I have ran Malwarebytes and it found 26 things but could only remove 24. However, 2 subsequent scans showed nothing and the problem is still there.
any help would be greatly appreciated
Posting DDS
a.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 7:15:43 on 2012-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2003 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\LibreOffice 3.4\program\swriter.exe
C:\Program Files (x86)\LibreOffice 3.4\program\soffice.exe
C:\Program Files (x86)\LibreOffice 3.4\program\soffice.bin
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://duckduckgo.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg ... =596094623
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube Download - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{31681945-CEC7-456C-A321-1B9636E9602F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AE2B808C-1286-4D0D-931A-45BA242EB4A6} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO-X64: Babylon IE plugin - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
Hosts: 149.5.18.173 www.google-analytics.com.
Hosts: 149.5.18.173 ad-emea.doubleclick.net.
Hosts: 149.5.18.173 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-2-25 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-18 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 654408]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-2-25 243232]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-6-27 935008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-05 10:27:58 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA715D25-1718-4EF8-B635-F6FE3FB4CA54}\offreg.dll
2012-07-05 10:19:29 405144 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-05 09:47:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-07-05 09:47:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-05 09:47:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-05 09:47:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 09:42:15 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-05 09:42:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA715D25-1718-4EF8-B635-F6FE3FB4CA54}\mpengine.dll
2012-07-04 22:49:17 -------- d-----w- C:\Users\Owner\.thumbnails
2012-07-04 14:28:40 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-07-04 14:27:40 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-07-04 14:26:53 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-07-03 10:40:41 -------- d-----w- C:\Users\Owner\AppData\Local\{28539A6E-B112-41CB-8E14-256F6F228DE6}
2012-07-01 20:57:51 -------- d-----w- C:\Users\Owner\AppData\Local\{39528B4F-E0C0-4278-AF6E-475A882817E8}
2012-07-01 20:57:36 -------- d-----w- C:\Users\Owner\AppData\Local\{846D0B98-74CE-4780-9818-5D1D4511BB57}
2012-06-30 23:45:33 -------- d-----w- C:\Users\Owner\AppData\Local\{EC8F550C-AD43-4620-9075-8347EEA2C443}
2012-06-30 23:45:22 -------- d-----w- C:\Users\Owner\AppData\Local\{1E57BA48-C627-4AD9-B7FB-8278DA5C41EE}
2012-06-30 18:08:55 -------- d-----w- C:\Users\Owner\AppData\Local\Zello
2012-06-30 18:07:18 -------- d-----w- C:\Program Files (x86)\Zello
2012-06-30 07:11:47 -------- d-----w- C:\Users\Owner\AppData\Local\Piriform
2012-06-30 02:07:31 -------- d-----w- C:\Users\Owner\AppData\Local\{FC0E7594-95F3-4D81-864D-28A83FFB88DF}
2012-06-30 02:07:20 -------- d-----w- C:\Users\Owner\AppData\Local\{9DEEA338-25C9-40DA-B875-F8F6E18623F8}
2012-06-30 02:06:57 -------- d-----w- C:\Users\Owner\AppData\Local\{0F6406E1-AC3A-4FD4-A43E-56E6CF02F43C}
2012-06-30 02:06:46 -------- d-----w- C:\Users\Owner\AppData\Local\{82BB79F1-8F9E-4DE6-8AF6-6EC0EDFB463C}
2012-06-29 08:33:16 -------- d-----w- C:\Users\Owner\AppData\Local\{27C82838-5246-4968-9664-41FE111B9467}
2012-06-29 08:33:04 -------- d-----w- C:\Users\Owner\AppData\Local\{B5F8CB98-23BD-4B96-8039-BF2D47562766}
2012-06-29 00:28:50 -------- d-----w- C:\Users\Owner\AppData\Local\Zoom_Downloader
2012-06-28 20:32:36 -------- d-----w- C:\Users\Owner\AppData\Local\{589628FC-7293-4497-B65A-E009356CCF45}
2012-06-28 20:32:25 -------- d-----w- C:\Users\Owner\AppData\Local\{83A37469-1A15-4ABC-8365-2B992582B31D}
2012-06-28 18:10:04 -------- d-----w- C:\Users\Owner\.gimp-2.6
2012-06-28 18:07:40 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2012-06-28 18:07:31 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-06-28 18:07:20 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-06-28 10:01:24 56 --sh--r- C:\Windows\SysWow64\6DEFF99390.sys
2012-06-28 09:52:33 127184 ----a-w- C:\UNWISE.EXE
2012-06-28 09:47:35 3662 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-06-28 09:47:13 -------- d-----w- C:\Program Files (x86)\Jasc Software Inc
2012-06-28 09:43:55 113892104 ----a-w- C:\Users\Owner\psp90.exe
2012-06-28 08:31:58 -------- d-----w- C:\Users\Owner\AppData\Local\{EF332A75-E0D9-4528-B771-59FA1809CA29}
2012-06-28 08:31:47 -------- d-----w- C:\Users\Owner\AppData\Local\{14EC8D71-5861-4E66-BC1B-CD5AC1F557C7}
2012-06-27 21:05:55 -------- d-----w- C:\Users\Owner\AppData\Local\WinZip
2012-06-27 20:29:22 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-27 20:29:15 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-27 20:29:09 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-27 20:27:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\OpenCandy
2012-06-27 20:20:33 -------- d-----w- C:\Users\Owner\AppData\Local\{B26EFC1A-A9F6-44DB-92B4-4C2EC05E8506}
2012-06-27 20:20:22 -------- d-----w- C:\Users\Owner\AppData\Local\{2E513C38-94E1-45D7-8FEF-573FBB732E72}
2012-06-27 20:20:08 -------- d-----w- C:\Users\Owner\Tracing
2012-06-27 20:10:22 -------- d-----w- C:\ProgramData\blekko toolbars
2012-06-27 20:10:02 -------- d-----w- C:\Users\Owner\AppData\Local\blekkotb_031
2012-06-27 20:09:51 -------- d-----w- C:\ProgramData\Tarma Installer
2012-06-26 17:58:11 -------- d-----w- C:\Windows\en
2012-06-26 17:55:20 -------- d-----w- C:\Users\Owner\AppData\Local\{7641D362-21B1-458A-A27B-F7A4862860B5}
2012-06-26 17:54:36 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-26 17:52:36 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78be5ef41cd53c402\MeshBetaRemover.exe
2012-06-26 17:52:35 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7810b7491cd53c401\DSETUP.dll
2012-06-26 17:52:35 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7810b7491cd53c401\DXSETUP.exe
2012-06-26 17:52:35 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7810b7491cd53c401\dsetup32.dll
2012-06-26 17:51:03 -------- d-----w- C:\Users\Owner\AppData\Local\{EF5E1F5F-B824-4A45-AE6D-453440CC8FED}
2012-06-26 17:49:03 -------- d-----w- C:\Users\Owner\AppData\Local\{0853AF63-7297-403F-A21A-D821A57040ED}
2012-06-26 17:47:03 -------- d-----w- C:\Users\Owner\AppData\Local\{C222EBFB-B35B-43B3-9E72-C9ECBA77C73B}
2012-06-26 17:45:03 -------- d-----w- C:\Users\Owner\AppData\Local\{7321FCAD-598F-4939-9AF7-2D3F816D9D2F}
2012-06-26 17:43:03 -------- d-----w- C:\Users\Owner\AppData\Local\{A6B0FB6E-76C5-422E-9A64-8DBB37847921}
2012-06-26 17:41:41 -------- d-----w- C:\Users\Owner\AppData\Local\{09953A7D-8934-4086-940E-3BB43D9811C8}
2012-06-26 17:39:43 -------- d-----w- C:\Users\Owner\AppData\Local\{D65D3FD9-61BE-48E8-A418-6FAD2EB370AD}
2012-06-24 06:00:51 -------- d-----w- C:\Users\Owner\AppData\Local\Facebook
2012-06-24 02:57:06 -------- d-----w- C:\ProgramData\KingsIsle Entertainment
2012-06-19 15:59:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 15:59:29 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 15:59:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 15:59:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-16 06:16:02 -------- d-----w- C:\Program Files\Babylon
2012-06-16 06:16:01 -------- d-----w- C:\Program Files (x86)\Babylon
2012-06-14 22:18:56 -------- d-----w- C:\Users\Owner\Bills
2012-06-14 05:23:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 23:58:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\YourFileDownloader
.
==================== Find3M ====================
.
2012-05-24 05:26:29 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-24 05:26:28 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-08 00:36:30 29653280 ----a-w- C:\Users\Owner\TeamSpeak3-Client-win32-3.0.5.exe
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 7:17:05.59 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2011 9:15:36 PM
System Uptime: 7/5/2012 5:54:49 AM (2 hours ago)
.
Motherboard: Acer | | JE51_DN
Processor: AMD Athlon(tm) II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 125.201 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP147: 7/1/2012 3:55:37 PM - Installed The Sims 3
RP148: 7/1/2012 4:03:11 PM - Installed TheSims3EP5
RP149: 7/1/2012 4:31:20 PM - Installed The Sims 3 Ambitions
RP150: 7/1/2012 4:50:39 PM - Removed TheSims3EP5
RP151: 7/1/2012 4:53:08 PM - Installed TheSims3EP5
RP152: 7/1/2012 5:15:26 PM - Installed The Sims 3
RP153: 7/1/2012 7:00:05 PM - Windows Backup
RP154: 7/2/2012 2:57:43 PM - Windows Update
RP155: 7/4/2012 10:28:06 AM - Installed DirectX
RP156: 7/5/2012 5:33:56 AM - Restore Operation
.
==== Hosts File Hijack ======================
.
Hosts: 149.5.18.173 www.google-analytics.com.
Hosts: 149.5.18.173 ad-emea.doubleclick.net.
Hosts: 149.5.18.173 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
18 Wheels of Steel - American Long Haul
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Reader 9.5.1 MUI
Agatha Christie - Death on the Nile
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Curse Client
CyberLink PowerDVD 9
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
FATE
Free YouTube Download version 3.1.30.627
Free YouTube to MP3 Converter version 3.10.17.221
Gimp 2.6.11
Identity Card
Immortal Lovers
Java Auto Updater
Java(TM) 6 Update 27
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
LibreOffice 3.4
LinuxLive USB Creator
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker Suite
Origin
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shredder
Skype™ 5.8
TeamSpeak 3 Client
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Pets
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Welcome Center
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
World of Warcraft
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 7:14:06 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Acer5552\Owner SID (S-1-5-21-1266127695-4274003456-3872850173-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/5/2012 5:36:45 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Acer.
7/5/2012 12:02:23 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
7/2/2012 4:04:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Acer5552\Owner SID (S-1-5-21-1266127695-4274003456-3872850173-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/2/2012 4:04:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Acer5552\Owner SID (S-1-5-21-1266127695-4274003456-3872850173-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/1/2012 2:59:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {204810B9-73B2-11D4-BF42-00B0D0118B56} and APPID {E495081B-BBA5-4B89-BA3C-3B86A686B87A} to the user Acer5552\Owner SID (S-1-5-21-1266127695-4274003456-3872850173-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================