1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer running slow/errors in booting

Discussion in 'Virus & Other Malware Removal' started by brisbydog, Jan 20, 2013.

Thread Status:
Not open for further replies.
  1. brisbydog

    brisbydog Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1
    been going on for about a week; it eventually boots but not after constant attempts at repairs. All virus scans are showing nothing. Here are my logs, hope I have done them right:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:07:14 AM, on 20/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Caroline\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...AtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1406072711
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    O2 - BHO: TopSpaceHelper - {C8625893-2C0F-4484-8C18-52B00D5A8BB9} - C:\Program Files (x86)\TopSpace\bin\TopSpaceHelper.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
    O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
    O18 - Protocol: intu-tt2011 - {B3B5DAD9-E96D-45B4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
    O18 - Protocol: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: lxcz_device - Unknown owner - C:\Windows\system32\lxczcoms.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12156 bytes


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 18/11/2010 7:04:32 PM
    System Uptime: 20/01/2013 11:34:07 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0G3HR7
    Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU 1 | 2934/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 921 GiB total, 523.489 GiB free.
    D: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== Installed Programs ======================
    .
    Leawo AVI Converter version 3.1.0.0
    Leawo iPod Video Converter version 3.0.0.1
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Any Video Converter 3.3.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI AVIVO64 Codecs
    ATI Catalyst Control Center
    ATI Catalyst Install Manager
    µTorrent
    AVG 2013
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    Bing Bar
    Black & White® 2
    Black & White® 2 Battle of the Gods
    Bonjour
    CAM UnZip 4.5
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CDisplay 1.8
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Dock
    Dell Driver Download Manager
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center
    Diablo III
    DirectXInstallService
    Dropbox
    EMCGadgets64
    Fallout
    Free M4a to MP3 Converter 6.1
    GOG.com Downloader
    GOG.com Downloader version 3.0.25
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    GoToAssist 8.0.0.514
    HP LaserJet Professional P1100-P1560-P1600 Series
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    Internet Explorer
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 20 (64-bit)
    JavaFX 2.1.1
    Junk Mail filter update
    K-Lite Codec Pack 6.5.0 (Basic)
    King's Bounty: Armored Princess
    King's Bounty: Crossworlds
    King's Bounty: The Legend
    KMPlayer Toolbar Updater
    Metro 2033
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ Run Time Lib Setup
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Card Reader
    NCsoft Launcher
    NVIDIA PhysX
    Pando Media Booster
    PC Auto Backup
    QuickTax 2009
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio File Backup
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skins
    Sonic CinePlayer Decoder Pack
    Steam
    SUPERAntiSpyware
    The KMPlayer (remove only)
    THX TruStudio PC
    Topspace Windows IE Platform
    TurboTax 2010
    TurboTax 2011
    TurboTax 2012
    Two Worlds
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    uTorrentBar Toolbar
    VD64Inst
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.4
    WD SmartWare
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (64-bit)
    .
    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Caroline at 11:39:05 on 2013-01-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.6008 [GMT -5:00]
    .
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\HPSIsvc.exe
    C:\Windows\system32\lxczcoms.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Samsung\PC Auto Backup\http_ss_win_pro.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\System32\WerFault.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0Czz0DyBtCzytDtCtAtBtC0D0A0CyBzztN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1406072711
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    BHO: TopSpaceHelper Class: {C8625893-2C0F-4484-8C18-52B00D5A8BB9} - C:\Program Files (x86)\TopSpace\bin\TopSpaceHelper.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{11AE0AD1-78D9-48C4-BBE9-2E31CE3E8847} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{11AE0AD1-78D9-48C4-BBE9-2E31CE3E8847}\2454C4C4037323 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{11AE0AD1-78D9-48C4-BBE9-2E31CE3E8847}\2454C4C4535373 : DHCPNameServer = 192.168.10.100
    TCP: Interfaces\{11AE0AD1-78D9-48C4-BBE9-2E31CE3E8847}\2456C6C61647F627 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{11AE0AD1-78D9-48C4-BBE9-2E31CE3E8847}\354757079646F55374548545 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{11AE0AD1-78D9-48C4-BBE9-2E31CE3E8847}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
    Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
    Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
    Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0Czz0DyBtCzytDtCtAtBtC0D0A0CyBzztN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1406072711
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
    x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - <orphaned>
    x64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned>
    x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
    x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\bxvn7r0o.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://msn.ca/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Caroline\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Caroline\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Caroline\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0Czz0DyBtCzytDtCtAtBtC0D0A0CyBzztN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1406072711
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0Czz0DyBtCzytDtCtAtBtC0D0A0CyBzztN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1406072711
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0Czz0DyBtCzytDtCtAtBtC0D0A0CyBzztN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1406072711&q=
    FF - user.js: extensions.funmoods.id - C8D71901321DAC78
    FF - user.js: extensions.funmoods.instlDay - 15655
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:37:52
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - download
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - download
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-11 55280]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-11 203264]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-12-23 127800]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-11 13336]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-11 1692480]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
    R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
    R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
    R2 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files (x86)\Samsung\PC Auto Backup\WiselinkPro.exe [2011-1-19 4730880]
    R3 AE3000;Linksys AE3000 Driver;C:\Windows\System32\drivers\AE3000w764.sys [2012-3-2 1717824]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-11 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-11 271872]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-11-11 321064]
    R3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2011-4-27 20480]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-11 158976]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-28 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-20 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-01-19 06:01:05 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2013-01-19 06:01:05 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
    2013-01-19 06:01:05 17802648 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
    2013-01-19 06:01:04 271768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
    2013-01-19 06:01:04 157712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2013-01-19 00:57:44 35192 ----a-w- C:\Windows\System32\TURegOpt.exe
    2013-01-19 00:57:36 26488 ----a-w- C:\Windows\System32\authuitu.dll
    2013-01-19 00:57:36 21880 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2013-01-17 23:33:51 -------- d-sh--w- C:\found.001
    2013-01-16 22:39:35 -------- d-----w- C:\Users\Caroline\AppData\Roaming\Malwarebytes
    2013-01-16 22:38:55 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-16 22:24:10 -------- d-----w- C:\Program Files (x86)\TurboTax 2012
    2013-01-16 04:12:56 -------- d-----w- C:\Users\Caroline\AppData\Roaming\Roxio Log Files
    2013-01-12 16:46:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-01-12 16:07:26 -------- d-----w- C:\Users\Caroline\AppData\Local\CrashDumps
    2013-01-11 13:10:19 -------- d-----w- C:\Program Files (x86)\AVG
    2013-01-10 22:51:03 -------- d-----w- C:\Users\Caroline\AppData\Roaming\SearchProtect
    2013-01-09 12:31:39 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 12:31:39 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 12:31:35 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 12:31:35 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 12:31:34 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 12:31:34 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 12:31:33 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-09 12:31:33 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-09 12:31:33 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 12:31:33 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 12:28:59 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-01-08 04:06:39 -------- d-----w- C:\Users\Caroline\AppData\Roaming\SendSpace
    2013-01-08 04:06:23 -------- d-----w- C:\Users\Caroline\AppData\Local\SwvUpdater
    2013-01-08 04:04:15 -------- d-----w- C:\ProgramData\CAM Development
    2013-01-08 04:04:12 -------- d-----w- C:\Program Files (x86)\CAM Development
    2013-01-08 03:58:44 -------- d-----w- C:\ProgramData\WoW Worldwide Software LTD
    2013-01-08 03:55:07 -------- d-----w- C:\ProgramData\InstallMate
    2012-12-28 18:03:16 -------- d-----w- C:\Program Files\iPod
    2012-12-28 18:03:15 -------- d-----w- C:\Program Files\iTunes
    2012-12-28 18:03:15 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-12-22 05:02:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 05:02:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 05:01:58 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 05:01:58 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 03:24:49 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 03:24:49 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-05-24 23:10:57 1960006087 ----a-w- C:\Program Files (x86)\ShinMegamiTenseiInstaller050112.exe
    .
    ============= FINISH: 11:42:01.32 ===============


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-20 16:03:46
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC46 931.51GB
    Running: oczn80dg.exe; Driver: C:\Users\Caroline\AppData\Local\Temp\kxdyrkog.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074e31401 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074e31419 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074e31431 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074e3144a 2 bytes [E3, 74]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074e31555 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074e31585 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074e3159d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes [E3, 74]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes [E3, 74]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes [E3, 74]
    .text ... * 9
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes [E3, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes [E3, 74]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef35e2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef35e2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef35e7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef35e8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef35e1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef35e1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef35e81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef35e2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef35e7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef35e6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef35e77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef35e7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef35e6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2540] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef35e5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1564:1708] 0000000075fc7587
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1564:4744] 0000000077713e45
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1564:4792] 0000000077712e25
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1564:6980] 0000000077717111
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2728] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2740] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2884] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2932] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2936] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2948] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3012] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3036] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3040] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3044] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3048] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3052] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3056] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3060] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3064] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:3068] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:1396] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2180] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2192] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2204] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2092] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2188] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:2152] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:4416] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:4420] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:4444] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:4464] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:4476] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:4488] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:4516] 000007feff736290
    Thread C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2696:7020] 00000000775da940
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [1032:5940] 000007fefb2c2a7c
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [1032:6368] 0000000180002820
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [1032:6372] 000000018000dba0
    Thread [6608:6700] 0000000077712e25
    Thread [6608:6740] 0000000077713e45
    Thread [6608:6744] 0000000077713e45
    Thread [6608:6748] 00000000768cd864
    Thread [6608:6888] 0000000077717111
    Thread [6608:6264] 0000000077713e45
    Thread [6608:1256] 000000006dff876d
    Thread [6608:6660] 0000000067c23a3e
    Thread [6608:3752] 00000000678bcb1a
    Thread [6608:6528] 0000000067c23a3e
    Thread [6608:6456] 0000000067c23a3e
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files\Dell\DellDock\DellDock.exe [1032] 000007fefc570000
    Library ? (*** suspicious ***) @ [6608] 00000000001a0000

    ---- EOF - GMER 2.0 ----
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Run the following:

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Post that log..

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086152

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice