PDA

View Full Version : Spybot System Scan won't run



susieqaz1
2013-02-02, 12:06
Hi,

Thanks in advance for the assistance.

Earlier today, I removed some software that popped up -- 24X7 Help -- an icon (a woman with a headphone) started cropping up on every window. I uninstalled it in Programs, and it's gone, but I decided that I needed to run Spybot. I had to reinstall Windows several months ago, and just realized I hadn't re-downloaded Spybot after that. So I downloaded it. But it won't run. I can update and immunize, but when I click the "System Scan" button, I get a "wait" icon for a second or two, then nothing happens. The cursor goes back to the arrow. I can't actually open Spybot from the Start menu. I have to right click on the icon in the system tray, right click, then choose "Start Center."

I have tried uninstalling and reinstalling Spybot, with the same results. I tried running in Safe Mode, but it didn't work there, either.

Here is my info:


I have a PC running Windows 7
I downloaded ERUNT and created a registry backup.
My DDS.txt info is below.
I have the attach.txt file on my desktop, but I cannot zip it. When I right cliek, choose "send," and choose the compressed option, I get an error message that says "Unable to complete the operation. Access is denied." (I have full administrator privileges.)
My aswMBR Log is below
I do not have a Spybot log, because I can't run a system scan. (I was not able to disable TeaTimer because I don't seem to have TeaTimer -- there is no "resident" icon. I have the free version of Spybot (ver. 2.0.12.0), but I know I've had TeaTimer with the free version before.)



DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Susie at 1:04:24 on 2013-02-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1116 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
C:\windows\system32\CorelCreatorMessages.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe
C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe
C:\Users\Susie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files (x86)\Plustek\OpticSlim M12\DigiScan.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Users\Susie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Google Update] "C:\Users\Susie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [cdloader] "C:\Users\Susie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Akamai NetSession Interface] "C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe"
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [SkyDrive] "C:\Users\Susie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ScanSnap WIA Service Checker] C:\windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Susie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\Susie\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DigiScan.lnk - C:\Program Files (x86)\Plustek\OpticSlim M12\DigiScan.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{91D554F0-DE4A-4CCB-B745-A67B503A23E8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\341666665602C4164627F6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\341666665602C4164627F6 : DHCPNameServer = 205.171.3.65 205.171.2.65
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560214C6C656972343 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560214C6C656972343 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560275962756C6563737 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560275962756C6563737 : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\6457C6C6F466D45627 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\6457C6C6F466D45627 : DHCPNameServer = 192.168.1.1 207.115.64.172 207.115.64.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [CorelCreatorClient] C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 IconixOutlookUpdaterService;Iconix Outlook Addin Updater Service;C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe [2009-8-18 214360]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-9 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-16 69640]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-2-16 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2012-2-16 126392]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-2 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-2 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-2 168384]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-16 2320920]
R3 CorelCreatorMessages;CorelCreatorMessages;C:\windows\System32\CorelCreatorMessages.exe [2012-4-25 105984]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-16 35008]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2012-2-16 946688]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-16 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-16 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-2-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-21 1255736]
.
=============== Created Last 30 ================
.
2013-02-02 08:11:07 388096 ----a-r- C:\Users\Susie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-02 08:11:07 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-02-02 08:00:19 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2013-02-02 07:34:43 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{557F7137-0FEE-4CC6-9AB4-46A49DFFEAE6}\mpengine.dll
2013-02-02 04:05:23 -------- d-----w- C:\Users\Susie\AppData\Local\{B966AB45-1F39-4D68-B758-2DFC51FFBCE1}
2013-02-01 05:55:06 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-01 00:17:39 -------- d-----w- C:\ProgramData\Logs
2013-01-31 21:50:25 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-01-31 21:50:25 -------- d-----w- C:\windows\SysWow64\Extensions
2013-01-31 21:49:52 -------- d-----w- C:\Users\Susie\AppData\Roaming\Babylon
2013-01-31 21:49:52 -------- d-----w- C:\ProgramData\Babylon
2013-01-31 21:21:30 -------- d-----w- C:\Users\Susie\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
2013-01-31 20:50:45 -------- d-----w- C:\Program Files\iPod
2013-01-31 20:50:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-31 20:50:43 -------- d-----w- C:\Program Files (x86)\iTunes
2013-01-31 20:50:42 -------- d-----w- C:\Program Files\iTunes
2013-01-26 15:46:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-26 15:45:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-21 07:21:20 -------- d-----w- C:\Users\Susie\AppData\Local\{00399F7D-1653-4445-891C-5CAD917FF0C4}
2013-01-20 19:20:50 -------- d-----w- C:\Users\Susie\AppData\Local\{2088329C-9165-44EC-8483-463B3B661E10}
2013-01-20 05:33:06 -------- d-----w- C:\Users\Susie\AppData\Local\{BACE0342-4845-4B62-963E-48E8B00338D1}
2013-01-19 17:32:15 -------- d-----w- C:\Users\Susie\AppData\Local\{C7CBF70B-388F-43A1-A559-013DF3A3C61B}
2013-01-19 04:52:25 -------- d-----w- C:\Users\Susie\AppData\Local\{CCDB18A9-E189-43F5-8A69-985BFE8544EF}
2013-01-18 20:49:13 -------- d--h--w- C:\SkyDriveTemp
2013-01-18 04:50:51 -------- d-----w- C:\Users\Susie\AppData\Local\{8A38B8F1-7E64-4A91-B73E-7D560F0D54DF}
2013-01-17 17:32:57 -------- d-----w- C:\Users\Susie\AppData\Roaming\SUPERAntiSpyware.com
2013-01-17 16:50:25 -------- d-----w- C:\Users\Susie\AppData\Local\{6CDDB359-29B9-43CA-B664-BCC7BD64ABEC}
2013-01-17 05:49:31 -------- d-----w- C:\windows\SSDriver
2013-01-13 13:12:26 -------- d-----w- C:\Firefox
2013-01-13 13:02:06 -------- d-----w- C:\ProgramData\Ask
2013-01-12 22:33:38 859072 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-01-12 22:32:57 95184 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-11 05:56:31 -------- d-----w- C:\Users\Susie\AppData\Local\{C59EF135-71AA-4E53-BC7E-6EDA0C6795C5}
2013-01-10 17:56:03 -------- d-----w- C:\Users\Susie\AppData\Local\{507E00BA-01CF-40D2-A147-8E75A4A3CE94}
2013-01-10 07:01:46 -------- d-----w- C:\ProgramData\Graboid Inc
2013-01-10 07:01:45 -------- d-----w- C:\Users\Susie\AppData\Local\Geckofx
2013-01-10 07:00:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-01-10 07:00:25 -------- d-----w- C:\Program Files (x86)\Graboid
2013-01-09 22:07:58 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-01-09 22:03:59 68608 ----a-w- C:\windows\System32\taskhost.exe
2013-01-09 22:03:58 3149824 ----a-w- C:\windows\System32\win32k.sys
2013-01-09 18:26:23 -------- d-----w- C:\Users\Susie\LapNet
2013-01-09 17:46:38 -------- d-----w- C:\Users\Susie\AppData\Local\{33F03F32-79BB-427E-9E41-7157F3A35935}
2013-01-09 05:46:12 -------- d-----w- C:\Users\Susie\AppData\Local\{A0E3BA42-2ECA-4A6C-8800-0346256C4590}
2013-01-08 04:55:34 -------- d-----w- C:\Users\Susie\AppData\Local\{0066618F-3758-4982-B3F1-06057B80B17E}
2013-01-07 16:55:09 -------- d-----w- C:\Users\Susie\AppData\Local\{404872D1-7CEA-451A-B47F-3A4A1F2678FF}
2013-01-06 20:37:59 367616 ----a-w- C:\windows\System32\atmfd.dll
2013-01-06 20:37:59 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2013-01-06 07:58:05 -------- d-----w- C:\Users\Susie\AppData\Local\{828F9544-3B73-493D-8791-2FCBE7E0C6A1}
.
==================== Find3M ====================
.
2013-01-30 10:53:22 273840 ------w- C:\windows\System32\MpSigStub.exe
2013-01-28 19:52:06 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-01-12 22:32:34 779704 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 07:35:06 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 07:35:05 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-08 19:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll
.
============= FINISH: 1:06:02.01 ===============

aswMBR Log:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-02 01:18:30
-----------------------------
01:18:30.656 OS Version: Windows x64 6.1.7601 Service Pack 1
01:18:30.657 Number of processors: 4 586 0x2502
01:18:30.658 ComputerName: SUSIE-PC UserName: Susie
01:18:34.409 Initialize success
01:22:02.369 AVAST engine defs: 13020101
01:37:10.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:37:10.646 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
01:37:10.667 Disk 0 MBR read successfully
01:37:10.672 Disk 0 MBR scan
01:37:10.803 Disk 0 Windows VISTA default MBR code
01:37:10.809 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:37:10.891 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293280 MB offset 3074048
01:37:10.974 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10464 MB offset 603711488
01:37:11.129 Disk 0 scanning C:\windows\system32\drivers
01:37:27.821 Service scanning
01:38:28.247 Modules scanning
01:38:28.263 Disk 0 trace - called modules:
01:38:28.303 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:38:28.651 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c99060]
01:38:28.662 3 CLASSPNP.SYS[fffff88001d7143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a2d050]
01:38:30.238 AVAST engine scan C:\windows
01:38:34.628 AVAST engine scan C:\windows\system32
01:43:57.622 AVAST engine scan C:\windows\system32\drivers
01:44:17.311 AVAST engine scan C:\Users\Susie
01:57:04.669 Disk 0 MBR has been saved successfully to "C:\Users\Susie\Desktop\MBR.dat"
01:57:04.695 The log file has been saved successfully to "C:\Users\Susie\Desktop\aswMBR.txt"

Again, :thanks:.
Susie

torreattack
2013-02-14, 11:33
Hi susieqaz1 :

Sorry for being lated.

Your computer was infected with a few adware and malware. Before we start to fix, let get more info?

1. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Thanks,
torreattack

susieqaz1
2013-02-14, 17:33
Hi,

I'll be away from my computer all day today (and maybe tomorrow), but will post the logs as soon as I can.

Thanks!!

Susie

torreattack
2013-02-14, 19:39
no problem.

torreattack

torreattack
2013-02-19, 10:27
Hi,

Do you still need help?

torreattack

torreattack
2013-02-24, 14:04
This thread has been closed due to inactivity. As it has been three days or more since your last post, it will not be re-opened.

If you still require help start a new topic and include the DDS and aswMBR logs with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.