04/14 15:50:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/04/14 15:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/04/14 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\spybot
    [2012/04/14 09:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{084C90FC-AEB8-4D79-8B3E-199D792ED9A2}
    [2012/04/14 09:35:01 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A1EEA238-42D6-4C5E-9D22-AFA527812B43}
    [2012/04/13 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/04/13 15:55:51 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
    [2012/04/13 11:32:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/04/13 11:11:21 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A824C43E-1BAB-4B0A-9CBC-F5547567E2DA}
    [2012/04/13 11:10:11 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{6724D355-ADC6-424A-A3AB-F4F262BC503F}
    [2012/04/13 11:09:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{958F9125-ED75-4B19-8B0A-EBD3C510F0DF}
    [2012/04/13 11:08:33 | 000,000,000 | ---D | C] -- C:\windows\en
    [2012/04/13 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{5EC34E75-0A65-401D-960A-708C27A59582}
    [2012/04/13 11:01:37 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A8F117FA-E1DC-40AB-A42F-5E1BB9DE1E86}
    [2012/04/13 07:08:40 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{649FB6BB-1D7C-4B6D-BF4D-86A0B369650D}
    [2012/04/12 16:10:20 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{B0F50F37-BEFD-4BE9-A193-FE91269BA94B}
    [2012/04/11 22:35:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2012/04/11 22:35:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2012/04/11 22:35:16 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2012/04/11 22:35:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2012/04/11 22:35:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
    [2012/04/11 22:35:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
    [2012/04/11 22:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2012/04/11 22:35:15 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2012/04/11 22:35:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2012/04/11 22:35:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2012/04/11 22:35:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2012/04/11 22:34:54 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2012/04/11 22:34:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2012/04/11 22:34:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2012/04/11 22:32:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
    [2012/04/11 22:32:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
    [2012/04/11 22:32:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
    [2012/04/11 22:07:57 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{4AD2639E-A12E-4219-BE0F-8335BAC8ABE8}
    [2012/04/11 22:07:23 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{9C1FB17F-E189-4AEB-8C79-87211A3CC039}
    [2012/04/11 08:49:54 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{710CF3CC-F8FA-437B-BEA8-D56EBAFF1C70}
    [2012/04/10 20:49:19 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{A0507561-47DA-4E7B-B552-076E6702D501}
    [2012/04/10 08:48:54 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{BB4F04B3-668E-40F1-8135-8941E55A4D38}
    [2012/04/09 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{9083E23F-6F32-46D9-8669-8E20C6E608E3}
    [2012/04/09 08:47:37 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{733E5E37-8A2F-410C-AACB-4AFFE941B869}
    [2012/04/08 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{195C6D3E-9D4A-4332-95C0-1C03FB1F38C1}
    [2012/04/08 08:45:00 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8F976A5A-F4AE-446E-AE20-ECDE7E9EC295}
    [2012/04/07 07:33:25 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{2E495B13-026F-4B14-A324-5AEEB2C4BDDD}
    [2012/04/06 15:53:16 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{7AD9F1C9-B570-409D-9ECB-2729481F0714}
    [2012/04/05 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{C31F976D-FA94-4115-8BBE-40A6D872DD26}
    [2012/04/05 08:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{91D934B8-B1D9-4D1A-804A-5524613F8412}
    [2012/04/04 18:58:23 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{16AB1D3E-27FA-4106-BFDE-63FADA04A46D}
    [2012/04/03 21:37:40 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{4720F396-F045-4DCF-B2AD-3C0B09C06699}
    [2012/04/03 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{9D2B7D7D-438E-4A87-A0F5-F8E8AE92A0A2}
    [2012/04/02 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{96F3C4D3-559A-4704-BFBF-5B959BD173CD}
    [2012/04/02 00:06:09 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{D41C5B75-A4C6-42F6-A19D-6D7882BC3D3B}
    [2012/04/01 09:13:01 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{44A1807E-33EB-477A-ABDC-29D3FE49340B}
    [2012/03/31 08:58:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{D6D6049E-D3C5-418C-9D83-1651202D2E74}
    [2012/03/30 11:14:00 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{73A3B573-AD1E-4979-89AB-A898F478B65B}
    [2012/03/29 23:13:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{E8F87748-028D-4991-AE21-10AD86DC205E}
    [2012/03/29 11:12:57 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{AE07EE6A-A867-4246-8D58-E8556C130EBB}
    [2012/03/28 22:00:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{1C822190-2A18-4936-A063-26792E96E61B}
    [2012/03/28 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8A7E574E-89E5-42CD-83E3-1E7061AFCA15}
    [2012/03/28 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{490420E2-35B7-41EA-84F6-9993C325A88F}
    [2012/03/27 21:59:27 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{22502869-C4D8-4608-A8E5-0F8D86E37098}
    [2012/03/27 21:59:02 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{0E4635CF-94A3-4E7A-B834-B616E27E84D2}
    [2012/03/27 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{E0170AFF-B7A0-416E-A164-08A071279942}
    [2012/03/27 09:58:12 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{64502DA2-F8AF-44F8-8761-7B7D50A12F85}
    [2012/03/26 21:57:46 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{DC855321-6CD1-4C6E-A13F-FDD48613EF50}
    [2012/03/26 21:57:22 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{973263A7-7D70-4CC9-B383-0C9324401C02}
    [2012/03/26 09:57:08 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{FD8BFBBF-184E-4EF9-A438-0447CD8E1C63}
    [2012/03/26 09:56:44 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{83944100-1791-4E75-965E-8F3315A52840}
    [2012/03/25 10:34:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{B13498D4-7193-49F8-B8B8-6D6B75A3C959}
    [2012/03/25 10:34:20 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{FEF13E03-2CD2-4F92-B4E1-364645AAAD43}
    [2012/03/24 22:33:56 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{8641FF32-9420-4F3A-9CA7-62EAA2B48639}
    [2012/03/24 22:33:31 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{20E7A3BD-45E2-4841-971C-66A1323DEE52}
    [2012/03/24 10:33:06 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{E9C938D5-0117-495A-B9A7-7DCB4AE9FB33}
    [2012/03/24 10:32:43 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{3E2D8FF8-CF6E-43F7-B22B-594D184DD5BC}
    [2012/03/23 22:32:17 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{D92C6F46-489A-45FC-9C96-B94A469C73F4}
    [2012/03/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{3F7734BB-88B2-43BB-8CB7-E684C12A9D9E}
    [2012/03/23 15:05:07 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\Documents\RV Motorhome Brochure
    [2012/03/23 10:31:24 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{F1EC186E-22EF-4CFC-910E-9F2CAFF3E1B1}
    [2012/03/23 10:30:58 | 000,000,000 | ---D | C] -- C:\Users\Dean-P-35\AppData\Local\{B42F6FC3-48CB-4AB4-A22A-23918A96C107}
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/22 07:31:41 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/22 07:31:41 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/22 07:27:37 | 000,783,592 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/04/22 07:27:37 | 000,663,110 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/04/22 07:27:37 | 000,122,648 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/04/22 07:25:11 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/04/22 07:23:33 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/22 07:23:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/04/22 07:22:58 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/22 06:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/21 20:38:13 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/04/21 20:38:05 | 000,797,742 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/04/19 10:21:50 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/18 21:16:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/04/18 06:26:33 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062707.backup
    [2012/04/18 00:31:17 | 000,441,863 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-062633.backup
    [2012/04/17 19:09:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120418-003117.backup
    [2012/04/16 11:10:55 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/04/14 16:55:05 | 000,001,942 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk
    [2012/04/14 15:47:38 | 000,000,944 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
    [2012/04/14 15:47:38 | 000,000,920 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\ERUNT.lnk
    [2012/04/14 15:10:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dean-P-35\Desktop\dds.scr
    [2012/04/14 14:37:31 | 000,001,327 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/04/14 14:37:31 | 000,001,303 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\Spybot - Search & Destroy.lnk
    [2012/04/14 11:02:54 | 000,003,505 | ---- | M] () -- C:\windows\wininit.ini
    [2012/04/14 09:48:34 | 000,001,452 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/04/14 09:30:18 | 000,001,404 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\iexplore.exe - Shortcut.lnk
    [2012/04/13 18:19:02 | 000,000,384 | ---- | M] () -- C:\Users\Dean-P-35\AppData\Roaming\Network Meter_Settings.ini
    [2012/04/13 11:32:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/04/13 11:32:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/04/12 15:24:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/04/11 10:06:10 | 000,331,565 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\2011 Federal Tax Rate Table.pdf
    [2012/04/08 13:21:05 | 000,188,474 | ---- | M] () -- C:\Users\Dean-P-35\Desktop\f990ez--2010.pdf
    [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/03/31 09:30:55 | 000,000,018 | ---- | M] () -- C:\windows\phsrch5.ini
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/22 07:19:25 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/04/22 07:19:25 | 000,002,010 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2012/04/21 20:38:01 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/04/19 10:21:50 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/17 18:50:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/04/17 18:50:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/04/17 18:50:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/04/17 18:50:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/04/17 18:50:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/04/16 11:10:55 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2012/04/16 11:10:55 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/04/14 16:55:05 | 000,001,942 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk
    [2012/04/14 15:47:38 | 000,000,944 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
    [2012/04/14 15:47:38 | 000,000,920 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\ERUNT.lnk
    [2012/04/14 09:48:34 | 000,001,452 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/04/14 09:30:18 | 000,001,404 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\iexplore.exe - Shortcut.lnk
    [2012/04/13 17:05:08 | 000,001,327 | ---- | C] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/04/13 17:05:08 | 000,001,303 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\Spybot - Search & Destroy.lnk
    [2012/04/13 11:32:08 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/04/13 10:21:05 | 000,003,505 | ---- | C] () -- C:\windows\wininit.ini
    [2012/04/11 10:06:10 | 000,331,565 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\2011 Federal Tax Rate Table.pdf
    [2012/04/08 13:21:05 | 000,188,474 | ---- | C] () -- C:\Users\Dean-P-35\Desktop\f990ez--2010.pdf
    [2011/12/31 12:13:13 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
    [2011/12/25 14:11:26 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
    [2011/12/12 13:46:16 | 000,206,568 | ---- | C] () -- C:\windows\hpwins28.dat
    [2011/12/12 12:55:55 | 000,207,287 | ---- | C] () -- C:\windows\hpwins28.dat.temp
    [2011/12/12 11:01:47 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
    [2011/12/11 17:12:10 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
    [2011/11/20 10:07:23 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/10/04 18:30:47 | 000,211,046 | ---- | C] () -- C:\windows\hpoins21.dat
    [2011/10/04 18:30:47 | 000,005,474 | ---- | C] () -- C:\windows\hpomdl21.dat
    [2011/08/30 14:08:56 | 000,000,018 | ---- | C] () -- C:\windows\phsrch5.ini
    [2011/07/08 15:23:02 | 000,000,506 | ---- | C] () -- C:\windows\ODBC.INI
    [2011/05/31 14:15:08 | 000,000,384 | ---- | C] () -- C:\Users\Dean-P-35\AppData\Roaming\Network Meter_Settings.ini
    [2011/05/04 08:03:33 | 000,027,648 | ---- | C] () -- C:\Users\Dean-P-35\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/30 09:47:33 | 000,797,742 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/04/29 09:42:33 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
    [2010/07/29 07:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
    [2010/07/29 07:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
    [2010/07/29 07:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
    [2010/07/29 06:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
    [2010/07/29 06:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

    ========== Custom Scans ==========

    < HKEY_current_user\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon|shell /rs >

    < End of report >

  6. #26
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    Let's see if this will do it.


    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    :OTL
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection] "C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe" /STARTUP File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [Antivirus Protection 2012 SM] C:\Users\Dean-P-35\AppData\Roaming\Antivirus Protection\securitymanager.exe File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [PC Health Status] C:\Users\Dean-P-35\AppData\Roaming\ohhjipgm.exe File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [qudqt4wswdse] C:\Users\DEAN-P~1\AppData\Local\Temp\17D5.tmp File not found
    O4 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004..\Run: [winlogon] C:\Users\Dean-P-35\winlogon.exe File not found
    O20 - HKU\S-1-5-21-2895267613-2196976214-2928141131-1004 Winlogon: Shell - ("C:\Users\Dean-P-35\winlogon.exe") - File not found
    [2012/04/14 16:55:05 | 000,001,942 | ---- | M] () -- C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [createrestorepoint]
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    • Reboot your computer
    Please post the OTL fix log.
    Member of UNITE and ASAP

  7. #27
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default OTL Fix Worked by Desktop is back!==Thank You

    OTL Log:

    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus Protection deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus Protection 2012 SM deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PC Health Status deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\qudqt4wswdse deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\Software\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2895267613-2196976214-2928141131-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Dean-P-35\winlogon.exe" deleted successfully.
    C:\Users\Dean-P-35\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Jean\Downloads\cmd.bat deleted successfully.
    C:\Users\Jean\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.40.0 log created on 04222012_143813

  8. #28
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    Good. Any other issues with the computer?
    Member of UNITE and ASAP

  9. #29
    Member Silverbullet's Avatar
    Join Date
    Sep 2008
    Posts
    35

    Default No other Issues, the Laptop is back to normal-Thank You very much

    Thanks again. Everything is back to normal.

  10. #30
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Silverbullet,

    I don't see an antivirus program installed on this computer. I'll give you some links to some good free ones. You can install one after you remove the tools.

    We'll clean up the tools now.

    From your desktop, please delete, if present
    • any notepads/logs that we created
    • aswMBR.exe
    • mbr.zip
    • mbr.dat
    • DDS.scr


    Next

    Click the Start button. Copy and paste the following line into the search box and hit enter


    Combofix /uninstall



    Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


    I suggest you keep MBAM. Keep it updated and use it regularly.


    Antivirus programs

    Download and install one of these programs.

    Avast
    Help and support can be found here Avast Forum
    Antivir PersonalEditionClassic
    Help and support can be found here Avira Personal Support Forum
    Microsoft Security Essentials
    Support


    Updates

    Java

    You can get the newest version of Java 32bit and 64bit from HERE
    • in the Java Platform, Standard Edition section click the download button under JRE
    • Accept the Accept License Agreement
    • download Windows x86 (32-bit) Offline and Windows x64 (64-bit)
    • save them to your desktop, do not install them yet


    Click start > Control panel
    • under Programs click Uninstall a program
    • Uninstall
      Java(TM) 6 Update 30 (64-bit)
      Java(TM) 6 Update 30


    Next

    Install the new java by double clicking the files you downlloaded. Remember to decline the Ask ToolBar.

    Next

    Click your start button > Control Panel
    • Use the drop down menu beside view by and change it to small icons
    • locate java (32bit) in the list and click on it
    • On the General tab, Click Settings under Temporary Internet Files.
    • On the Temporary Files Settings screen, Click Delete Files.
    • check all boxes
    • Click OK
    Do the sme with the 64bit applet.


    Adobe Reader

    You have an older version of Adobe Reader. You can download the current version HERE

    You may want to consider Foxit Reader instead. It may be a bit lighter on resources. If you choose FoxIt be sure to decline the FoxIt toolbar when it is offered during the install.

    Visit their support forum
    Foxit Forum

    In either case you should uninstall Adobe Reader 9.5.1 first. Be sure to move any PDF documents to another folder first though.


    Some Recommendations and prevention tips

    Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall and install an antivirus program. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE .


    You will need to reinstall the Custom Hosts file that Spybot had previously installed.
    1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
    2-Right-click an item in the list of immunizations and click "Deselect All."
    3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
    4-Click "Immunize" on the Spybot toolbar.


    -Secure your Internet Explorer

    From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


    - Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings


    - Keep your antivirus program updated, as well as any other security programs you have.


    -More tips and programs can be found HERE

    Please post back if you have any problems.

    Take care
    Member of UNITE and ASAP

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •