dwwann

YES...Success!!

Ok about the "updatechecker.exe," since I never use it, is there a way to stop it from popping up every time I log in? That happens to be on ANY account I choose to log in on, it still appears requesting to do 'what ever it is' that it is requesting to do. In the meantime, here is the correct log, for 64 bit... Thank you, again Dwwann SystemLook 30.07.11 by jpshortstuff Log created at 02:15 on 30/04/2012 by The Wand Administrator - Elevation successful ========== filefind ========== Searching for "*RegistryBooster* " C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk --a---- 1824 bytes [11:28 24/11/2011] [11:28 24/11/2011] F239E51575F80B267CF0FE3B4E1DEFD8 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\Uninstall RegistryBooster.lnk --a---- 1064 bytes [11:28 24/11/2011] [11:28 24/11/2011] 78B0CD93725D5C43D1BCDAA2FDE12A16 C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk --a---- 1824 bytes [11:28 24/11/2011] [11:28 24/11/2011] F239E51575F80B267CF0FE3B4E1DEFD8 C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\Uninstall RegistryBooster.lnk --a---- 1064 bytes [11:28 24/11/2011] [11:28 24/11/2011] 78B0CD93725D5C43D1BCDAA2FDE12A16 C:\Windows\System32\Tasks\RegistryBooster --a---- 2524 bytes [11:28 24/11/2011] [11:28 24/11/2011] 28A2EB42B3B247ACD56B52FEEE289035 C:\_OTL\MovedFiles\04262012_105257\C_Windows\Tasks\RegistryBooster.job --a---- 350 bytes [11:28 24/11/2011] [17:43 26/04/2012] D3D61B27663526091D8624C73A08B30A Searching for " " No files found. ========== folderfind ========== Searching for "*uniblue* " C:\Program Files (x86)\Uniblue d------ [11:28 24/11/2011] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue d------ [11:28 24/11/2011] C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue d------ [11:28 24/11/2011] Searching for " " No folders found. ========== regfind ========== Searching for "uniblue " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "DisplayName"="Uniblue RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "Publisher"="Uniblue Systems Ltd" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "Contact"="Uniblue Systems Ltd" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "Comments"="Copyright © Uniblue Systems Limited 2009" Searching for "registrybooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\registrybooster[1].exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EF9D18C-DADC-4CD4-97E8-44365380A8D5}] "Path"="\RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryBooster] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\registrybooster_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\registrybooster_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "DisplayName"="Uniblue RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "InstallLocation"="C:\Program Files (x86)\Uniblue\RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\Registry Booster2] "InstalledLocation"="C:\Program Files (x86)\\Uniblue\RegistryBooster\Launcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\Registry Booster2] "LatestDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\Registry Booster2] "CampaignDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe" -= EOF =-

Give up? I may be just getting started...jus kidding. BUT, I do have this other program "updatechecker.exe" that is part of the ASUS motherboard I have. I have read mixed reviews about it so I never use it, but did use it one time. I will not use it in the future either and since it pops up every time I log in it's probably doing more harm than good...even if that's just because it butts in on my space. What do you think, do I need to use it, or something like it? It's suppose to check for drver updates, but I read some versions are a security risk. And, well you know how we feel about those... Dwwann SystemLook 30.07.11 by jpshortstuff Log created at 07:29 on 28/04/2012 by The Wand Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "*RegistryBooster*" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk --a---- 1824 bytes [11:28 24/11/2011] [11:28 24/11/2011] F239E51575F80B267CF0FE3B4E1DEFD8 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\Uninstall RegistryBooster.lnk --a---- 1064 bytes [11:28 24/11/2011] [11:28 24/11/2011] 78B0CD93725D5C43D1BCDAA2FDE12A16 C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk --a---- 1824 bytes [11:28 24/11/2011] [11:28 24/11/2011] F239E51575F80B267CF0FE3B4E1DEFD8 C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\Uninstall RegistryBooster.lnk --a---- 1064 bytes [11:28 24/11/2011] [11:28 24/11/2011] 78B0CD93725D5C43D1BCDAA2FDE12A16 C:\_OTL\MovedFiles\04262012_105257\C_Windows\Tasks\RegistryBooster.job --a---- 350 bytes [11:28 24/11/2011] [17:43 26/04/2012] D3D61B27663526091D8624C73A08B30A ========== folderfind ========== Searching for "*uniblue*" C:\Program Files (x86)\Uniblue d------ [11:28 24/11/2011] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue d------ [11:28 24/11/2011] C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue d------ [11:28 24/11/2011] ========== regfind ========== Searching for "uniblue" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "DisplayName"="Uniblue RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "Publisher"="Uniblue Systems Ltd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "Contact"="Uniblue Systems Ltd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "HelpLink"="http://support.uniblue.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "URLUpdateInfo"="http://www.uniblue.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "Comments"="Copyright © Uniblue Systems Limited 2009" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "InstallLocation"="C:\Program Files (x86)\Uniblue\RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue] [HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2] "InstalledLocation"="C:\Program Files (x86)\\Uniblue\RegistryBooster\Launcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2] "LatestDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2] "CampaignDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe" Searching for "registrybooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "DisplayName"="Uniblue RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster] "InstallLocation"="C:\Program Files (x86)\Uniblue\RegistryBooster" [HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2] "InstalledLocation"="C:\Program Files (x86)\\Uniblue\RegistryBooster\Launcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2] "LatestDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2] "CampaignDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\registrybooster[1].exe] -= EOF =-

Absolutely! Maniac, you are like Gold! It's like no more speed bumps...except for that Stubborn Uniblue just doesn't want to give up. I clicked on it's properties from the start menu and it says size is 2.82 kb and then it says size on disk is 8.00 kb, 2files, 1 folder. Dwwann

WOW...that was something. All processes killed ========== OTL ========== C:\ProgramData\-clPXONau6xQcAxr moved successfully. C:\ProgramData\-clPXONau6xQcAx moved successfully. C:\ProgramData\clPXONau6xQcAx moved successfully. C:\Windows\Tasks\RegistryBooster.job moved successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found. C:\Users\The Wand\AppData\Roaming\AVG2012\cfgall folder moved successfully. C:\Users\The Wand\AppData\Roaming\AVG2012 folder moved successfully. C:\ProgramData\AVG2012\log folder moved successfully. C:\ProgramData\AVG2012\fet folder moved successfully. C:\ProgramData\AVG2012 folder moved successfully. C:\$AVG\$VAULT folder moved successfully. C:\$AVG\$CHJW folder moved successfully. C:\$AVG folder moved successfully. C:\Program Files (x86)\AVG\AVG2012\html\reportcard folder moved successfully. C:\Program Files (x86)\AVG\AVG2012\html folder moved successfully. C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\defaults\preferences folder moved successfully. C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\defaults folder moved successfully. C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\Chrome folder moved successfully. C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack folder moved successfully. C:\Program Files (x86)\AVG\AVG2012\Firefox folder moved successfully. C:\Program Files (x86)\AVG\AVG2012 folder moved successfully. C:\Program Files (x86)\AVG folder moved successfully. C:\Users\bell\AppData\Roaming\AVG2012\cfgall folder moved successfully. C:\Users\bell\AppData\Roaming\AVG2012 folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Uniblue RegistryBooster not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: bell ->Temp folder emptied: 238892051 bytes ->Temporary Internet Files folder emptied: 574569893 bytes ->Java cache emptied: 3120627 bytes ->Google Chrome cache emptied: 201501437 bytes ->Flash cache emptied: 174833 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: susan ->Temp folder emptied: 3631 bytes ->Temporary Internet Files folder emptied: 2711781 bytes ->Flash cache emptied: 3494 bytes User: The Wand ->Temp folder emptied: 222872433 bytes ->Temporary Internet Files folder emptied: 62169313 bytes ->Java cache emptied: 15891 bytes ->Flash cache emptied: 62959 bytes User: Tinker ->Temp folder emptied: 6813721 bytes ->Temporary Internet Files folder emptied: 68307527 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 52581 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 480868815 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36079993 bytes RecycleBin emptied: 2844 bytes Total Files Cleaned = 1,810.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.42.0 log created on 04262012_105257

Here they are... OTL logfile created on: 4/25/2012 3:31:58 PM - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\bell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.75 Gb Available Physical Memory | 84.42% Memory free 16.00 Gb Paging File | 14.74 Gb Available in Paging File | 92.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 868.31 Gb Free Space | 93.22% Space Free | Partition Type: NTFS Computer Name: THEWAND-PC | User Name: The Wand | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/25 15:29:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\bell\Desktop\OTL.exe PRC - [2012/04/19 10:16:41 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/11/20 05:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\snmp.exe PRC - [2009/06/05 13:12:44 | 000,315,392 | ---- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/11/20 06:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP) SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC) SRV - [2012/04/19 10:16:41 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/11/20 05:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 13:12:44 | 000,315,392 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010/07/14 01:35:35 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID) DRV:64bit: - [2009/08/17 19:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/17 09:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009/06/17 09:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2009/06/17 09:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/13 18:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z201&ocid=zdhp&install_date=20111119 IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F E8 B1 9A 27 55 CC 01 [binary data] IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 3F 7F 99 DF 71 CC 01 [binary data] IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\..\SearchScopes,DefaultScope = {C39EFAA7-5325-41C1-A9C2-88332A02A999} IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\..\SearchScopes\{C39EFAA7-5325-41C1-A9C2-88332A02A999}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/02 17:59:00 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe (DataLode, Inc.) O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe (DataLode, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3928028005-2389383417-736831028-1007..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3928028005-2389383417-736831028-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/04/21 22:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/04/20 17:22:29 | 000,000,000 | ---D | C] -- C:\Users\The Wand\AppData\Roaming\Malwarebytes [2012/04/20 17:22:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/04/20 17:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/20 17:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/04/20 17:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/20 17:20:45 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Wand\Desktop\mbam-setup-1.61.0.1400.exe [2012/04/20 17:07:22 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\The Wand\Desktop\mbam-clean.exe [2012/04/20 13:01:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\The Wand\Desktop\dds.scr [2012/04/20 12:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/04/19 10:16:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012/04/07 21:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/04/07 18:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/04/07 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\The Wand\AppData\Local\Secunia PSI [2012/04/07 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012/04/05 13:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [2012/04/02 18:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012/04/02 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\The Wand\AppData\Roaming\AVG2012 [2012/04/02 17:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/04/02 17:58:52 | 000,000,000 | ---D | C] -- C:\$AVG [2012/04/02 17:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/04/02 17:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files [2012/04/02 17:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/04/01 13:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/04/01 13:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Google ========== Files - Modified Within 30 Days ========== [2012/04/25 15:30:35 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012/04/25 15:27:43 | 000,010,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/25 15:27:43 | 000,010,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/25 15:26:30 | 000,770,514 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/04/25 15:26:30 | 000,656,860 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/04/25 15:26:30 | 000,116,200 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/04/25 15:21:20 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/25 15:21:20 | 000,000,350 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job [2012/04/25 15:20:35 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012/04/25 15:20:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/04/25 15:20:22 | 2146,783,231 | -HS- | M] () -- C:\hiberfil.sys [2012/04/25 12:01:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/04/25 11:54:16 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/25 11:48:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928028005-2389383417-736831028-1004UA.job [2012/04/20 17:22:19 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/20 17:20:47 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Wand\Desktop\mbam-setup-1.61.0.1400.exe [2012/04/20 17:07:27 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\The Wand\Desktop\mbam-clean.exe [2012/04/20 13:01:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\The Wand\Desktop\dds.scr [2012/04/20 12:57:14 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/04/20 09:48:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928028005-2389383417-736831028-1004Core.job [2012/04/11 15:54:57 | 000,001,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012/04/11 15:46:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/04/08 02:39:02 | 000,007,605 | ---- | M] () -- C:\Users\The Wand\AppData\Local\Resmon.ResmonCfg [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/04/02 02:48:04 | 000,000,184 | ---- | M] () -- C:\ProgramData\-clPXONau6xQcAxr [2012/04/02 02:48:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\-clPXONau6xQcAx [2012/04/02 02:47:55 | 000,000,256 | ---- | M] () -- C:\ProgramData\clPXONau6xQcAx [2012/03/28 05:11:07 | 000,000,010 | ---- | M] () -- C:\windows\popcinfo.dat ========== Files Created - No Company Name ========== [2012/04/20 17:22:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/20 12:57:14 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/04/11 15:54:57 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012/04/11 15:54:57 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012/04/07 18:45:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/04/02 02:48:04 | 000,000,184 | ---- | C] () -- C:\ProgramData\-clPXONau6xQcAxr [2012/04/02 02:48:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\-clPXONau6xQcAx [2012/04/02 02:47:53 | 000,000,256 | ---- | C] () -- C:\ProgramData\clPXONau6xQcAx [2011/12/08 20:43:42 | 000,784,108 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/08/07 17:07:55 | 000,024,576 | R--- | C] () -- C:\windows\SysWow64\AsIO.dll [2011/08/07 17:07:55 | 000,014,392 | R--- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2010/12/13 09:18:27 | 000,022,468 | ---- | C] () -- C:\windows\Ascd_log.ini [2010/11/21 23:06:08 | 000,000,036 | ---- | C] () -- C:\Users\The Wand\AppData\Local\housecall.guid.cache ========== LOP Check ========== [2012/04/02 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\AVG2012 [2011/10/31 02:21:36 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\Broderbund [2010/04/21 02:36:22 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\Nikon [2012/04/07 19:30:52 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\uTorrent [2012/04/02 18:00:27 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\AVG2012 [2010/01/25 06:07:41 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/02/03 11:20:11 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\Leadertech [2012/04/02 17:39:12 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\URSoft [2012/04/25 15:21:20 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\RegistryBooster.job [2012/03/09 02:02:02 | 000,032,586 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1CE11B51 < End of report > OTL Extras logfile created on: 4/25/2012 3:31:58 PM - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\bell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.75 Gb Available Physical Memory | 84.42% Memory free 16.00 Gb Paging File | 14.74 Gb Available in Paging File | 92.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 868.31 Gb Free Space | 93.22% Space Free | Partition Type: NTFS Computer Name: THEWAND-PC | User Name: The Wand | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Display Control Panel" = NVIDIA Display Control Panel [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{757CC236-67FF-421E-A2B5-3C0C8B76E625}" = Mavis Beacon Deluxe - 25th Anniv. Ed. "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "ESET Online Scanner" = ESET Online Scanner v3 "Info Center_is1" = Info Center 1.0.0.10 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "PROHYBRIDR" = 2007 Microsoft Office system "Secunia PSI" = Secunia PSI (2.0.0.4003) "SystemRequirementsLab" = System Requirements Lab "Uniblue RegistryBooster" = Uniblue RegistryBooster "Zuma Deluxe 1.0" = Zuma Deluxe 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/15/2011 2:24:34 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/15/2011 2:24:35 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/15/2011 2:24:35 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/15/2011 2:24:37 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/15/2011 2:24:39 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/15/2011 2:24:40 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/15/2011 2:24:40 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/15/2011 2:24:42 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 8/20/2011 4:43:54 PM | Computer Name = TheWand-PC | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "C:\windows\system32\WdfCoInstaller01005.dll".Error in manifest or policy file "C:\windows\system32\WdfCoInstaller01005.dll" on line 0. Invalid Xml syntax. Error - 8/27/2011 12:41:49 AM | Computer Name = TheWand-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. [ System Events ] Error - 4/21/2012 11:42:11 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 4/22/2012 3:44:31 AM | Computer Name = TheWand-PC | Source = DCOM | ID = 10010 Description = Error - 4/24/2012 9:58:54 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 4/24/2012 9:59:14 PM | Computer Name = TheWand-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 4/24/2012 10:04:03 PM | Computer Name = TheWand-PC | Source = DCOM | ID = 10010 Description = Error - 4/25/2012 2:17:42 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 4/25/2012 2:18:03 PM | Computer Name = TheWand-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 4/25/2012 3:40:54 PM | Computer Name = TheWand-PC | Source = DCOM | ID = 10010 Description = Error - 4/25/2012 6:20:37 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 4/25/2012 6:20:57 PM | Computer Name = TheWand-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 < End of report >

Hello, I had to be elsewhere for a couple of days. To answer the question...No, there doesn't seem to be anymore problems with this account. Thank you so much. Can I still recieve help with things like manually uninstalling the Uniblue? Should I go over to PC Help? And, what all do I need to make sure my computer stays secure...other than an AV program and updating Malwarebytes, Java and Adobe? Thanks again Maniac Dwwann

I ran the Eset scanner...it found 6 threats all named the same (/win32Registry Booster Application), that I didn't write down, because I exspected there to be a log.txt I could copy/paste. But, I'm sorry Maniac, there was no log left. I did a search, from start menu and using run, but came up empty. Not sure where to go from here. Would contribute more, if I could...does not reflect my gratitude, as I am extremely thankfull for what you and the other Experts do for us Seekers-of-Help, out here everywhere. Dwwann

Hi again. You know I just want to mention that when I opened the email, sent by Malwarebytes, a window popped up wanting me to download some files. Of course, I didn't ...as I don't click on anything anymore. It was something to do with Java. But I know when Java has an update because it notifiies me. Anyways here is the updated MBAM log Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 The Wand :: THEWAND-PC [administrator] 4/20/2012 5:23:55 PM mbam-log-2012-04-20 (17-23-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 275439 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Thank you, Maniac. Here are three log files...full scan, DDS.txt and Attach.txt logs Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 The Wand :: THEWAND-PC [administrator] 4/20/2012 12:16:45 PM mbam-log-2012-04-20 (12-16-45).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 409834 Time elapsed: 36 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by The Wand at 13:01:46 on 2012-04-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6203 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\AUDIODG.EXE C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\system32\CISVC.EXE C:\ASUS.SYS\config\DVMExportService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\windows\System32\snmp.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k iissvcs C:\windows\syswow64\snmp.exe C:\windows\system32\conhost.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\WUDFHost.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\windows\system32\taskeng.exe C:\windows\system32\msiexec.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\taskhost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.rpd" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152} : DhcpNameServer = 192.168.1.254 mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-6-5 315392] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-6 2214504] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\system32\drivers\viahduaa.sys --> C:\windows\system32\drivers\viahduaa.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253088] S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-04-20 19:35:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{458FE8F9-BC95-4E22-A8C8-381F81AF1640}\offreg.dll 2012-04-20 09:37:47 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{458FE8F9-BC95-4E22-A8C8-381F81AF1640}\mpengine.dll 2012-04-17 20:41:06 -------- d-----w- C:\Users\The Wand\AppData\Roaming\Malwarebytes 2012-04-17 20:40:42 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-04-17 20:40:42 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-17 20:40:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-11 22:12:56 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-11 22:12:56 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-11 22:12:56 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-11 22:11:47 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-11 22:11:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-11 22:11:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-11 22:11:46 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-11 22:11:46 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-11 22:11:46 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-11 22:11:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-08 04:49:32 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-04-08 01:45:48 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-04-08 01:43:34 -------- d-----w- C:\Users\The Wand\AppData\Local\Secunia PSI 2012-04-08 01:42:12 -------- d-----w- C:\Program Files (x86)\Secunia 2012-04-03 01:22:09 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-04-03 01:00:27 -------- d-----w- C:\Users\The Wand\AppData\Roaming\AVG2012 2012-04-03 00:58:52 -------- d-----w- C:\ProgramData\AVG2012 2012-04-03 00:58:52 -------- d-----w- C:\$AVG 2012-04-03 00:58:11 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-03 00:45:01 -------- d-----w- C:\ProgramData\Common Files 2012-04-03 00:44:30 -------- d-----w- C:\ProgramData\MFAData 2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-04-19 17:16:41 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 13:02:08.92 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/13/2010 8:41:01 PM System Uptime: 4/20/2012 12:14:19 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M3A78-CM Processor: AMD Phenom II X4 955 Processor | AM2 | 3200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 869.029 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP375: 4/6/2012 6:23:27 PM - Windows Update RP376: 4/7/2012 6:50:54 PM - Removed Google Earth Plug-in. RP377: 4/7/2012 6:51:54 PM - Removed Java 6 Update 29 RP378: 4/7/2012 7:09:47 PM - Removed iTunes RP379: 4/7/2012 9:10:08 PM - Windows Update RP380: 4/7/2012 9:49:08 PM - Installed Java 6 Update 31 RP381: 4/8/2012 11:38:47 AM - Windows Update RP382: 4/11/2012 3:03:38 PM - Windows Update RP383: 4/11/2012 3:11:37 PM - Windows Update RP384: 4/15/2012 2:05:35 AM - Windows Update RP385: 4/19/2012 12:45:59 AM - Windows Update RP386: 4/20/2012 3:49:04 AM - Windows Backup . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Reader 9.5.1 Apple Application Support Apple Software Update ASUSUpdate DHTML Editing Component erLT Express Gate File Uploader Google Earth Google Update Helper Info Center 1.0.0.10 Java Auto Updater Java 6 Update 31 Logitech SetPoint Malwarebytes Anti-Malware version 1.61.0.1400 Mavis Beacon Deluxe - 25th Anniv. Ed. Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nikon Message Center Nikon Transfer Platform QuickTime Realtek Ethernet Controller Driver Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition System Requirements Lab Turbo Lister 2 Uniblue RegistryBooster Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VIA Platform Device Manager Visual Studio 2008 x64 Redistributables Zuma Deluxe 1.0 . ==== Event Viewer Messages From Past Week ======== . 4/20/2012 12:14:42 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 4/20/2012 10:20:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/20/2012 10:20:37 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/20/2012 10:20:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/20/2012 10:20:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/20/2012 10:20:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/20/2012 10:20:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/20/2012 10:20:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO discache MpFilter spldr Wanarpv6 4/19/2012 7:13:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/19/2012 12:43:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/17/2012 11:36:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 3:20:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 12:43:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 7:37:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 5:54:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/14/2012 12:53:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/14/2012 11:54:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/13/2012 9:40:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/13/2012 12:30:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File ===========================

Would the SMART HDD have an effect on the other two user accounts? It is a very rare occasion that I ever log into those accounts, but one of them is my Administrator User Account and it IS having some issues. But, I do not know the extent of those issues, because within seconds of logging into that account I shut my system down due to various error windows showing on the desktop. I don't even know what the error codes were, because it scared me and I just shut down. But, they were NOT at all, the same kind of error windows the SMART HDD Virus had popping up...50, 60 maybe hundreds back to back, all at one time. But, if not, then the answer to your question would be no...I'm pretty confident SMART HDD is gone. Dwwann

Oh, yes, here's the logs for quick scan and full. Will you be wanting a new DDS.txt file after each task, also? Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 bell :: THEWAND-PC [limited] 4/17/2012 1:50:21 PM mbam-log-2012-04-17 (13-50-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210413 Time elapsed: 2 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 bell :: THEWAND-PC [limited] 4/17/2012 1:54:46 PM mbam-log-2012-04-17 (13-54-46).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 344821 Time elapsed: 32 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Hello Maniac... I did as you instructed, and run both quick scan and full scan. Both can out clean. Is it possible that it just took Malwarebytes 5 runs to get those two Trojan's off my computer? They appeared as threats on the 7th, 8th, 9th and twice on the 12th. Nothing since. There are other issues, though. Like I used, what was supposed to completely strip my system of AVG and all it's files. BleepingComputer gave me the link, but I noticed in the DDS.txt there were still files. And a couple other things, but one at a time...anyways I don't know if we are done tracking down threats. Just, that I'm following a puter Maniac...and feel safe doing that :-) Dwwann

Hi Maniac, thank you for assisting me. I tried to unistall Uniblue, but it remains. Maybe after a reboot it will be gone, but I have tried this before and it does not uninstall. The check for Updates in the Malwarebytes version I am using (v2012.04.03.01) is shaded and not available. However, there is a link saying 'Download the latest version'. That takes me to Malwarebytes Pro, and I am not able to purchase the Pro version, at this time. I will follow through with your instructions. With the DDS.Scr, I do not have an option to Run as Administrator when right-clicking. The 1st (top) option is TEST in bold print, and 3rd down is an option to Install. I have not read, in any of the forums instructions posted, what it is exactely I should do. So I just double click, enter my administrater password, and it runs. I never clicked on Install...OR test. I am not sure what is going on with my Administrator Account (upon log-in it shows error codes, at least two, both different, maybe more) so I am logged as a standard user w/rights. Please forgive, I'm not too computer wise and don't know what's best. Here are the logs I have: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.03.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 bell :: THEWAND-PC [limited] 4/16/2012 4:10:55 PM mbam-log-2012-04-16 (16-10-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207224 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ===================================================================== DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by The Wand at 16:36:50 on 2012-04-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6770 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\AUDIODG.EXE C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\system32\CISVC.EXE C:\ASUS.SYS\config\DVMExportService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\windows\System32\snmp.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k iissvcs C:\windows\syswow64\snmp.exe C:\windows\system32\conhost.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\WUDFHost.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.rpd" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152} : DhcpNameServer = 192.168.1.254 mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-6-5 315392] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-6 2214504] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416] R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\system32\drivers\viahduaa.sys --> C:\windows\system32\drivers\viahduaa.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253600] S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-04-16 19:44:44 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB8460B5-BC08-4F20-93F2-2C5B6407D82F}\mpengine.dll 2012-04-11 22:12:56 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-11 22:12:56 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-11 22:12:56 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-11 22:11:47 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-11 22:11:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-11 22:11:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-11 22:11:46 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-11 22:11:46 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-11 22:11:46 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-11 22:11:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-08 04:49:32 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-04-08 01:45:48 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-04-08 01:43:34 -------- d-----w- C:\Users\The Wand\AppData\Local\Secunia PSI 2012-04-08 01:42:12 -------- d-----w- C:\Program Files (x86)\Secunia 2012-04-03 01:22:09 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-04-03 01:00:27 -------- d-----w- C:\Users\The Wand\AppData\Roaming\AVG2012 2012-04-03 00:58:52 -------- d-----w- C:\ProgramData\AVG2012 2012-04-03 00:58:52 -------- d-----w- C:\$AVG 2012-04-03 00:58:11 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-03 00:46:48 23152 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-04-03 00:45:01 -------- d-----w- C:\ProgramData\Common Files 2012-04-03 00:44:30 -------- d-----w- C:\ProgramData\MFAData 2012-04-02 23:57:50 -------- d-----w- C:\Users\The Wand\AppData\Roaming\Malwarebytes 2012-04-02 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-02 23:57:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-04-08 01:45:48 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 16:37:10.97 ===============

Thank you, I posted where I needed to be...you guys are really great, for all you do to help others. Awesome!!

My first post titled "Need help securing PC after Malwarebytes finds same threat again and again" was under PC help, but I was directed to come here. Here is a copy of my post, so whoever picks this up will understand where I am at. Below that are the two files I was instructed to provide. Thanks you for helping me. Hello, I had no idea there was so much involved when it comes to being at risk...that is untill I was recently infected with the SMART HDD. I hired someone to help remove the virus from my system, which he did, but he installed an AV (AVG) program without first uninstalling the AV (MSE) program I already had. So, I then requested help from MSE Forum and bleepingcomputer.com and, for the most part was satisfied. But that all ended when I was instructed to do a total recovery, by someone who did not read my post correctly. It concerned issues I was having with Malwarebytes. Which brings me here...and totally overwhelmed with the many issues involved with making sure my system is, not only properly protected, but configured to perform properly, too. I have always had Windows set to auto update, as well as updateding Adobe as soon as updates were available. I was not as diligent with Java, and THAT will NEVER be the case again. I am somewhat computer illiterate, when it comes to all the technical stuff, so some of the proceedures offered are confusing. I don't really use my computer much but to sell on Ebay. I don't download music, movies, play games, chat, do facebook, IM or even emails (not very much, anyways). I only go online for research, and that's enough to get infected, as I now know. The only other threat I've encountered, was caught and quaranteened by MSE. But, then again, that was before I was aware of all the other programs needed to be fully protected, so I cannot be absolutely sure whether or not I've been invaded. The reason I am posting here is, after having two threats Malwarebytes would find again and again, I was instructed to totally break my system down and reinstall Windows with a fresh start. I really did not want to have to do that, and after running Malwarebytes again, I may have made the right choice not to do that. It appears that those two threats, both Trojan.Ajent.Gen...one a (Registry Value) HKLM\SOFTWARE\Microsoft\Windows\Current...ValueRunOnce, and the other (File) C:\Windows\System32\qrpconv.exe are no longer there. The last occurance was two days ago. Each one had been found five times by Malwarebytes. But, I am exsperiencing other issues that greatly concern me. I am currently logged into an account that I use all the time, but have access to administrator rights with a password. When I logged into the administrator account, a program called Uniblue wanted to run. I checked don't run and after two error codes popped up, I shut the system down. Uniblue is a program I can't seem to get off my computer. I don't remember even having installed it, and have never used it. I don't know what's going on with my system, only that I never had any problems before. Can someone please help me fix whatever is wrong, and more important, help me to know exactely what I need to do to properly protect my system...and myself... so this never happens again. I don't know where to start... Thank you for taking the time to read this long post...and thanks for any help/advice you can provide. Here is the DDS.txt (I completely disabled internet connection before doing this) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by The Wand at 20:32:31 on 2012-04-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6773 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\AUDIODG.EXE C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\system32\CISVC.EXE C:\ASUS.SYS\config\DVMExportService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\windows\System32\snmp.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k iissvcs C:\windows\syswow64\snmp.exe C:\windows\system32\conhost.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\windows\system32\taskhost.exe C:\windows\system32\DllHost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.rpd" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152} : DhcpNameServer = 192.168.1.254 mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-6-5 315392] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-6 2214504] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416] R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\system32\drivers\viahduaa.sys --> C:\windows\system32\drivers\viahduaa.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253600] S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-04-16 00:55:52 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91BF2AF5-581D-4A4E-9B40-66721C723C66}\mpengine.dll 2012-04-11 22:12:56 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-11 22:12:56 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-11 22:12:56 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-11 22:11:47 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-11 22:11:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-11 22:11:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-11 22:11:46 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-11 22:11:46 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-11 22:11:46 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-11 22:11:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-08 04:49:32 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-04-08 01:45:48 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-04-08 01:43:34 -------- d-----w- C:\Users\The Wand\AppData\Local\Secunia PSI 2012-04-08 01:42:12 -------- d-----w- C:\Program Files (x86)\Secunia 2012-04-03 01:22:09 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-04-03 01:00:27 -------- d-----w- C:\Users\The Wand\AppData\Roaming\AVG2012 2012-04-03 00:58:52 -------- d-----w- C:\ProgramData\AVG2012 2012-04-03 00:58:52 -------- d-----w- C:\$AVG 2012-04-03 00:58:11 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-03 00:46:48 23152 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-04-03 00:45:01 -------- d-----w- C:\ProgramData\Common Files 2012-04-03 00:44:30 -------- d-----w- C:\ProgramData\MFAData 2012-04-02 23:57:50 -------- d-----w- C:\Users\The Wand\AppData\Roaming\Malwarebytes 2012-04-02 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-02 23:57:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-04-08 01:45:48 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 20:32:49.42 =============== Here is Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/13/2010 8:41:01 PM System Uptime: 4/15/2012 7:36:46 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M3A78-CM Processor: AMD Phenom II X4 955 Processor | AM2 | 3200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 867.851 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02\4&C9CCDE8&0&0030 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02\4&C9CCDE8&0&0030 Service: RTL8167 . ==== System Restore Points =================== . RP369: 3/30/2012 1:32:34 PM - Windows Update RP370: 4/1/2012 1:40:50 PM - Installed Google SketchUp 8 RP371: 4/2/2012 5:35:23 PM - Restore Operation RP372: 4/2/2012 5:56:16 PM - Windows Update RP373: 4/2/2012 5:56:29 PM - Installed AVG 2012 RP374: 4/2/2012 5:58:19 PM - Installed AVG 2012 RP375: 4/6/2012 6:23:27 PM - Windows Update RP376: 4/7/2012 6:50:54 PM - Removed Google Earth Plug-in. RP377: 4/7/2012 6:51:54 PM - Removed Java 6 Update 29 RP378: 4/7/2012 7:09:47 PM - Removed iTunes RP379: 4/7/2012 9:10:08 PM - Windows Update RP380: 4/7/2012 9:49:08 PM - Installed Java 6 Update 31 RP381: 4/8/2012 11:38:47 AM - Windows Update RP382: 4/11/2012 3:03:38 PM - Windows Update RP383: 4/11/2012 3:11:37 PM - Windows Update RP384: 4/15/2012 2:05:35 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.1 Apple Application Support Apple Software Update ASUSUpdate DHTML Editing Component erLT Express Gate File Uploader Google Earth Google Update Helper Info Center 1.0.0.10 Java Auto Updater Java 6 Update 31 Logitech SetPoint Malwarebytes Anti-Malware version 1.60.1.1000 Mavis Beacon Deluxe - 25th Anniv. Ed. Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nikon Message Center Nikon Transfer Platform QuickTime Realtek Ethernet Controller Driver Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition System Requirements Lab Turbo Lister 2 Uniblue RegistryBooster Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VIA Platform Device Manager Visual Studio 2008 x64 Redistributables Zuma Deluxe 1.0 . ==== Event Viewer Messages From Past Week ======== . 4/9/2012 10:27:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/8/2012 7:00:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/8/2012 3:45:06 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 4/8/2012 3:45:06 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 4/8/2012 3:45:05 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread 4/8/2012 3:45:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007045b Error description: A system shutdown is in progress. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. 4/8/2012 3:45:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 7:37:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 7:37:11 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 4/15/2012 5:54:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/14/2012 12:53:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/14/2012 11:54:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/13/2012 9:40:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/13/2012 12:30:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/11/2012 3:47:47 PM, Error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified. 4/11/2012 3:01:15 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/11/2012 10:36:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/11/2012 10:04:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File ===========================

Hi,thank you for assisting me. I just ran a full scan using Malwarebytes and did a full scan with MSE. Both were sucsessfull, showing zero threats, so I'm pretty sure I'm ok...as far as being infected goes. Unless there is some other program I should run. I also installed Secunia and all is well, there too. I really just need help getting back on track with my computer running properly and to get as protected as is possible. Should I still move to where it was suggested? Thanks again, for the help.

Hello, I had no idea there was so much involved when it comes to being at risk...that is untill I was recently infected with the SMART HDD. I hired someone to help remove the virus from my system, which he did, but he installed an AV (AVG) program without first uninstalling the AV (MSE) program I already had. So, I then requested help from MSE Forum and bleepingcomputer.com and, for the most part was satisfied. But that all ended when I was instructed to do a total recovery, by someone who did not read my post correctly. It concerned issues I was having with Malwarebytes. Which brings me here...and totally overwhelmed with the many issues involved with making sure my system is, not only properly protected, but configured to perform properly, too. I have always had Windows set to auto update, as well as updateding Adobe as soon as updates were available. I was not as diligent with Java, and THAT will NEVER be the case again. I am somewhat computer illiterate, when it comes to all the technical stuff, so some of the proceedures offered are confusing. I don't really use my computer much but to sell on Ebay. I don't download music, movies, play games, chat, do facebook, IM or even emails (not very much, anyways). I only go online for research, and that's enough to get infected, as I now know. The only other threat I've encountered, was caught and quaranteened by MSE. But, then again, that was before I was aware of all the other programs needed to be fully protected, so I cannot be absolutely sure whether or not I've been invaded. The reason I am posting here is, after having two threats Malwarebytes would find again and again, I was instructed to totally break my system down and reinstall Windows with a fresh start. I really did not want to have to do that, and after running Malwarebytes again, I may have made the right choice not to do that. It appears that those two threats, both Trojan.Ajent.Gen...one a (Registry Value) HKLM\SOFTWARE\Microsoft\Windows\Current...ValueRunOnce, and the other (File) C:\Windows\System32\qrpconv.exe are no longer there. The last occurance was two days ago. Each one had been found five times by Malwarebytes. But, I am exsperiencing other issues that greatly concern me. I am currently logged into an account that I use all the time, but have access to administrator rights with a password. When I logged into the administrator account, a program called Uniblue wanted to run. I checked don't run and after two error codes popped up, I shut the system down. Uniblue is a program I can't seem to get off my computer. I don't remember even having installed it, and have never used it. I don't know what's going on with my system, only that I never had any problems before. Can someone please help me fix whatever is wrong, and more important, help me to know exactely what I need to do to properly protect my system...and myself... so this never happens again. I don't know where to start... Thank you for taking the time to read this long post...and thanks for any help/advice you can provide.