UncleBeer

Hey Gringo: Links now open as they should, so I'll skip Combofix (for now), and thank you for your help!

Hey again Gringo: The report from adw is: ------------------------------------------- # AdwCleaner v2.005 - Logfile created 10/15/2012 at 20:37:02 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Carl - FRED # Boot Mode : Normal # Running from : C:\Users\Carl\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\Carl\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\Carl\AppData\Local\Conduit Folder Deleted : C:\Users\Carl\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\Carl\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0k2c70lp.default\CT2801948 Folder Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0k2c70lp.default\extensions \{37483b40-c254-4a72-bda4-22ee90182c1e} Folder Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0k2c70lp.default\Smartbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459- 28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9- E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x- avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF- 55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245- 4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF- E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products \A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673- 4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163- 73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid= {3C938674-65B3-448C-99BB-FFA24F7FC676}&mid=e0a7a428931440341719a53438cda8da- 7fb2f1e8604c6fe798193f1f70293c7ea8758bc0〈=en&ds=ft011&pr=sa&d=2012-06-29 06:36:48&v=11.1.0.12&sap=hp --> hxxp://www.google.com -\\ Mozilla Firefox v13.0 (en-US) Profile name : default File : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0k2c70lp.default\prefs.js Deleted : user_pref("CT2801948.1000082.isPlayDisplay", "true"); Deleted : user_pref("CT2801948.1000082.state", "{\"state\":\"stopped\",\"text\":\"Virgin Ra...\", \"description[...] Deleted : user_pref("CT2801948.1000234.TWC_TMP_city", "OOSTERHOUT"); Deleted : user_pref("CT2801948.1000234.TWC_TMP_country", "NL"); Deleted : user_pref("CT2801948.1000234.TWC_locId", "NLXX0372"); Deleted : user_pref("CT2801948.1000234.TWC_location", "Oosterhout, Netherlands"); Deleted : user_pref("CT2801948.1000234.TWC_region", "OT"); Deleted : user_pref("CT2801948.1000234.TWC_temp_dis", "c"); Deleted : user_pref("CT2801948.1000234.TWC_wind_dis", "kmh"); Deleted : user_pref("CT2801948.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"11°C\", \"temperat[...] Deleted : user_pref("CT2801948.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2801948.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\": \"tru[...] Deleted : user_pref("CT2801948.FirstTime", "true"); Deleted : user_pref("CT2801948.FirstTimeFF3", "true"); Deleted : user_pref("CT2801948.UserID", "UN58712417330254236"); Deleted : user_pref("CT2801948.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT2801948.autoDisableScopes", 0); Deleted : user_pref("CT2801948.defaultSearch", "false"); Deleted : user_pref("CT2801948.embeddedsData", "[{\"appId\":\"129306881621438061\",\"apiPermissions\": {\"cross[...] Deleted : user_pref("CT2801948.enableAlerts", "always"); Deleted : user_pref("CT2801948.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT2801948.firstTimeDialogOpened", "true"); Deleted : user_pref("CT2801948.fixPageNotFoundError", "true"); Deleted : user_pref("CT2801948.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT2801948.fixUrls", true); Deleted : user_pref("CT2801948.hxxp___pinterest_aot_im.isEnabled", "Y"); Deleted : user_pref("CT2801948.installId", "toolbarinstall.exe"); Deleted : user_pref("CT2801948.installType", "ConduitNSISIntegration"); Deleted : user_pref("CT2801948.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2801948.isNewTabEnabled", true); Deleted : user_pref("CT2801948.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT2801948.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT2801948.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\": \"hxxp%[...] Deleted : user_pref("CT2801948.openThankYouPage", "false"); Deleted : user_pref("CT2801948.openUninstallPage", "true"); Deleted : user_pref("CT2801948.search.searchAppId", "129306881621438061"); Deleted : user_pref("CT2801948.search.searchCount", "0"); Deleted : user_pref("CT2801948.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT2801948.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true \"}"); Deleted : user_pref("CT2801948.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2801948.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean \",\"d[...] Deleted : user_pref("CT2801948.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\": \"3\[...] Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string \",\"d[...] Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\": \"strin[...] Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\": \"strin[...] Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\", \"data[...] Deleted : user_pref("CT2801948.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\", \"data[...] Deleted : user_pref("CT2801948.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347034156722"); Deleted : user_pref("CT2801948.serviceLayer_services_appsMetadata_lastUpdate", "1347034156589"); Deleted : user_pref("CT2801948.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347034158780"); Deleted : user_pref("CT2801948.serviceLayer_services_login_10.10.26.4_lastUpdate", "1347034159582"); Deleted : user_pref("CT2801948.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347034158808"); Deleted : user_pref("CT2801948.serviceLayer_services_searchAPI_lastUpdate", "1347034156266"); Deleted : user_pref("CT2801948.serviceLayer_services_serviceMap_lastUpdate", "1347034156088"); Deleted : user_pref("CT2801948.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347034158755"); Deleted : user_pref("CT2801948.serviceLayer_services_toolbarSettings_lastUpdate", "1347034156229"); Deleted : user_pref("CT2801948.serviceLayer_services_translation_lastUpdate", "1347034156595"); Deleted : user_pref("CT2801948.settingsINI", true); Deleted : user_pref("CT2801948.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT2801948.smartbar.CTID", "CT2801948"); Deleted : user_pref("CT2801948.smartbar.Uninstall", "0"); Deleted : user_pref("CT2801948.smartbar.toolbarName", "NCH EN "); Deleted : user_pref("CT2801948.startPage", "false"); Deleted : user_pref("CT2801948.toolbarBornServerTime", "7-9-2012"); Deleted : user_pref("CT2801948.toolbarCurrentServerTime", "7-9-2012"); Deleted : user_pref("CT2801948.twitter_v1.8.0_twitter_app_open_t_f", "false"); Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.34"); Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bcb0e2211-dc3d-47e8-83d3- 43e0bb7d58ae[...] -\\ Google Chrome v22.0.1229.94 File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v10.51.3315.0 File : C:\Users\Carl\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [13446 octets] - [15/10/20 ======================================= And from RogueKiller is: ------------------------------------------- RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Carl [Admin rights] Mode : Remove -- Date : 10/15/2012 20:46:39 ¤¤¤ Bad processes : 1 ¤¤¤ [bLACKLIST] idwbg_501.exe -- C:\Program Files (x86)\IDriveWindows\idwbg_501.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][bLACKLIST] HKCU\[...]\Run : IDrive Background process ("C:\Program Files (x86)\IDriveWindows\idwbg_501.exe") -> DELETED [RUN][bLACKLIST] HKLM\[...]\Wow6432Node\Run : IDrive Background process ("C:\Program Files (x86)\IDriveWindows\idwbg_501.exe") -> DELETED [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> NOT REMOVED, USE PROXYFIX [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 192.168.0.106 developerservices.windowsphone.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10 02FAEX-00Z3A SCSI Disk Device +++++ --- User --- [MBR] 3202b7a3421ef969923661376197353c [bSP] b6b252b9746468088db1f97ee65a6560 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18662 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 38221824 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 38426624 | Size: 490783 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1043550208 | Size: 444323 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt ================================= Interesting that RogueKiller thought iDrive was malware.... :^ / So... am I clean?

Hey Gringo: Thanks for your help! Here's what you requested: dds.txt: ====================== DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Carl at 19:26:23 on 2012-10-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.4095.2111 [GMT 2:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files (x86)\Helexis\Drive Health\dhcore.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\IDriveWindows\idwservice_501.exe C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\System32\StikyNot.exe C:\Users\Carl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\IDriveWindows\idwbg_501.exe C:\Program Files (x86)\IDriveWindows\idwmonitor.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Users\Carl\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Users\Carl\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\DU Meter\DUMeter.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\IDriveWindows\idw_web.exe C:\Windows\system32\conhost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\notepad.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://isearch.avg.com/?cid={3C938674-65B3-448C-99BB-FFA24F7FC676}&mid=e0a7a428931440341719a53438cda8da-7fb2f1e8604c6fe798193f1f70293c7ea8758bc0〈=en&ds=ft011&pr=sa&d=2012-06-29 06:36:48&v=11.1.0.12&sap=hp uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173601109006p0385v125y47310311 mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173601109006p0385v125y47310311 mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173601109006p0385v125y47310311 uURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned> mWinlogon: Userinit = C:\Windows\System32\userinit.exe BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> uRun: [Google Update] "C:\Users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [spotify Web Helper] "C:\Users\Carl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" uRun: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe" mRun: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" mRun: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe StartupFolder: C:\Users\Carl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Carl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: HideFastUserSwitching = dword:0 mPolicies-Explorer: NoDriveAutorun = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 LSP: C:\Program Files (x86)\Hensence.com\MediaBox\NetworkSniffer.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{028CBDC6-4D41-40DD-B296-EC8EB8882DD3} : NameServer = 208.67.222.222,8.8.4.4 TCP: Interfaces\{BE05B85D-9BF2-45EC-A27E-8A2B4957965A} : NameServer = 208.67.222.222,8.8.4.4 TCP: Interfaces\{BE05B85D-9BF2-45EC-A27E-8A2B4957965A} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{ED7DA87E-9DCF-45FD-805C-87EB2190AF59} : NameServer = 208.67.222.222,8.8.4.4 TCP: Interfaces\{ED7DA87E-9DCF-45FD-805C-87EB2190AF59} : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173601109006p0385v125y47310311 x64-mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173601109006p0385v125y47310311 x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> Hosts: 192.168.0.106 developerservices.windowsphone.com ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0k2c70lp.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bcb0e2211-dc3d-47e8-83d3-43e0bb7d58ae%7D&mid=e0a7a428931440341719a53438cda8da- 7fb2f1e8604c6fe798193f1f70293c7ea8758bc0&ds=AVG&v=12.2.5.34〈=en&pr=fr&d=2012-09-28%2007%3A43%3A57&sap=ku&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin8.dll FF - plugin: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Carl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0k2c70lp.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-08-16 23:09; {37483b40-c254-4a72-bda4-22ee90182c1e}; C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0k2c70lp.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} FF - ExtSQL: 2012-09-28 07:44; avg@toolbar; C:\ProgramData\AVG Secure Search\12.2.5.34 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-13 55856] R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-6-28 210016] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-6-28 141920] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-28 31080] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-9 169312] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568] R2 DriveHealth;DriveHealth;C:\Program Files (x86)\Helexis\Drive Health\dhcore.exe [2010-7-31 509440] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?] R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376] R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-6-4 1150496] R2 IDriveService;IDriveService;C:\Program Files (x86)\IDriveWindows\idwservice_501.exe [2012-7-20 182456] R2 IDWAdmin;IDWAdmin;C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe [2012-7-20 125112] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-2-14 676936] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880] R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-8-15 240160] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-28 722528] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2011-6-29 29288] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-2-14 25928] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-8-9 131688] R3 TotRec7;Total Recorder WDM audio driver;C:\Windows\System32\drivers\TotRec7.sys [2008-10-27 178696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DeltaCopyService;DeltaCopy Server;"L:\DeltaCopy\DCServce.exe" --> L:\DeltaCopy\DCServce.exe [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-13 135664] S2 IswSvc;ZoneAlarm Toolbar IswSvc;"C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" --> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250808] S3 ampa;ampa;C:\Windows\System32\ampa.sys [2012-6-29 15288] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-13 95544] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800] S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-13 135664] S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-4-10 342320] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 115168] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-13 203320] S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkTMini.sys [2010-5-3 528256] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-8 1255736] . =============== Created Last 30 ================ . 2012-10-13 14:27:57 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2012-10-13 14:27:56 95544 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2012-10-11 04:39:03 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-10-11 04:39:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-10-11 04:39:00 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-10-11 04:39:00 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-10-10 15:32:10 -------- d-----w- C:\Users\Carl\AppData\Roaming\Rovio 2012-10-10 15:31:16 -------- d-----w- C:\Program Files (x86)\Rovio 2012-10-09 17:52:51 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-10-05 01:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-02 09:15:07 155136 ----a-w- C:\Windows\SysWow64\AI_ContextMenu.dll 2012-10-02 09:15:03 892928 ----a-w- C:\Windows\SysWow64\iconv.dll 2012-10-02 09:15:03 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax 2012-10-02 09:15:01 -------- d-----w- C:\Program Files (x86)\Aimersoft 2012-10-02 05:53:32 -------- d-----w- C:\Program Files\Avidemux 2.5 2012-10-02 01:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-28 06:46:54 -------- d-----w- C:\Users\Carl\AppData\Roaming\AVG2013 2012-09-28 05:44:33 -------- d-----w- C:\Users\Carl\AppData\Local\AVG Secure Search 2012-09-28 05:44:22 -------- d-----w- C:\Users\Carl\AppData\Roaming\TuneUp Software 2012-09-28 05:44:16 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-09-28 05:43:50 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-09-28 05:43:44 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-09-28 05:43:43 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-09-28 05:41:20 -------- d-----w- C:\ProgramData\AVG2013 2012-09-28 04:50:35 -------- d-----w- C:\Users\Carl\AppData\Local\MFAData 2012-09-28 04:50:35 -------- d-----w- C:\Users\Carl\AppData\Local\Avg2013 2012-09-26 05:01:23 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-24 11:57:39 -------- d-----w- C:\Program Files\SAMSUNG 2012-09-21 01:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-21 01:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-09-21 01:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys . ==================== Find3M ==================== . 2012-10-09 17:52:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 17:52:54 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-26 18:57:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2012-09-26 18:57:12 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-09-14 01:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-09-13 01:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-05 06:42:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-05 06:42:26 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-05 06:42:26 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-16 16:47:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 19:26:46.71 =============== attach.txt = =========================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 13/01/2010 00:26:01 System Uptime: 15/10/2012 19:02:40 (0 hours ago) . Motherboard: Packard Bell | | MCP73PV Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | Intel | 1999/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 479 GiB total, 126.076 GiB free. D: is FIXED (NTFS) - 434 GiB total, 308.025 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is CDROM () K: is CDROM () L: is FIXED (NTFS) - 2795 GiB total, 1744.003 GiB free. M: is FIXED (NTFS) - 216 GiB total, 136.269 GiB free. N: is FIXED (NTFS) - 715 GiB total, 215.079 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Virtual Machine Monitor Device ID: ROOT\LEGACY_VMM\0000 Manufacturer: Name: Virtual Machine Monitor PNP Device ID: ROOT\LEGACY_VMM\0000 Service: vmm . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: ZoneAlarm Toolbar ISWKL Device ID: ROOT\LEGACY_ISWKL\0000 Manufacturer: Name: ZoneAlarm Toolbar ISWKL PNP Device ID: ROOT\LEGACY_ISWKL\0000 Service: ISWKL . ==== System Restore Points =================== . RP440: 09/10/2012 08:17:56 - Scheduled Checkpoint RP441: 11/10/2012 06:39:27 - Windows Update RP442: 13/10/2012 16:08:31 - Installed Samsung Kies . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer Aangifte inkomstenbelasting 2009 Aangifte inkomstenbelasting 2010 Aangifte inkomstenbelasting 2011 Acrobat.com Acronis True Image WD Edition Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 7.0 Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 Advertising Center Aimersoft Video Converter Ultimate(Build 4.1.0.2) Aiseesoft Total Video Converter Platinum 6.3.10 Alice Greenfingers Amazonia AMCap Anyplace Control 5.3.1.0_Trial AOMEI Partition Assistant Home Edition 5.1 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft ShowBiz DVD 2 ArcSoft ShowBiz DVD 2.0 (Shared Components) µTorrent Audacity 1.3.13 (Unicode) Auto Gordian Knot 2.55 AVG 2013 Avidemux 2.5 AVIedit 3.39 AviSynth 2.5 AviTricks Pro version 3.10 Bad Piggies Black and White Blokker software Bonjour BurnAware Free 5.1 CCleaner Chicken Invaders 2 Cisco Connect Clone Terminator 3.0 Compatibility Pack for the 2007 Office system ConvertHelper 2.2 CopyTrans Suite Remove Only Coupon Printer for Windows CrystalDiskInfo 5.0.0 CyberLink PowerDirector 8 Ultra D3DX10 Dairy Dash DiskCheckup v3.1 Dream Day First Home Drive Health DriveImage XML (Private Edition) Dropbox DU Meter dupeGuru Picture Edition Ó°ÒôºÐ×Ó(MediaBox) 1.0.0.348 eReg Evernote v. 4.5.3 Family Tree Maker 2010 FamilySearch Indexing Farm Frenzy 2 Feedback Tool Firebird SQL Server - MAGIX Edition Flash Drive Tester v1.14 FormatFactory 2.96 FreeRIP v3.30 Futuremark SystemInfo Glary Utilities 2.19.0.800 Google Chrome Google Chrome Canary Google Earth Google Update Helper Granny In Paradise HandBrake 0.9.8 Hard Disk Low Level Format Tool 2.36 build 1181 Heroes of Hellas Hewlett-Packard ACLM.NET v1.1.0.0 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Photo Creations HP Product Detection HP Update HP USB Disk Storage Format Tool HPDiagnosticAlert Identity Card IDrive for Windows Version - 5.0 ImagXpress Indiana Jones and the Emperors Tomb InterVideo DeviceService IrfanView (remove only) IsoBuster 2.7 iTunes iWisoft Free Video Converter 1.2 Jade Empire Java 7 Update 7 Java Auto Updater Java 6 Update 23 (64-bit) Java 6 Update 31 JavaFX 2.1.1 K-Lite Codec Pack (64-bit) v3.1.1 K-Lite Codec Pack 7.7.0 (Full) Knoll Light Factory EZ Studio LADSPA_plugins-win-0.4.15 LAME v3.98.3 for Audacity Learning Lodge Navigator Logitech SetPoint 6.32 Magic Bullet Looks Studio Magic ISO Maker v5.4 (build 0239) MagicDisc 2.7.106 MailStore Home 7.0.0.7582 Malwarebytes Anti-Malware version 1.65.0.1400 MediaInfo 0.7.49 Merriam Websters Spell Jam Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Fix it Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word 2007 Microsoft Office Word MUI (English) 2007 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft WSE 3.0 Mobile TimeSync MozBackup 1.4.10 Mozilla Firefox 13.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0 (x86 en-US) MPC-HC 1.6.2.4902 (64-bit) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) msxml4 MSXML4 Parser MyFreeCodec Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Next Generation Visualisations Nike+ Connect nLite 1.4.9.1 NVIDIA Display Control Panel NVIDIA Drivers NVIDIA ForceWare Network Access Manager OpenLibraries Opera 10.51 Packard Bell GameZone Console Packard Bell InfoCentre Packard Bell Recovery Management Packard Bell Registration Packard Bell ScreenSaver Packard Bell Software Suite SE Packard Bell Updater ParetoLogic Data Recovery PC Inspector File Recovery Photosynth 2.0110.0317.1042 Picasa 3 Pinnacle Instant DVD Recorder Pinnacle Studio 14 Pinnacle Studio Ultimate Collection Plugins Pinnacle videodriver PolderbitS Sound Recorder and Editor (64-bit Edition) PowerDirector PowerISO proDAD Heroglyph 2.5 proDAD Vitascene 1.0 PVSonyDll QuickTime QuickTime Alternative 3.2.2 Red Giant ToonIt Studio Rise of Nations Roll Samsung Kies SAMSUNG USB Driver for Mobile Phones SDFormatter Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Shredder (3.0.2pre) Snagit 9.1.3 Sony ACID Pro 6.0 Sony Media Manager 2.2 Sony Super Duper Music Looper 2.0 Spb Benchmark SpeedFan (remove only) Spotify Spybot - Search & Destroy Star Defender 4 StarCraft II Streaming Audio Recorder V2.3.2 Streamripper (Remove only) Stronghold Studio 11 Studio 11 Bonus DVD swMSM Synthesia (remove only) System Requirements Lab t@b ZS4 Video Editor v0.958-686 TeamViewer 7 Total Recorder 7.1 Trapcode 3DStroke Studio Trapcode Particular Studio Trapcode Shine Studio Ulead VideoStudio 11 UltraISO Premium V9.52 Undelete SD card Uninstall FamilySearch Indexing Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) USB2.0 ATV VC 9.0 Runtime Verzoek of wijziging voorlopige aanslag 2012 VideoPad Video Editor VideoStudio VirusTotal Uploader 2.0 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.3 VobSub v2.23 (Remove Only) VTech Download Agent Library Welcome Center WinAVI Video Capture 2.0 Windows 7 USB/DVD Download Tool Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Encoder 9 Series Windows Media Player Firefox Plugin Windows Mobile Device Center Windows Mobile Device Center Driver Update Windows Movie Maker 2.6 Windows Phone Intro Video (ENU) WinPcap 4.1.2 WinRAR archiver Wireshark 1.6.2 World of Warcraft Xilisoft HD Video Converter XviD MPEG4 Video Codec (remove only) Yahoo! Desktop Login ZoneAlarm Toolbar . ==== Event Viewer Messages From Past Week ======== . 15/10/2012 19:03:57, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 15/10/2012 19:03:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd vmm 15/10/2012 19:03:28, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 15/10/2012 19:03:28, Error: Service Control Manager [7000] - The FileZilla Server FTP server service failed to start due to the following error: The system cannot find the file specified. 15/10/2012 19:03:26, Error: Service Control Manager [7000] - The DeltaCopy Server service failed to start due to the following error: The system cannot find the file specified. 15/10/2012 19:03:24, Error: Service Control Manager [7001] - The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar ISWKL service which failed to start because of the following error: The system cannot find the path specified. 15/10/2012 19:03:24, Error: Service Control Manager [7000] - The ZoneAlarm Toolbar ISWKL service failed to start due to the following error: The system cannot find the path specified. 15/10/2012 19:01:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. 15/10/2012 13:41:24, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on F: cannot be read. 14/10/2012 07:47:24, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 14/10/2012 07:47:24, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 13/10/2012 16:23:32, Error: Application Popup [56] - Driver dg_ssudbus returned invalid ID for a child device (invalid character). 13/10/2012 09:44:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect. 13/10/2012 09:44:16, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== And finally checkup.txt: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy VirusTotal Uploader 2.0 Malwarebytes Anti-Malware version 1.65.0.1400 JavaFX 2.1.1 Java 6 Update 31 Java 7 Update 7 Adobe Flash Player 11.4.402.287 Adobe Reader X (10.1.4) Mozilla Firefox (13.0) Mozilla Thunderbird (17.0.) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ================================================== Thanks again for any help you can lend!

Hey all: I've picked up something within the last day or so that dumps my computer waaaay too often onto "webpage-unavailable.com". Surely some kind of nasty malware, and I'd deeply appreciate any help that could be provided. Hijack-this log should be attached. Thanks in advance. hijackthis.log