Results 1 to 5 of 5

Thread: Spybot System Scan won't run

  1. 2013-02-24, 23:35 #1
    susieqaz1
    susieqaz1 is offline
    Junior Member
    Join Date
    Feb 2013
    Posts
    3

    Default Spybot System Scan won't run

    Hi,

    (Trying this again . . . I appreciate the help, and hope my schedule corresponds with the eventual response this time. )Thanks in advance for the assistance.
    Edit
    http://forums.spybot.info/showthread.php?t=67754

    A few weeks ago, I removed some software that popped up -- 24X7 Help -- an icon (a woman with a headphone) started cropping up on every window. I uninstalled it in Programs, and it's gone, but I decided that I needed to run Spybot. I had to reinstall Windows several months ago, and just realized I hadn't re-downloaded Spybot after that. So I downloaded it. But it won't run. I can update and immunize, but when I click the "System Scan" button, I get a "wait" icon for a second or two, then nothing happens. The cursor goes back to the arrow. I can't actually open Spybot from the Start menu. I have to right click on the icon in the system tray, right click, then choose "Start Center."

    I have tried uninstalling and reinstalling Spybot, with the same results. I tried running in Safe Mode, but it didn't work there, either.

    Here is my info:
    I have a PC running Windows 7
    I downloaded ERUNT and created a registry backup.
    My DDS.txt info is below.
    I have the attach.txt file on my desktop, but I cannot zip it. When I right cliek, choose "send," and choose the compressed option, I get an error message that says "Unable to complete the operation. Access is denied." (I have full administrator privileges.)
    My aswMBR Log is below
    I do not have a Spybot log, because I can't run a system scan. (I was not able to disable TeaTimer because I don't seem to have TeaTimer -- there is no "resident" icon. I have the free version of Spybot (ver. 2.0.12.0), but I know I've had TeaTimer with the free version before.)


    DDS.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
    Run by Susie at 1:04:24 on 2013-02-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1116 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    C:\windows\SysWOW64\NLSSRV32.EXE
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\windows\System32\svchost.exe -k HPZ12
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k HPService
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
    C:\windows\system32\CorelCreatorMessages.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Susie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    C:\Program Files (x86)\Plustek\OpticSlim M12\DigiScan.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Users\Susie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\splwow64.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wuauclt.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Susie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\ERUNT\ERUNT.EXE
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://search.coupons.com/
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [Google Update] "C:\Users\Susie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [cdloader] "C:\Users\Susie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [Akamai NetSession Interface] "C:\Users\Susie\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
    uRun: [SkyDrive] "C:\Users\Susie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ScanSnap WIA Service Checker] C:\windows\SSDriver\fi5110\SsWiaChecker.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Susie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\Users\Susie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\Susie\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DigiScan.lnk - C:\Program Files (x86)\Plustek\OpticSlim M12\DigiScan.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{91D554F0-DE4A-4CCB-B745-A67B503A23E8} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\341666665602C4164627F6 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\341666665602C4164627F6 : DHCPNameServer = 205.171.3.65 205.171.2.65
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560214C6C656972343 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560214C6C656972343 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560275962756C6563737 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\54370727563737F6026596671636560275962756C6563737 : DHCPNameServer = 192.168.1.2
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\6457C6C6F466D45627 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{B9522D42-7D5E-468B-A16D-59AB67624BE4}\6457C6C6F466D45627 : DHCPNameServer = 192.168.1.1 207.115.64.172 207.115.64.3
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
    x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
    x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [CorelCreatorClient] C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R2 IconixOutlookUpdaterService;Iconix Outlook Addin Updater Service;C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe [2009-8-18 214360]
    R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-9 230408]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-16 69640]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-2-16 103792]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2012-2-16 126392]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-2 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-2 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-2 168384]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-16 2320920]
    R3 CorelCreatorMessages;CorelCreatorMessages;C:\windows\System32\CorelCreatorMessages.exe [2012-4-25 105984]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-10 158720]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-16 35008]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2012-2-16 946688]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-16 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-16 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-2-20 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-21 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-02 08:11:07 388096 ----a-r- C:\Users\Susie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-02-02 08:11:07 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-02-02 08:00:19 17272 ----a-w- C:\windows\System32\sdnclean64.exe
    2013-02-02 07:34:43 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{557F7137-0FEE-4CC6-9AB4-46A49DFFEAE6}\mpengine.dll
    2013-02-02 04:05:23 -------- d-----w- C:\Users\Susie\AppData\Local\{B966AB45-1F39-4D68-B758-2DFC51FFBCE1}
    2013-02-01 05:55:06 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-01 00:17:39 -------- d-----w- C:\ProgramData\Logs
    2013-01-31 21:50:25 -------- d-----w- C:\windows\SysWow64\searchplugins
    2013-01-31 21:50:25 -------- d-----w- C:\windows\SysWow64\Extensions
    2013-01-31 21:49:52 -------- d-----w- C:\Users\Susie\AppData\Roaming\Babylon
    2013-01-31 21:49:52 -------- d-----w- C:\ProgramData\Babylon
    2013-01-31 21:21:30 -------- d-----w- C:\Users\Susie\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
    2013-01-31 20:50:45 -------- d-----w- C:\Program Files\iPod
    2013-01-31 20:50:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-31 20:50:43 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-01-31 20:50:42 -------- d-----w- C:\Program Files\iTunes
    2013-01-26 15:46:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-01-26 15:45:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-01-21 07:21:20 -------- d-----w- C:\Users\Susie\AppData\Local\{00399F7D-1653-4445-891C-5CAD917FF0C4}
    2013-01-20 19:20:50 -------- d-----w- C:\Users\Susie\AppData\Local\{2088329C-9165-44EC-8483-463B3B661E10}
    2013-01-20 05:33:06 -------- d-----w- C:\Users\Susie\AppData\Local\{BACE0342-4845-4B62-963E-48E8B00338D1}
    2013-01-19 17:32:15 -------- d-----w- C:\Users\Susie\AppData\Local\{C7CBF70B-388F-43A1-A559-013DF3A3C61B}
    2013-01-19 04:52:25 -------- d-----w- C:\Users\Susie\AppData\Local\{CCDB18A9-E189-43F5-8A69-985BFE8544EF}
    2013-01-18 20:49:13 -------- d--h--w- C:\SkyDriveTemp
    2013-01-18 04:50:51 -------- d-----w- C:\Users\Susie\AppData\Local\{8A38B8F1-7E64-4A91-B73E-7D560F0D54DF}
    2013-01-17 17:32:57 -------- d-----w- C:\Users\Susie\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-17 16:50:25 -------- d-----w- C:\Users\Susie\AppData\Local\{6CDDB359-29B9-43CA-B664-BCC7BD64ABEC}
    2013-01-17 05:49:31 -------- d-----w- C:\windows\SSDriver
    2013-01-13 13:12:26 -------- d-----w- C:\Firefox
    2013-01-13 13:02:06 -------- d-----w- C:\ProgramData\Ask
    2013-01-12 22:33:38 859072 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
    2013-01-12 22:32:57 95184 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-11 05:56:31 -------- d-----w- C:\Users\Susie\AppData\Local\{C59EF135-71AA-4E53-BC7E-6EDA0C6795C5}
    2013-01-10 17:56:03 -------- d-----w- C:\Users\Susie\AppData\Local\{507E00BA-01CF-40D2-A147-8E75A4A3CE94}
    2013-01-10 07:01:46 -------- d-----w- C:\ProgramData\Graboid Inc
    2013-01-10 07:01:45 -------- d-----w- C:\Users\Susie\AppData\Local\Geckofx
    2013-01-10 07:00:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2013-01-10 07:00:25 -------- d-----w- C:\Program Files (x86)\Graboid
    2013-01-09 22:07:58 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2013-01-09 22:03:59 68608 ----a-w- C:\windows\System32\taskhost.exe
    2013-01-09 22:03:58 3149824 ----a-w- C:\windows\System32\win32k.sys
    2013-01-09 18:26:23 -------- d-----w- C:\Users\Susie\LapNet
    2013-01-09 17:46:38 -------- d-----w- C:\Users\Susie\AppData\Local\{33F03F32-79BB-427E-9E41-7157F3A35935}
    2013-01-09 05:46:12 -------- d-----w- C:\Users\Susie\AppData\Local\{A0E3BA42-2ECA-4A6C-8800-0346256C4590}
    2013-01-08 04:55:34 -------- d-----w- C:\Users\Susie\AppData\Local\{0066618F-3758-4982-B3F1-06057B80B17E}
    2013-01-07 16:55:09 -------- d-----w- C:\Users\Susie\AppData\Local\{404872D1-7CEA-451A-B47F-3A4A1F2678FF}
    2013-01-06 20:37:59 367616 ----a-w- C:\windows\System32\atmfd.dll
    2013-01-06 20:37:59 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2013-01-06 07:58:05 -------- d-----w- C:\Users\Susie\AppData\Local\{828F9544-3B73-493D-8791-2FCBE7E0C6A1}
    .
    ==================== Find3M ====================
    .
    2013-01-30 10:53:22 273840 ------w- C:\windows\System32\MpSigStub.exe
    2013-01-28 19:52:06 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2013-01-12 22:32:34 779704 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-22 07:35:06 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 07:35:05 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-11-08 19:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll
    .
    ============= FINISH: 1:06:02.01 ===============

    aswMBR Log:
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-02-02 01:18:30
    -----------------------------
    01:18:30.656 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:18:30.657 Number of processors: 4 586 0x2502
    01:18:30.658 ComputerName: SUSIE-PC UserName: Susie
    01:18:34.409 Initialize success
    01:22:02.369 AVAST engine defs: 13020101
    01:37:10.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    01:37:10.646 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
    01:37:10.667 Disk 0 MBR read successfully
    01:37:10.672 Disk 0 MBR scan
    01:37:10.803 Disk 0 Windows VISTA default MBR code
    01:37:10.809 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    01:37:10.891 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293280 MB offset 3074048
    01:37:10.974 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10464 MB offset 603711488
    01:37:11.129 Disk 0 scanning C:\windows\system32\drivers
    01:37:27.821 Service scanning
    01:38:28.247 Modules scanning
    01:38:28.263 Disk 0 trace - called modules:
    01:38:28.303 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    01:38:28.651 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c99060]
    01:38:28.662 3 CLASSPNP.SYS[fffff88001d7143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a2d050]
    01:38:30.238 AVAST engine scan C:\windows
    01:38:34.628 AVAST engine scan C:\windows\system32
    01:43:57.622 AVAST engine scan C:\windows\system32\drivers
    01:44:17.311 AVAST engine scan C:\Users\Susie
    01:57:04.669 Disk 0 MBR has been saved successfully to "C:\Users\Susie\Desktop\MBR.dat"
    01:57:04.695 The log file has been saved successfully to "C:\Users\Susie\Desktop\aswMBR.txt"

    Again, thanks.
    Susie
    Last edited by tashi; 2013-02-25 at 00:39. Reason: Added link to closed topic
  2. 2013-02-28, 04:04 #2
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hello susieqaz1,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Important Note for Vista and Windows 7 users:

    These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

    Please stay with this topic until I let you know that your system appears to be "All Clear"
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  3. 2013-02-28, 14:34 #3
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi susieqaz1,

    Download AdwCleaner to your desktop.

    Right click and select "Run as Administrator".
    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply
    - - - - - Next - - - - -

    Download OTL to your desktop.

    Right click and select "Run as Administrator".
    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

    In your next post please provide the following:
    • AdwCleaner log
    • OTL.txt
    • Extras.txt
    • How is the computer running, what issues are you experiencing?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  4. 2013-03-02, 17:13 #4
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi susieqaz1,

    Just checking in to see if you still need help?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  5. 2013-03-06, 13:22 #5
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Due to inactivity, this thread will now be closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules