PDA

View Full Version : Spybot System Scan won't run



susieqaz1
2013-02-25, 00:35
Hi,

(Trying this again . . . I appreciate the help, and hope my schedule corresponds with the eventual response this time. :))Thanks in advance for the assistance.
Edit
http://forums.spybot.info/showthread.php?t=67754

A few weeks ago, I removed some software that popped up -- 24X7 Help -- an icon (a woman with a headphone) started cropping up on every window. I uninstalled it in Programs, and it's gone, but I decided that I needed to run Spybot. I had to reinstall Windows several months ago, and just realized I hadn't re-downloaded Spybot after that. So I downloaded it. But it won't run. I can update and immunize, but when I click the "System Scan" button, I get a "wait" icon for a second or two, then nothing happens. The cursor goes back to the arrow. I can't actually open Spybot from the Start menu. I have to right click on the icon in the system tray, right click, then choose "Start Center."

I have tried uninstalling and reinstalling Spybot, with the same results. I tried running in Safe Mode, but it didn't work there, either.

Here is my info:
I have a PC running Windows 7
I downloaded ERUNT and created a registry backup.
My DDS.txt info is below.
I have the attach.txt file on my desktop, but I cannot zip it. When I right cliek, choose "send," and choose the compressed option, I get an error message that says "Unable to complete the operation. Access is denied." (I have full administrator privileges.)
My aswMBR Log is below
I do not have a Spybot log, because I can't run a system scan. (I was not able to disable TeaTimer because I don't seem to have TeaTimer -- there is no "resident" icon. I have the free version of Spybot (ver. 2.0.12.0), but I know I've had TeaTimer with the free version before.)


DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Susie at 1:04:24 on 2013-02-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1116 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
C:\windows\system32\CorelCreatorMessages.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe
C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe
C:\Users\Susie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files (x86)\Plustek\OpticSlim M12\DigiScan.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Users\Susie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Google Update] "C:\Users\Susie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [cdloader] "C:\Users\Susie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Akamai NetSession Interface] "C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe"
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [SkyDrive] "C:\Users\Susie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ScanSnap WIA Service Checker] C:\windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Susie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\Susie\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DigiScan.lnk - C:\Program Files (x86)\Plustek\OpticSlim M12\DigiScan.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{91D554F0-DE4A-4CCB-B745-A67B503A23E8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\341666665602C4164627F6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\341666665602C4164627F6 : DHCPNameServer = 205.171.3.65 205.171.2.65
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560214C6C656972343 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560214C6C656972343 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560275962756C6563737 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560275962756C6563737 : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\6457C6C6F466D45627 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\6457C6C6F466D45627 : DHCPNameServer = 192.168.1.1 207.115.64.172 207.115.64.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [CorelCreatorClient] C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 IconixOutlookUpdaterService;Iconix Outlook Addin Updater Service;C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe [2009-8-18 214360]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-9 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-16 69640]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-2-16 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2012-2-16 126392]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-2 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-2 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-2 168384]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-16 2320920]
R3 CorelCreatorMessages;CorelCreatorMessages;C:\windows\System32\CorelCreatorMessages.exe [2012-4-25 105984]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-16 35008]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2012-2-16 946688]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-16 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-16 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-2-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-21 1255736]
.
=============== Created Last 30 ================
.
2013-02-02 08:11:07 388096 ----a-r- C:\Users\Susie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-02 08:11:07 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-02-02 08:00:19 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2013-02-02 07:34:43 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{557F7137-0FEE-4CC6-9AB4-46A49DFFEAE6}\mpengine.dll
2013-02-02 04:05:23 -------- d-----w- C:\Users\Susie\AppData\Local\{B966AB45-1F39-4D68-B758-2DFC51FFBCE1}
2013-02-01 05:55:06 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-01 00:17:39 -------- d-----w- C:\ProgramData\Logs
2013-01-31 21:50:25 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-01-31 21:50:25 -------- d-----w- C:\windows\SysWow64\Extensions
2013-01-31 21:49:52 -------- d-----w- C:\Users\Susie\AppData\Roaming\Babylon
2013-01-31 21:49:52 -------- d-----w- C:\ProgramData\Babylon
2013-01-31 21:21:30 -------- d-----w- C:\Users\Susie\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
2013-01-31 20:50:45 -------- d-----w- C:\Program Files\iPod
2013-01-31 20:50:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-31 20:50:43 -------- d-----w- C:\Program Files (x86)\iTunes
2013-01-31 20:50:42 -------- d-----w- C:\Program Files\iTunes
2013-01-26 15:46:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-26 15:45:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-21 07:21:20 -------- d-----w- C:\Users\Susie\AppData\Local\{00399F7D-1653-4445-891C-5CAD917FF0C4}
2013-01-20 19:20:50 -------- d-----w- C:\Users\Susie\AppData\Local\{2088329C-9165-44EC-8483-463B3B661E10}
2013-01-20 05:33:06 -------- d-----w- C:\Users\Susie\AppData\Local\{BACE0342-4845-4B62-963E-48E8B00338D1}
2013-01-19 17:32:15 -------- d-----w- C:\Users\Susie\AppData\Local\{C7CBF70B-388F-43A1-A559-013DF3A3C61B}
2013-01-19 04:52:25 -------- d-----w- C:\Users\Susie\AppData\Local\{CCDB18A9-E189-43F5-8A69-985BFE8544EF}
2013-01-18 20:49:13 -------- d--h--w- C:\SkyDriveTemp
2013-01-18 04:50:51 -------- d-----w- C:\Users\Susie\AppData\Local\{8A38B8F1-7E64-4A91-B73E-7D560F0D54DF}
2013-01-17 17:32:57 -------- d-----w- C:\Users\Susie\AppData\Roaming\SUPERAntiSpyware.com
2013-01-17 16:50:25 -------- d-----w- C:\Users\Susie\AppData\Local\{6CDDB359-29B9-43CA-B664-BCC7BD64ABEC}
2013-01-17 05:49:31 -------- d-----w- C:\windows\SSDriver
2013-01-13 13:12:26 -------- d-----w- C:\Firefox
2013-01-13 13:02:06 -------- d-----w- C:\ProgramData\Ask
2013-01-12 22:33:38 859072 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-01-12 22:32:57 95184 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-11 05:56:31 -------- d-----w- C:\Users\Susie\AppData\Local\{C59EF135-71AA-4E53-BC7E-6EDA0C6795C5}
2013-01-10 17:56:03 -------- d-----w- C:\Users\Susie\AppData\Local\{507E00BA-01CF-40D2-A147-8E75A4A3CE94}
2013-01-10 07:01:46 -------- d-----w- C:\ProgramData\Graboid Inc
2013-01-10 07:01:45 -------- d-----w- C:\Users\Susie\AppData\Local\Geckofx
2013-01-10 07:00:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-01-10 07:00:25 -------- d-----w- C:\Program Files (x86)\Graboid
2013-01-09 22:07:58 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-01-09 22:03:59 68608 ----a-w- C:\windows\System32\taskhost.exe
2013-01-09 22:03:58 3149824 ----a-w- C:\windows\System32\win32k.sys
2013-01-09 18:26:23 -------- d-----w- C:\Users\Susie\LapNet
2013-01-09 17:46:38 -------- d-----w- C:\Users\Susie\AppData\Local\{33F03F32-79BB-427E-9E41-7157F3A35935}
2013-01-09 05:46:12 -------- d-----w- C:\Users\Susie\AppData\Local\{A0E3BA42-2ECA-4A6C-8800-0346256C4590}
2013-01-08 04:55:34 -------- d-----w- C:\Users\Susie\AppData\Local\{0066618F-3758-4982-B3F1-06057B80B17E}
2013-01-07 16:55:09 -------- d-----w- C:\Users\Susie\AppData\Local\{404872D1-7CEA-451A-B47F-3A4A1F2678FF}
2013-01-06 20:37:59 367616 ----a-w- C:\windows\System32\atmfd.dll
2013-01-06 20:37:59 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2013-01-06 07:58:05 -------- d-----w- C:\Users\Susie\AppData\Local\{828F9544-3B73-493D-8791-2FCBE7E0C6A1}
.
==================== Find3M ====================
.
2013-01-30 10:53:22 273840 ------w- C:\windows\System32\MpSigStub.exe
2013-01-28 19:52:06 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-01-12 22:32:34 779704 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 07:35:06 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 07:35:05 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-08 19:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll
.
============= FINISH: 1:06:02.01 ===============

aswMBR Log:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-02 01:18:30
-----------------------------
01:18:30.656 OS Version: Windows x64 6.1.7601 Service Pack 1
01:18:30.657 Number of processors: 4 586 0x2502
01:18:30.658 ComputerName: SUSIE-PC UserName: Susie
01:18:34.409 Initialize success
01:22:02.369 AVAST engine defs: 13020101
01:37:10.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:37:10.646 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
01:37:10.667 Disk 0 MBR read successfully
01:37:10.672 Disk 0 MBR scan
01:37:10.803 Disk 0 Windows VISTA default MBR code
01:37:10.809 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:37:10.891 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293280 MB offset 3074048
01:37:10.974 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10464 MB offset 603711488
01:37:11.129 Disk 0 scanning C:\windows\system32\drivers
01:37:27.821 Service scanning
01:38:28.247 Modules scanning
01:38:28.263 Disk 0 trace - called modules:
01:38:28.303 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:38:28.651 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c99060]
01:38:28.662 3 CLASSPNP.SYS[fffff88001d7143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a2d050]
01:38:30.238 AVAST engine scan C:\windows
01:38:34.628 AVAST engine scan C:\windows\system32
01:43:57.622 AVAST engine scan C:\windows\system32\drivers
01:44:17.311 AVAST engine scan C:\Users\Susie
01:57:04.669 Disk 0 MBR has been saved successfully to "C:\Users\Susie\Desktop\MBR.dat"
01:57:04.695 The log file has been saved successfully to "C:\Users\Susie\Desktop\aswMBR.txt"

Again, thanks.
Susie

OCD
2013-02-28, 05:04
Hello susieqaz1,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"

OCD
2013-02-28, 15:34
Hi susieqaz1,

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) to your desktop.

Right click and select "Run as Administrator".

Run AdwCleaner and select Delete
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply
- - - - - Next - - - - -

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Right click and select "Run as Administrator".

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

In your next post please provide the following:

AdwCleaner log
OTL.txt
Extras.txt
How is the computer running, what issues are you experiencing?

OCD
2013-03-02, 18:13
Hi susieqaz1,

Just checking in to see if you still need help?

ken545
2013-03-06, 14:22
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.