1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Suspected malware. Comp runns super slow on wake up, even just freezes. General slo

Discussion in 'Virus & Other Malware Removal' started by gentrykappa, Feb 11, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    Hello all. I visited you many years ago and yall educated me soooo much thank you!! Im pretty good with computers but as of late i have no idea how to fix my probs. My comp usto run seamlessly.
    Currenty Have installed spybot, avg, adaware, ccleaner

    Suspected malware. Comp runns super slow on wake up, even just freezes. General slow running, very slow when running multiple programs or windows,videos. Internet goes in and out. Home page "mystartincredibar" wont remove! Theres a few other probs that arnt coming to mind at the moment. Thanks all!!

    Cannot run some programs as admin, .. Spybot for example.
    . Here come the logs


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 1
    RAM: 1979 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 8 Mb
    Hard Drives: C: Total - 139815 MB, Free - 39882 MB; D: Total - 12609 MB, Free - 2111 MB;
    Motherboard: Hewlett-Packard, 3612
    Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Disabled



    Hijack log
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:03:09 PM, on 2/10/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    c:\program files (x86)\real\realplayer\update\realsched.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\scott\Desktop\ozretqwz.exe
    C:\Users\scott\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 14277 bytes




    DDS log
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by scott at 21:51:21 on 2013-02-10
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.946 [GMT -8:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    c:\program files (x86)\real\realplayer\update\realsched.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Download all links using BitComet - <no file>
    IE: Download link using &BitComet - <no file>
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
    IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: $talisma_url$
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{D3407348-E882-4067-9D30-566AB9254D99} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{D3407348-E882-4067-9D30-566AB9254D99}\0353A5430353736393438383 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{D3407348-E882-4067-9D30-566AB9254D99}\1333030335C4 : DHCPNameServer = 192.168.1.4
    TCP: Interfaces\{D3407348-E882-4067-9D30-566AB9254D99}\2454C4C4F4 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{D3407348-E882-4067-9D30-566AB9254D99}\35861627B6973702055726C696360275966496 : DHCPNameServer = 66.75.164.89 66.75.164.90 208.67.222.222
    TCP: Interfaces\{D3407348-E882-4067-9D30-566AB9254D99}\54E64756270727963756 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{D3407348-E882-4067-9D30-566AB9254D99}\C696E6B6379737 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE} : DHCPNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
    x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
    x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2012-2-7 69376]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
    R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2012-12-9 188760]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-4-27 517632]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-4 1153368]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-1-22 292864]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-22 215040]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-10-27 19968]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-31 228408]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152720]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-2-7 17152]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-31 216064]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-21 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-02-11 05:44:45 -------- d-----w- C:\Users\scott\AppData\Roaming\AVS4YOU
    2013-02-11 03:51:57 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
    2013-02-11 03:49:26 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
    2013-02-11 03:49:25 -------- d-----w- C:\ProgramData\AVS4YOU
    2013-02-11 03:49:25 -------- d-----w- C:\Program Files (x86)\AVS4YOU
    2013-02-08 13:59:02 -------- d-----w- C:\Users\scott\AppData\Roaming\WildTangentv1001
    2013-02-08 03:37:41 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
    2013-02-07 09:52:09 -------- d-----w- C:\ProgramData\Sony Online Entertainment
    2013-01-24 01:38:58 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2013-01-24 01:38:01 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2013-01-24 01:38:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2013-01-23 07:10:35 -------- d-----w- C:\Users\scott\AppData\Local\PackageAware
    2013-01-22 21:45:30 -------- d-----w- C:\ProgramData\AVG January 2013 Campaign
    .
    ==================== Find3M ====================
    .
    2012-11-16 07:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    .
    ============= FINISH: 21:52:46.83 ===============



    Attach log
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/18/2010 1:08:36 AM
    System Uptime: 2/10/2013 4:17:48 PM (5 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3612
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 1097/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 38.954 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.062 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP155: 1/23/2013 5:37:16 PM - Windows Update
    RP156: 1/23/2013 8:34:16 PM - Restore Operation
    RP157: 1/31/2013 7:04:30 PM - Scheduled Checkpoint
    RP158: 2/8/2013 12:52:34 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Acala DVD Copy 3.4.1
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.6 MUI
    Adobe Shockwave Player
    AoA DVD Ripper
    ArcSoft Magic-i Visual Effects 2
    ArcSoft MediaImpression 2
    ArcSoft Panorama Maker 4
    ArcSoft PhotoStudio Darkroom 2
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Funhouse II
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Photo Prints
    ArcSoft Print Creations - Poster Creator
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ArcSoft RAW Thumbnail Viewer
    ArcSoft Scan-n-Stitch Deluxe
    ArcSoft Video Downloader
    ArcSoft WebCam Companion 3
    Atheros Driver Installation Program
    ATT-PRT22
    AVG 2013
    AVS Video Converter 8
    BitComet 1.29
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink PowerDVD 8
    Digital Camera
    Google Chrome
    Google Earth
    Google Gears
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Smart Web Printing
    HP Support Assistant
    HP Update
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IB Updater 2.0.0.530
    ieSpell
    Intel(R) Graphics Media Accelerator Driver
    Internet TV for Windows Media Center
    Java Auto Updater
    Java(TM) 6 Update 15 (64-bit)
    Java(TM) 6 Update 20
    Java(TM) 7 Update 4
    Java(TM) SE Development Kit 6 Update 15 (64-bit)
    JavaFX 2.1.0
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MpcStar 5.3
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    Mystery P.I. - Stolen in San Francisco
    PDF Printer Driver
    Power2Go
    PowerDirector
    QLBCASL
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Recovery Manager
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Update for Microsoft Office Word 2007 (KB974631)
    Update for Office 2007 (KB934528)
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Center Add-in for Flash
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/3/2013 7:11:19 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    2/3/2013 12:30:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/3/2013 1:25:59 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    2/10/2013 6:06:03 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D3407348-E882-4067-9D30-566AB9254D99} because another computer on the network has the same name. The server could not start.
    2/10/2013 5:09:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
    2/10/2013 5:09:42 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/10/2013 12:03:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    .
    ==== End Of File ===========================




    GMR log
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-10 22:18:10
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-15 149.05GB
    Running: ozretqwz.exe; Driver: C:\Users\scott\AppData\Local\Temp\pxldapow.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076cd3f54 5 bytes JMP 000000016cc29a14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076ce2a3e 5 bytes JMP 000000016cd76336
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076ce2a62 5 bytes JMP 000000016cb8170b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076d0cc1a 5 bytes JMP 000000016cd762d1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076d0cf72 5 bytes JMP 000000016cd7639b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076d1fd61 5 bytes JMP 000000016cd76258
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076d1fe2d 5 bytes JMP 000000016cd761df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076d1fe66 5 bytes JMP 000000016cd7617b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076d1fe8a 5 bytes JMP 000000016cd76117
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000000007578940c 5 bytes JMP 000000016cd76550
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b41401 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b41419 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b41431 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b4144a 2 bytes [B4, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b414dd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b414f5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b4150d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b41525 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b4153d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b41555 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b4156d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b41585 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b4159d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b415b5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b415cd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b416b2 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b416bd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000073457c30 5 bytes JMP 000000016cd76400
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 00000000734f7bb2 5 bytes JMP 000000016cd764a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5792] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075d89a4c 5 bytes JMP 000000016cd76748
    ? C:\Windows\system32\mssprxy.dll [5792] entry point in ".rdata" section 00000000749771e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d2243d 6 bytes JMP 000000016cc47c12
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d328b3 6 bytes JMP 000000016cbe952d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075631ea8 5 bytes JMP 000000016cbe7303
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8b9a 5 bytes JMP 000000016cc4ff87
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076cca5e6 5 bytes JMP 000000016cbf3363
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076cd2902 5 bytes JMP 000000016cbcdc67
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076cd3f54 5 bytes JMP 000000016cc29a14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076cd4858 5 bytes JMP 000000016cbcdd8d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076cd95fa 5 bytes JMP 000000016cd76710
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076cdb1dd 5 bytes JMP 000000016cd766d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!EndDialog 0000000076cdc184 5 bytes JMP 000000016cd770b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ce06b3 5 bytes JMP 000000016cc22194
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000076ce0a8f 5 bytes JMP 000000016cd766a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000076ce2174 5 bytes JMP 000000016cd76e05
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076ce2a3e 5 bytes JMP 000000016cd76336
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076ce2a62 5 bytes JMP 000000016cb8170b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000076ce7051 5 bytes JMP 000000016cd76ddd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076ce711b 5 bytes JMP 000000016cd76668
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076cef006 5 bytes JMP 000000016cc47baf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076cf0efc 5 bytes JMP 000000016cc6eb00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!SendInput 0000000076cf195e 5 bytes JMP 000000016cd77679
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000076cf24db 5 bytes JMP 000000016cd776d1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076d09c8d 5 bytes JMP 000000016cd77752
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076d0cc1a 5 bytes JMP 000000016cd762d1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076d0cf72 5 bytes JMP 000000016cd7639b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076d1fd61 5 bytes JMP 000000016cd76258
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076d1fe2d 5 bytes JMP 000000016cd761df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076d1fe66 5 bytes JMP 000000016cd7617b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076d1fe8a 5 bytes JMP 000000016cd76117
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d2044f 5 bytes JMP 000000016cd77636
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075af5bf6 5 bytes JMP 000000016cd76b0f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075723e59 5 bytes JMP 000000016cd76c07
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075723eae 5 bytes JMP 000000016cd76c85
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075724731 5 bytes JMP 000000016cd76b79
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075725dee 5 bytes JMP 000000016cd76c25
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000000007578940c 5 bytes JMP 000000016cd76550
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b41401 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b41419 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b41431 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b4144a 2 bytes [B4, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b414dd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b414f5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b4150d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b41525 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b4153d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b41555 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b4156d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b41585 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b4159d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b415b5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b415cd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b416b2 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b416bd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000073457c30 5 bytes JMP 000000016cd76400
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 00000000734f7bb2 5 bytes JMP 000000016cd764a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075d89a4c 5 bytes JMP 000000016cd76748
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075d927be 5 bytes JMP 000000016cd768b8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3804] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075d940fc 5 bytes JMP 000000016cd767ec
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b41401 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b41419 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b41431 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b4144a 2 bytes [B4, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b414dd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b414f5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b4150d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b41525 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b4153d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b41555 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b4156d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b41585 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b4159d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b415b5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b415cd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b416b2 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[9296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b416bd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d2243d 6 bytes JMP 000000016cc47c12
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d328b3 6 bytes JMP 000000016cbe952d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075631ea8 5 bytes JMP 000000016cbe7303
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8b9a 5 bytes JMP 000000016cc4ff87
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076cca5e6 5 bytes JMP 000000016cbf3363
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076cd2902 5 bytes JMP 000000016cbcdc67
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076cd3f54 5 bytes JMP 000000016cc29a14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076cd4858 5 bytes JMP 000000016cbcdd8d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076cd95fa 5 bytes JMP 000000016cd76710
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076cdb1dd 5 bytes JMP 000000016cd766d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!EndDialog 0000000076cdc184 5 bytes JMP 000000016cd770b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ce06b3 5 bytes JMP 000000016cc22194
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000076ce0a8f 5 bytes JMP 000000016cd766a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000076ce2174 5 bytes JMP 000000016cd76e05
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076ce2a3e 5 bytes JMP 000000016cd76336
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076ce2a62 5 bytes JMP 000000016cb8170b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000076ce7051 5 bytes JMP 000000016cd76ddd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076ce711b 5 bytes JMP 000000016cd76668
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076cef006 5 bytes JMP 000000016cc47baf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076cf0efc 5 bytes JMP 000000016cc6eb00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!SendInput 0000000076cf195e 5 bytes JMP 000000016cd77679
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000076cf24db 5 bytes JMP 000000016cd776d1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076d09c8d 5 bytes JMP 000000016cd77752
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076d0cc1a 5 bytes JMP 000000016cd762d1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076d0cf72 5 bytes JMP 000000016cd7639b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076d1fd61 5 bytes JMP 000000016cd76258
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076d1fe2d 5 bytes JMP 000000016cd761df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076d1fe66 5 bytes JMP 000000016cd7617b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076d1fe8a 5 bytes JMP 000000016cd76117
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d2044f 5 bytes JMP 000000016cd77636
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075af5bf6 5 bytes JMP 000000016cd76b0f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075723e59 5 bytes JMP 000000016cd76c07
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075723eae 5 bytes JMP 000000016cd76c85
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075724731 5 bytes JMP 000000016cd76b79
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075725dee 5 bytes JMP 000000016cd76c25
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000000007578940c 5 bytes JMP 000000016cd76550
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b41401 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b41419 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b41431 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b4144a 2 bytes [B4, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b414dd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b414f5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b4150d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b41525 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b4153d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b41555 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b4156d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b41585 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b4159d 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b415b5 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b415cd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b416b2 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b416bd 2 bytes [B4, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000073457c30 5 bytes JMP 000000016cd76400
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 00000000734f7bb2 5 bytes JMP 000000016cd764a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075d89a4c 5 bytes JMP 000000016cd76748
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075d927be 5 bytes JMP 000000016cd768b8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6740] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075d940fc 5 bytes JMP 000000016cd767ec
    ---- Threads - GMER 2.0 ----
    Thread [360:368] 000007feffd66290
    Thread [360:372] 000007feffd66290
    Thread [360:376] 000007feffd66290
    Thread [360:380] 000007feffd66290
    Thread [360:392] 000007feffd66290
    Thread [360:396] 000007feffd66290
    Thread [360:416] 000007feffd66290
    Thread [360:432] 000007feffd66290
    Thread [360:444] 000007feffd66290
    Thread [360:452] 000007feffd66290
    Thread [360:456] 000007feffd66290
    Thread [360:496] 000007feffd66290
    Thread [360:508] 000007feffd66290
    Thread [360:520] 000007feffd66290
    Thread [360:532] 000007feffd66290
    Thread [360:544] 000007feffd66290
    Thread [360:560] 000007feffd66290
    Thread [360:2796] 000007feffd66290
    Thread [360:2800] 000007feffd66290
    Thread [360:2804] 000007feffd66290
    Thread [360:2808] 000007feffd66290
    Thread [360:2812] 000007feffd66290
    Thread [360:2816] 000007feffd66290
    Thread [360:2820] 000007feffd66290
    Thread [360:2824] 000007feffd66290
    Thread [360:2828] 000007feffd66290
    Thread [360:2832] 000007feffd66290
    Thread [360:2836] 000007feffd66290
    Thread [360:2840] 000007feffd66290
    Thread [360:2844] 000007feffd66290
    Thread [360:2848] 000007feffd66290
    Thread [360:2852] 000007feffd66290
    Thread C:\Windows\system32\svchost.exe [964:3340] 000007fef1292154
    Thread C:\Windows\System32\svchost.exe [644:1348] 000007fefa6859a0
    Thread C:\Windows\System32\svchost.exe [644:2788] 000007fef94b7750
    Thread C:\Windows\System32\svchost.exe [644:3824] 000007fefcd91a70
    Thread C:\Windows\System32\svchost.exe [644:3044] 000007fef97988f8
    Thread C:\Windows\system32\svchost.exe [1116:2444] 000007fef8c50ea8
    Thread C:\Windows\system32\svchost.exe [1116:2472] 000007fef8c49db0
    Thread C:\Windows\system32\svchost.exe [1116:2532] 000007fef8c51c94
    Thread C:\Windows\system32\svchost.exe [1116:7440] 000007fef8c4aa10
    Thread C:\Windows\system32\svchost.exe [1116:8252] 000007fefaecbfc4
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2328:960] 000007fefbc12a74
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2328:468] 000007fef378c0b0
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2328:2060] 000007fef9715124
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2328:2028] 000007fef36f9e68
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2328:924] 000007fef378c0b0
    Thread C:\Windows\system32\taskhost.exe [2960:884] 000007fef2992740
    Thread C:\Windows\system32\taskhost.exe [2960:1612] 000007fef12f1f38
    Thread C:\Windows\system32\taskhost.exe [2960:2980] 000007fefb201010
    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 unknown MBR code
    ---- EOF - GMER 2.0 ----
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    first problem is you have 2 active antiviruses

    AVG and adaware antivirus

    uninstall both of them, reboot
    then just install one antivirus
    you might find that AVG suits you or you might find it a bit heavy on a Celeron processor

    after reinstalling AVG then tell us how it is
     
  3. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    WOW thank you!
    i had no idea my adaware was running a antivirus. FREEKN SNEEKY. I have NEV have SEE A ICON IN MY TASKBAR no is one hidden
    . Definately is not good to have two running!! thank you. HAHA

    Looks like avg is a better antivirus?? Whatev yall suggest ill do.
    I did run avgun install and most filed deleted except for the very end this error popped up. Wonder if im running NOT as a admin and how to verify? Sorry im sucha new. I should freekn know this stuff.
    For now im taking the action recommended and will post again shortly THANK YOU!!(y):D

    This is a screenshot of the AVG error
     

    Attached Files:

  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  5. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    Thank you for the help. Its hard to tell if that did much. I completed all the fixes and notice my cpu usage is always at 100. And the resource moniter shows svchost using it all
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    ok next step
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  7. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    Thank you.. Also i am unsure if i should be concerned about all the programs listed in the task manager are running as 32 bit when i have a 64 bit system.. Thank you!!


    ComboFix 13-02-15.01 - scott 02/16/2013 20:02:54.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.1194 [GMT -8:00]
    Running from: c:\users\scott\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\scott\AppData\Roaming\inst.exe
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-17 04:13 . 2013-02-17 04:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-15 21:33 . 2013-02-15 21:33 -------- d-----w- c:\users\scott\AppData\Local\Conexant
    2013-02-13 11:19 . 2013-02-13 11:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2013-02-13 08:49 . 2013-02-13 08:49 -------- d-----w- c:\users\scott\AppData\Local\Mozilla
    2013-02-13 08:21 . 2013-02-13 08:30 -------- d-----w- c:\users\scott\AppData\Roaming\VideoConverterFox
    2013-02-13 08:21 . 2013-02-13 08:25 -------- d-----w- c:\program files (x86)\Video Converter Fox
    2013-02-13 07:56 . 2013-02-13 07:56 -------- d-----w- c:\program files (x86)\VideoLAN
    2013-02-12 12:31 . 2013-02-12 12:31 -------- d-----w- c:\users\scott\AppData\Roaming\iWin
    2013-02-12 12:19 . 2013-02-12 12:20 -------- d-----w- c:\program files (x86)\WildTangent Games
    2013-02-11 14:31 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2013-02-11 14:31 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2013-02-11 13:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-02-11 13:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-02-11 13:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-02-11 13:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-02-11 12:59 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
    2013-02-11 12:59 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2013-02-11 12:59 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
    2013-02-11 12:59 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2013-02-11 12:57 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-02-11 12:57 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-02-11 12:57 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-02-11 12:57 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-02-11 12:57 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-02-11 12:57 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-02-11 12:57 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2013-02-11 12:51 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2013-02-11 12:51 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2013-02-11 12:51 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2013-02-11 12:51 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
    2013-02-11 12:51 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2013-02-11 12:39 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2013-02-11 12:39 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2013-02-11 12:39 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2013-02-11 12:39 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-11 12:39 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2013-02-11 12:39 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2013-02-11 12:39 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2013-02-11 12:39 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-02-11 12:38 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-11 12:38 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
    2013-02-11 12:38 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
    2013-02-11 12:38 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
    2013-02-11 12:35 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll
    2013-02-11 12:35 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll
    2013-02-11 12:32 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
    2013-02-11 12:30 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2013-02-11 12:29 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2013-02-11 12:29 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2013-02-11 12:28 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-02-11 12:28 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-02-11 12:28 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-02-11 12:28 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll
    2013-02-11 12:24 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-02-11 12:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2013-02-11 12:24 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
    2013-02-11 12:24 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-02-11 12:24 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-02-11 12:24 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
    2013-02-11 12:24 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2013-02-11 12:24 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2013-02-11 12:24 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2013-02-11 12:24 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2013-02-11 12:24 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2013-02-11 12:24 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2013-02-11 12:20 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
    2013-02-11 12:20 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
    2013-02-11 12:20 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
    2013-02-11 12:20 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
    2013-02-11 12:20 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
    2013-02-11 12:20 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
    2013-02-11 12:20 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
    2013-02-11 12:17 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
    2013-02-11 12:17 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2013-02-11 11:54 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2013-02-11 11:54 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2013-02-11 06:37 . 2013-02-11 06:37 -------- d-----w- c:\program files\Carbonite
    2013-02-11 06:23 . 2013-02-11 06:23 -------- d-----w- c:\programdata\Carbonite
    2013-02-11 06:23 . 2013-02-11 06:23 -------- d-----w- c:\program files (x86)\Carbonite
    2013-02-11 05:44 . 2013-02-11 05:44 -------- d-----w- c:\users\scott\AppData\Roaming\AVS4YOU
    2013-02-11 03:51 . 2013-02-11 03:54 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
    2013-02-11 03:49 . 2012-03-24 03:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
    2013-02-11 03:49 . 2013-02-11 05:44 -------- d-----w- c:\programdata\AVS4YOU
    2013-02-11 03:49 . 2013-02-11 03:54 -------- d-----w- c:\program files (x86)\AVS4YOU
    2013-02-08 13:59 . 2013-02-08 13:59 -------- d-----w- c:\users\scott\AppData\Roaming\WildTangentv1001
    2013-02-08 03:37 . 2013-02-08 03:37 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
    2013-02-07 09:52 . 2013-02-07 09:52 -------- d-----w- c:\programdata\Sony Online Entertainment
    2013-01-24 03:23 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2013-01-24 03:23 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2013-01-24 03:23 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2013-01-24 03:23 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2013-01-24 03:17 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2013-01-24 03:17 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2013-01-24 03:17 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2013-01-24 03:16 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2013-01-24 03:16 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2013-01-24 03:16 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2013-01-24 03:14 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2013-01-24 03:14 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2013-01-24 03:14 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
    2013-01-24 03:13 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2013-01-24 03:12 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2013-01-24 03:12 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2013-01-24 03:12 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
    2013-01-24 03:12 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2013-01-24 03:12 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2013-01-24 03:12 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2013-01-24 03:11 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
    2013-01-24 03:11 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
    2013-01-24 03:10 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
    2013-01-24 03:10 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
    2013-01-24 03:10 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
    2013-01-24 03:10 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
    2013-01-24 03:10 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
    2013-01-24 03:10 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2013-01-24 03:10 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2013-01-24 03:10 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2013-01-24 03:10 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2013-01-24 03:09 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
    2013-01-24 03:09 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
    2013-01-24 03:09 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-01-24 03:09 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-01-24 03:08 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-01-24 03:08 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2013-01-24 03:08 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-24 10:24 . 2010-06-01 05:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-24 10:24 . 2010-05-20 05:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-24 10:14 . 2010-05-20 05:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-12-24 10:14 . 2010-06-01 05:47 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-12-17 01:31 . 2010-09-26 05:32 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-10 07:38 . 2010-05-20 05:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-10 07:37 . 2010-06-01 05:49 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-12-10 07:37 . 2010-06-01 05:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-12-10 07:37 . 2010-05-20 05:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2013-01-15 00:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2013-01-15 00:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2013-01-15 00:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 SABKUTIL;SABKUTIL;c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    R2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-10-04 188760]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 19968]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-11-15 369152]
    S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-11-15 460288]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-05-06 82816]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-09 00:38 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 00:00]
    .
    2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 00:00]
    .
    2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2013-01-15 00:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2013-01-15 00:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2013-01-15 00:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 365592]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: $talisma_url$
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\4ckceal8.default\
    FF - ExtSQL: 2013-02-08 01:04; {ABDE892B-13A8-4d1b-88E6-365A6E755758}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-16 20:34:19
    ComboFix-quarantined-files.txt 2013-02-17 04:34
    .
    Pre-Run: 51,198,013,440 bytes free
    Post-Run: 51,335,270,400 bytes free
    .
    - - End Of File - - 89161A8A9C0DCF5C253187B91256F7EB
     
  8. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    thank you that fixed the svc host issue. Task manager process are within typical ranges.

    My task bar and windows pop up menue apear like "safe mode" styles as depicted here
     

    Attached Files:

  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that is still showing avg as installed

    did you run the right uninstaller or did you reinstall AVG

    for the task bar etc right click the desktop, select personalise & make sure a standard theme is selected & not classic
    Classic theme gives that appearance


    most programs on a 64 bit computer are 32 bit and only a few processes are actually 64 bit, so it is normal to see many 32 bit entries

    are there any other problems before we clean up?
     
  10. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    IM SORRY.
    I ll run the anti virun uninstaller now and down load the uninstaller again now im assuming..
    display issue fixed, thank you.
    im being redirected again to mystart incredibar site when opening new crome tabs. no other known issues after that thanks

    Sorry again bout that.
    Admittly I messed with windows updates and other settings stupidly while yall are tryn to help me. I
    Wont happen again Friend!
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    he only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  12. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    great! tHANK YOU SO MUCH!! Uninstalled crome. Ready to install crome and avg again. Aside from that all probs apear solved and fixed thank you.
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  14. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    thank you. I cannot get 4 programs updated any further than is depicted on secuna pic here. Also i uninstalled avg and firefox yet they still appear on secuna. Im shocked that i overlooked microsoft updating. I am not fully updated and installed windows antivirus and malwarebites.
     
  15. gentrykappa

    gentrykappa Thread Starter

    Joined:
    Feb 11, 2013
    Messages:
    10
    heres the pic. I started around 70percent
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089040

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice