dwwann

Need help with Computer issues after SMART HDD virus infection

31 posts in this topic

My first post titled "Need help securing PC after Malwarebytes finds same threat again and again" was under PC help, but I was directed to come here. Here is a copy of my post, so whoever picks this up will understand where I am at. Below that are the two files I was instructed to provide. Thanks you for helping me.

Hello, I had no idea there was so much involved when it comes to being at risk...that is untill I was recently infected with the SMART HDD. I hired someone to help remove the virus from my system, which he did, but he installed an AV (AVG) program without first uninstalling the AV (MSE) program I already had. So, I then requested help from MSE Forum and bleepingcomputer.com and, for the most part was satisfied. But that all ended when I was instructed to do a total recovery, by someone who did not read my post correctly. It concerned issues I was having with Malwarebytes.

Which brings me here...and totally overwhelmed with the many issues involved with making sure my system is, not only properly protected, but configured to perform properly, too. I have always had Windows set to auto update, as well as updateding Adobe as soon as updates were available. I was not as diligent with Java, and THAT will NEVER be the case again.

I am somewhat computer illiterate, when it comes to all the technical stuff, so some of the proceedures offered are confusing. I don't really use my computer much but to sell on Ebay. I don't download music, movies, play games, chat, do facebook, IM or even emails (not very much, anyways). I only go online for research, and that's enough to get infected, as I now know. The only other threat I've encountered, was caught and quaranteened by MSE. But, then again, that was before I was aware of all the other programs needed to be fully protected, so I cannot be absolutely sure whether or not I've been invaded.

The reason I am posting here is, after having two threats Malwarebytes would find again and again, I was instructed to totally break my system down and reinstall Windows with a fresh start. I really did not want to have to do that, and after running Malwarebytes again, I may have made the right choice not to do that. It appears that those two threats, both Trojan.Ajent.Gen...one a (Registry Value) HKLM\SOFTWARE\Microsoft\Windows\Current...ValueRunOnce, and the other (File) C:\Windows\System32\qrpconv.exe are no longer there. The last occurance was two days ago. Each one had been found five times by Malwarebytes.

But, I am exsperiencing other issues that greatly concern me. I am currently logged into an account that I use all the time, but have access to administrator rights with a password. When I logged into the administrator account, a program called Uniblue wanted to run. I checked don't run and after two error codes popped up, I shut the system down. Uniblue is a program I can't seem to get off my computer. I don't remember even having installed it, and have never used it.

I don't know what's going on with my system, only that I never had any problems before. Can someone please help me fix whatever is wrong, and more important, help me to know exactely what I need to do to properly protect my system...and myself... so this never happens again. I don't know where to start...

Thank you for taking the time to read this long post...and thanks for any help/advice you can provide.

Here is the DDS.txt (I completely disabled internet connection before doing this)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by The Wand at 20:32:31 on 2012-04-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6773 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\AUDIODG.EXE

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\CISVC.EXE

C:\ASUS.SYS\config\DVMExportService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\windows\System32\snmp.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k iissvcs

C:\windows\syswow64\snmp.exe

C:\windows\system32\conhost.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.rpd"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152} : DhcpNameServer = 192.168.1.254

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-6-5 315392]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-6 2214504]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]

R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\system32\drivers\viahduaa.sys --> C:\windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253600]

S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-16 00:55:52 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91BF2AF5-581D-4A4E-9B40-66721C723C66}\mpengine.dll

2012-04-11 22:12:56 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-04-11 22:12:56 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 22:12:56 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-04-11 22:11:47 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-11 22:11:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-11 22:11:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-11 22:11:46 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-11 22:11:46 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-11 22:11:46 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-11 22:11:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-08 04:49:32 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-04-08 01:45:48 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-04-08 01:43:34 -------- d-----w- C:\Users\The Wand\AppData\Local\Secunia PSI

2012-04-08 01:42:12 -------- d-----w- C:\Program Files (x86)\Secunia

2012-04-03 01:22:09 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-04-03 01:00:27 -------- d-----w- C:\Users\The Wand\AppData\Roaming\AVG2012

2012-04-03 00:58:52 -------- d-----w- C:\ProgramData\AVG2012

2012-04-03 00:58:52 -------- d-----w- C:\$AVG

2012-04-03 00:58:11 -------- d-----w- C:\Program Files (x86)\AVG

2012-04-03 00:46:48 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-04-03 00:45:01 -------- d-----w- C:\ProgramData\Common Files

2012-04-03 00:44:30 -------- d-----w- C:\ProgramData\MFAData

2012-04-02 23:57:50 -------- d-----w- C:\Users\The Wand\AppData\Roaming\Malwarebytes

2012-04-02 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-02 23:57:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-04-08 01:45:48 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

.

============= FINISH: 20:32:49.42 ===============

Here is Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/13/2010 8:41:01 PM

System Uptime: 4/15/2012 7:36:46 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M3A78-CM

Processor: AMD Phenom II X4 955 Processor | AM2 | 3200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 867.851 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02\4&C9CCDE8&0&0030

Manufacturer: Realtek

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02\4&C9CCDE8&0&0030

Service: RTL8167

.

==== System Restore Points ===================

.

RP369: 3/30/2012 1:32:34 PM - Windows Update

RP370: 4/1/2012 1:40:50 PM - Installed Google SketchUp 8

RP371: 4/2/2012 5:35:23 PM - Restore Operation

RP372: 4/2/2012 5:56:16 PM - Windows Update

RP373: 4/2/2012 5:56:29 PM - Installed AVG 2012

RP374: 4/2/2012 5:58:19 PM - Installed AVG 2012

RP375: 4/6/2012 6:23:27 PM - Windows Update

RP376: 4/7/2012 6:50:54 PM - Removed Google Earth Plug-in.

RP377: 4/7/2012 6:51:54 PM - Removed Java 6 Update 29

RP378: 4/7/2012 7:09:47 PM - Removed iTunes

RP379: 4/7/2012 9:10:08 PM - Windows Update

RP380: 4/7/2012 9:49:08 PM - Installed Java 6 Update 31

RP381: 4/8/2012 11:38:47 AM - Windows Update

RP382: 4/11/2012 3:03:38 PM - Windows Update

RP383: 4/11/2012 3:11:37 PM - Windows Update

RP384: 4/15/2012 2:05:35 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1

Apple Application Support

Apple Software Update

ASUSUpdate

DHTML Editing Component

erLT

Express Gate

File Uploader

Google Earth

Google Update Helper

Info Center 1.0.0.10

Java Auto Updater

Java 6 Update 31

Logitech SetPoint

Malwarebytes Anti-Malware version 1.60.1.1000

Mavis Beacon Deluxe - 25th Anniv. Ed.

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nikon Message Center

Nikon Transfer

Platform

QuickTime

Realtek Ethernet Controller Driver

Secunia PSI (2.0.0.4003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

System Requirements Lab

Turbo Lister 2

Uniblue RegistryBooster

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VIA Platform Device Manager

Visual Studio 2008 x64 Redistributables

Zuma Deluxe 1.0

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 10:27:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/8/2012 7:00:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/8/2012 3:45:06 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

4/8/2012 3:45:06 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

4/8/2012 3:45:05 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

4/8/2012 3:45:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007045b Error description: A system shutdown is in progress. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

4/8/2012 3:45:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 7:37:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 7:37:11 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

4/15/2012 5:54:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/14/2012 12:53:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/14/2012 11:54:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/13/2012 9:40:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/13/2012 12:30:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 3:47:47 PM, Error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified.

4/11/2012 3:01:15 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 10:36:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 10:04:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello dwwann! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Uninstall Uniblue RegistryBooster, if you don't need it. Good explanation about it:

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Hi Maniac, thank you for assisting me.

I tried to unistall Uniblue, but it remains. Maybe after a reboot it will be gone, but I have tried this before and it does not uninstall.

The check for Updates in the Malwarebytes version I am using (v2012.04.03.01) is shaded and not available. However, there is a link saying 'Download the latest version'. That takes me to Malwarebytes Pro, and I am not able to purchase the Pro version, at this time. I will follow through with your instructions.

With the DDS.Scr, I do not have an option to Run as Administrator when right-clicking. The 1st (top) option is TEST in bold print, and 3rd down is an option to Install. I have not read, in any of the forums instructions posted, what it is exactely I should do. So I just double click, enter my administrater password, and it runs. I never clicked on Install...OR test.

I am not sure what is going on with my Administrator Account (upon log-in it shows error codes, at least two, both different, maybe more) so I am logged as a standard user w/rights.

Please forgive, I'm not too computer wise and don't know what's best. Here are the logs I have:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.03.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

bell :: THEWAND-PC [limited]

4/16/2012 4:10:55 PM

mbam-log-2012-04-16 (16-10-55).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207224

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

=====================================================================

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by The Wand at 16:36:50 on 2012-04-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6770 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\AUDIODG.EXE

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\CISVC.EXE

C:\ASUS.SYS\config\DVMExportService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\windows\System32\snmp.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k iissvcs

C:\windows\syswow64\snmp.exe

C:\windows\system32\conhost.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.rpd"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152} : DhcpNameServer = 192.168.1.254

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-6-5 315392]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-6 2214504]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]

R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\system32\drivers\viahduaa.sys --> C:\windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253600]

S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-16 19:44:44 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB8460B5-BC08-4F20-93F2-2C5B6407D82F}\mpengine.dll

2012-04-11 22:12:56 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-04-11 22:12:56 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 22:12:56 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-04-11 22:11:47 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-11 22:11:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-11 22:11:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-11 22:11:46 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-11 22:11:46 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-11 22:11:46 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-11 22:11:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-08 04:49:32 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-04-08 01:45:48 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-04-08 01:43:34 -------- d-----w- C:\Users\The Wand\AppData\Local\Secunia PSI

2012-04-08 01:42:12 -------- d-----w- C:\Program Files (x86)\Secunia

2012-04-03 01:22:09 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-04-03 01:00:27 -------- d-----w- C:\Users\The Wand\AppData\Roaming\AVG2012

2012-04-03 00:58:52 -------- d-----w- C:\ProgramData\AVG2012

2012-04-03 00:58:52 -------- d-----w- C:\$AVG

2012-04-03 00:58:11 -------- d-----w- C:\Program Files (x86)\AVG

2012-04-03 00:46:48 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-04-03 00:45:01 -------- d-----w- C:\ProgramData\Common Files

2012-04-03 00:44:30 -------- d-----w- C:\ProgramData\MFAData

2012-04-02 23:57:50 -------- d-----w- C:\Users\The Wand\AppData\Roaming\Malwarebytes

2012-04-02 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-02 23:57:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-04-08 01:45:48 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

.

============= FINISH: 16:37:10.97 ===============

Share this post


Link to post
Share on other sites

In this case, Uniblue will be manually clean it.

About Malwarebytes' Anti-malware, please do the following:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Next, run MBAM again.

Share this post


Link to post
Share on other sites

Hello Maniac...

I did as you instructed, and run both quick scan and full scan. Both can out clean. Is it possible that it just took Malwarebytes 5 runs to get those two Trojan's off my computer? They appeared as threats on the 7th, 8th, 9th and twice on the 12th. Nothing since.

There are other issues, though. Like I used, what was supposed to completely strip my system of AVG and all it's files. BleepingComputer gave me the link, but I noticed in the DDS.txt there were still files. And a couple other things, but one at a time...anyways I don't know if we are done tracking down threats. Just, that I'm following a puter Maniac...and feel safe doing that :-)

Dwwann

Share this post


Link to post
Share on other sites

I want to see the log files as always.

Share this post


Link to post
Share on other sites

Oh, yes, here's the logs for quick scan and full. Will you be wanting a new DDS.txt file after each task, also?

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.17.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

bell :: THEWAND-PC [limited]

4/17/2012 1:50:21 PM

mbam-log-2012-04-17 (13-50-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210413

Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.17.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

bell :: THEWAND-PC [limited]

4/17/2012 1:54:46 PM

mbam-log-2012-04-17 (13-54-46).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 344821

Time elapsed: 32 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Thanks!

Do you still have a problem with Smart HDD?

Share this post


Link to post
Share on other sites

Would the SMART HDD have an effect on the other two user accounts? It is a very rare occasion that I ever log into those accounts, but one of them is my Administrator User Account and it IS having some issues. But, I do not know the extent of those issues, because within seconds of logging into that account I shut my system down due to various error windows showing on the desktop. I don't even know what the error codes were, because it scared me and I just shut down. But, they were NOT at all, the same kind of error windows the SMART HDD Virus had popping up...50, 60 maybe hundreds back to back, all at one time.

But, if not, then the answer to your question would be no...I'm pretty confident SMART HDD is gone.

Dwwann

Share this post


Link to post
Share on other sites

My job includes this account and have not made ​​any changes to your other accounts. If you want to check there, I need a fresh DDS log file from there.

Share this post


Link to post
Share on other sites

Thank you, Maniac. Here are three log files...full scan, DDS.txt and Attach.txt logs

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.17.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

The Wand :: THEWAND-PC [administrator]

4/20/2012 12:16:45 PM

mbam-log-2012-04-20 (12-16-45).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 409834

Time elapsed: 36 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by The Wand at 13:01:46 on 2012-04-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6203 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\AUDIODG.EXE

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\CISVC.EXE

C:\ASUS.SYS\config\DVMExportService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\windows\System32\snmp.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k iissvcs

C:\windows\syswow64\snmp.exe

C:\windows\system32\conhost.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.rpd"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152} : DhcpNameServer = 192.168.1.254

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-6-5 315392]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-6 2214504]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\system32\drivers\viahduaa.sys --> C:\windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253088]

S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-29 136176]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-20 19:35:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{458FE8F9-BC95-4E22-A8C8-381F81AF1640}\offreg.dll

2012-04-20 09:37:47 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{458FE8F9-BC95-4E22-A8C8-381F81AF1640}\mpengine.dll

2012-04-17 20:41:06 -------- d-----w- C:\Users\The Wand\AppData\Roaming\Malwarebytes

2012-04-17 20:40:42 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-04-17 20:40:42 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-17 20:40:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-11 22:12:56 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-04-11 22:12:56 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 22:12:56 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-04-11 22:11:47 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-11 22:11:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-11 22:11:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-11 22:11:46 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-11 22:11:46 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-11 22:11:46 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-11 22:11:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-08 04:49:32 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-04-08 01:50:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-04-08 01:45:48 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-04-08 01:43:34 -------- d-----w- C:\Users\The Wand\AppData\Local\Secunia PSI

2012-04-08 01:42:12 -------- d-----w- C:\Program Files (x86)\Secunia

2012-04-03 01:22:09 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-04-03 01:00:27 -------- d-----w- C:\Users\The Wand\AppData\Roaming\AVG2012

2012-04-03 00:58:52 -------- d-----w- C:\ProgramData\AVG2012

2012-04-03 00:58:52 -------- d-----w- C:\$AVG

2012-04-03 00:58:11 -------- d-----w- C:\Program Files (x86)\AVG

2012-04-03 00:45:01 -------- d-----w- C:\ProgramData\Common Files

2012-04-03 00:44:30 -------- d-----w- C:\ProgramData\MFAData

2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-04-19 17:16:41 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

.

============= FINISH: 13:02:08.92 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/13/2010 8:41:01 PM

System Uptime: 4/20/2012 12:14:19 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M3A78-CM

Processor: AMD Phenom II X4 955 Processor | AM2 | 3200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 869.029 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP375: 4/6/2012 6:23:27 PM - Windows Update

RP376: 4/7/2012 6:50:54 PM - Removed Google Earth Plug-in.

RP377: 4/7/2012 6:51:54 PM - Removed Java 6 Update 29

RP378: 4/7/2012 7:09:47 PM - Removed iTunes

RP379: 4/7/2012 9:10:08 PM - Windows Update

RP380: 4/7/2012 9:49:08 PM - Installed Java 6 Update 31

RP381: 4/8/2012 11:38:47 AM - Windows Update

RP382: 4/11/2012 3:03:38 PM - Windows Update

RP383: 4/11/2012 3:11:37 PM - Windows Update

RP384: 4/15/2012 2:05:35 AM - Windows Update

RP385: 4/19/2012 12:45:59 AM - Windows Update

RP386: 4/20/2012 3:49:04 AM - Windows Backup

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Reader 9.5.1

Apple Application Support

Apple Software Update

ASUSUpdate

DHTML Editing Component

erLT

Express Gate

File Uploader

Google Earth

Google Update Helper

Info Center 1.0.0.10

Java Auto Updater

Java 6 Update 31

Logitech SetPoint

Malwarebytes Anti-Malware version 1.61.0.1400

Mavis Beacon Deluxe - 25th Anniv. Ed.

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nikon Message Center

Nikon Transfer

Platform

QuickTime

Realtek Ethernet Controller Driver

Secunia PSI (2.0.0.4003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

System Requirements Lab

Turbo Lister 2

Uniblue RegistryBooster

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VIA Platform Device Manager

Visual Studio 2008 x64 Redistributables

Zuma Deluxe 1.0

.

==== Event Viewer Messages From Past Week ========

.

4/20/2012 12:14:42 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

4/20/2012 10:20:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 10:20:37 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 10:20:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/20/2012 10:20:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/20/2012 10:20:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/20/2012 10:20:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/20/2012 10:20:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO discache MpFilter spldr Wanarpv6

4/19/2012 7:13:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/19/2012 12:43:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/17/2012 11:36:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 3:20:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 12:43:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 7:37:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 5:54:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/14/2012 12:53:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/14/2012 11:54:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/13/2012 9:40:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/13/2012 12:30:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Your Malwarebytes' Anti-Malware was not updated before scan, please try again.

Share this post


Link to post
Share on other sites

Hi again. You know I just want to mention that when I opened the email, sent by Malwarebytes, a window popped up wanting me to download some files. Of course, I didn't ...as I don't click on anything anymore. It was something to do with Java. But I know when Java has an update because it notifiies me. Anyways here is the updated MBAM log

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

The Wand :: THEWAND-PC [administrator]

4/20/2012 5:23:55 PM

mbam-log-2012-04-20 (17-23-55).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 275439

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

I ran the Eset scanner...it found 6 threats all named the same (/win32Registry Booster Application), that I didn't write down, because I exspected there to be a log.txt I could copy/paste. But, I'm sorry Maniac, there was no log left. I did a search, from start menu and using run, but came up empty. Not sure where to go from here. Would contribute more, if I could...does not reflect my gratitude, as I am extremely thankfull for what you and the other Experts do for us Seekers-of-Help, out here everywhere.

Dwwann

Share this post


Link to post
Share on other sites

It is not a big deal, don't worry. Is there any problem with this account?

Share this post


Link to post
Share on other sites

Hello, I had to be elsewhere for a couple of days. To answer the question...No, there doesn't seem to be anymore problems with this account. Thank you so much. Can I still recieve help with things like manually uninstalling the Uniblue? Should I go over to PC Help? And, what all do I need to make sure my computer stays secure...other than an AV program and updating Malwarebytes, Java and Adobe? Thanks again Maniac

Dwwann

Share this post


Link to post
Share on other sites
And, what all do I need to make sure my computer stays secure...other than an AV program and updating Malwarebytes, Java and Adobe?

More information is coming after finish this.

I will manually delete it, sorry.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Here they are...

OTL logfile created on: 4/25/2012 3:31:58 PM - Run 1

OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\bell\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.75 Gb Available Physical Memory | 84.42% Memory free

16.00 Gb Paging File | 14.74 Gb Available in Paging File | 92.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 868.31 Gb Free Space | 93.22% Space Free | Partition Type: NTFS

Computer Name: THEWAND-PC | User Name: The Wand | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 15:29:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\bell\Desktop\OTL.exe

PRC - [2012/04/19 10:16:41 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

PRC - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe

PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010/11/20 05:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\snmp.exe

PRC - [2009/06/05 13:12:44 | 000,315,392 | ---- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/11/20 06:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)

SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)

SRV - [2012/04/19 10:16:41 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/11/20 05:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 13:12:44 | 000,315,392 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)

DRV:64bit: - [2010/07/14 01:35:35 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)

DRV:64bit: - [2009/08/17 19:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/17 09:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)

DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/17 09:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)

DRV:64bit: - [2009/06/17 09:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/13 18:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z201&ocid=zdhp&install_date=20111119

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F E8 B1 9A 27 55 CC 01 [binary data]

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 3F 7F 99 DF 71 CC 01 [binary data]

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\..\SearchScopes,DefaultScope = {C39EFAA7-5325-41C1-A9C2-88332A02A999}

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\..\SearchScopes\{C39EFAA7-5325-41C1-A9C2-88332A02A999}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-3928028005-2389383417-736831028-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/02 17:59:00 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found

O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe (DataLode, Inc.)

O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files (x86)\Broderbund\Mavis Beacon Deluxe - 25th Anniversary Edition\RegApp\encore_reg.exe (DataLode, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3928028005-2389383417-736831028-1007..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-3928028005-2389383417-736831028-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O7 - HKU\S-1-5-21-3928028005-2389383417-736831028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found

O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA97EC97-DA7E-4FB9-94F6-6EA74C409152}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 22:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/04/20 17:22:29 | 000,000,000 | ---D | C] -- C:\Users\The Wand\AppData\Roaming\Malwarebytes

[2012/04/20 17:22:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/04/20 17:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/20 17:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/20 17:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/20 17:20:45 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Wand\Desktop\mbam-setup-1.61.0.1400.exe

[2012/04/20 17:07:22 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\The Wand\Desktop\mbam-clean.exe

[2012/04/20 13:01:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\The Wand\Desktop\dds.scr

[2012/04/20 12:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012/04/19 10:16:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012/04/07 21:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/04/07 18:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/04/07 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\The Wand\AppData\Local\Secunia PSI

[2012/04/07 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia

[2012/04/05 13:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC

[2012/04/02 18:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012/04/02 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\The Wand\AppData\Roaming\AVG2012

[2012/04/02 17:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[2012/04/02 17:58:52 | 000,000,000 | ---D | C] -- C:\$AVG

[2012/04/02 17:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2012/04/02 17:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files

[2012/04/02 17:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/04/01 13:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/04/01 13:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

========== Files - Modified Within 30 Days ==========

[2012/04/25 15:30:35 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2012/04/25 15:27:43 | 000,010,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/25 15:27:43 | 000,010,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/25 15:26:30 | 000,770,514 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/04/25 15:26:30 | 000,656,860 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/04/25 15:26:30 | 000,116,200 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/04/25 15:21:20 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/25 15:21:20 | 000,000,350 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job

[2012/04/25 15:20:35 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl

[2012/04/25 15:20:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/04/25 15:20:22 | 2146,783,231 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/25 12:01:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/04/25 11:54:16 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/25 11:48:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928028005-2389383417-736831028-1004UA.job

[2012/04/20 17:22:19 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/20 17:20:47 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Wand\Desktop\mbam-setup-1.61.0.1400.exe

[2012/04/20 17:07:27 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\The Wand\Desktop\mbam-clean.exe

[2012/04/20 13:01:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\The Wand\Desktop\dds.scr

[2012/04/20 12:57:14 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012/04/20 09:48:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928028005-2389383417-736831028-1004Core.job

[2012/04/11 15:54:57 | 000,001,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012/04/11 15:46:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/08 02:39:02 | 000,007,605 | ---- | M] () -- C:\Users\The Wand\AppData\Local\Resmon.ResmonCfg

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/04/02 02:48:04 | 000,000,184 | ---- | M] () -- C:\ProgramData\-clPXONau6xQcAxr

[2012/04/02 02:48:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\-clPXONau6xQcAx

[2012/04/02 02:47:55 | 000,000,256 | ---- | M] () -- C:\ProgramData\clPXONau6xQcAx

[2012/03/28 05:11:07 | 000,000,010 | ---- | M] () -- C:\windows\popcinfo.dat

========== Files Created - No Company Name ==========

[2012/04/20 17:22:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/20 12:57:14 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012/04/11 15:54:57 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012/04/11 15:54:57 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

[2012/04/07 18:45:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/04/02 02:48:04 | 000,000,184 | ---- | C] () -- C:\ProgramData\-clPXONau6xQcAxr

[2012/04/02 02:48:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\-clPXONau6xQcAx

[2012/04/02 02:47:53 | 000,000,256 | ---- | C] () -- C:\ProgramData\clPXONau6xQcAx

[2011/12/08 20:43:42 | 000,784,108 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/07 17:07:55 | 000,024,576 | R--- | C] () -- C:\windows\SysWow64\AsIO.dll

[2011/08/07 17:07:55 | 000,014,392 | R--- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2010/12/13 09:18:27 | 000,022,468 | ---- | C] () -- C:\windows\Ascd_log.ini

[2010/11/21 23:06:08 | 000,000,036 | ---- | C] () -- C:\Users\The Wand\AppData\Local\housecall.guid.cache

========== LOP Check ==========

[2012/04/02 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\AVG2012

[2011/10/31 02:21:36 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\Broderbund

[2010/04/21 02:36:22 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\Nikon

[2012/04/07 19:30:52 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\uTorrent

[2012/04/02 18:00:27 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\AVG2012

[2010/01/25 06:07:41 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/02/03 11:20:11 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\Leadertech

[2012/04/02 17:39:12 | 000,000,000 | ---D | M] -- C:\Users\The Wand\AppData\Roaming\URSoft

[2012/04/25 15:21:20 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\RegistryBooster.job

[2012/03/09 02:02:02 | 000,032,586 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

OTL Extras logfile created on: 4/25/2012 3:31:58 PM - Run 1

OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\bell\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.75 Gb Available Physical Memory | 84.42% Memory free

16.00 Gb Paging File | 14.74 Gb Available in Paging File | 92.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 868.31 Gb Free Space | 93.22% Space Free | Partition Type: NTFS

Computer Name: THEWAND-PC | User Name: The Wand | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{757CC236-67FF-421E-A2B5-3C0C8B76E625}" = Mavis Beacon Deluxe - 25th Anniv. Ed.

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"ESET Online Scanner" = ESET Online Scanner v3

"Info Center_is1" = Info Center 1.0.0.10

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"PROHYBRIDR" = 2007 Microsoft Office system

"Secunia PSI" = Secunia PSI (2.0.0.4003)

"SystemRequirementsLab" = System Requirements Lab

"Uniblue RegistryBooster" = Uniblue RegistryBooster

"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3928028005-2389383417-736831028-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/15/2011 2:24:34 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/15/2011 2:24:35 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/15/2011 2:24:35 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/15/2011 2:24:37 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/15/2011 2:24:39 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/15/2011 2:24:40 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/15/2011 2:24:40 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/15/2011 2:24:42 AM | Computer Name = TheWand-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 8/20/2011 4:43:54 PM | Computer Name = TheWand-PC | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "C:\windows\system32\WdfCoInstaller01005.dll".Error

in manifest or policy file "C:\windows\system32\WdfCoInstaller01005.dll" on line

0. Invalid Xml syntax.

Error - 8/27/2011 12:41:49 AM | Computer Name = TheWand-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

[ System Events ]

Error - 4/21/2012 11:42:11 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 4/22/2012 3:44:31 AM | Computer Name = TheWand-PC | Source = DCOM | ID = 10010

Description =

Error - 4/24/2012 9:58:54 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 4/24/2012 9:59:14 PM | Computer Name = TheWand-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 4/24/2012 10:04:03 PM | Computer Name = TheWand-PC | Source = DCOM | ID = 10010

Description =

Error - 4/25/2012 2:17:42 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 4/25/2012 2:18:03 PM | Computer Name = TheWand-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 4/25/2012 3:40:54 PM | Computer Name = TheWand-PC | Source = DCOM | ID = 10010

Description =

Error - 4/25/2012 6:20:37 PM | Computer Name = TheWand-PC | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 4/25/2012 6:20:57 PM | Computer Name = TheWand-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2012/04/02 02:48:04 | 000,000,184 | ---- | M] () -- C:\ProgramData\-clPXONau6xQcAxr
    [2012/04/02 02:48:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\-clPXONau6xQcAx
    [2012/04/02 02:47:55 | 000,000,256 | ---- | M] () -- C:\ProgramData\clPXONau6xQcAx
    [2012/04/25 15:21:20 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\RegistryBooster.job
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/02 17:59:00 | 000,000,000 | ---D | M]
    O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
    [2012/04/02 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\The Wand\AppData\Roaming\AVG2012
    [2012/04/02 17:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/04/02 17:58:52 | 000,000,000 | ---D | C] -- C:\$AVG
    [2012/04/02 17:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/04/02 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\bell\AppData\Roaming\AVG2012

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Uniblue RegistryBooster" =-

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

WOW...that was something.

All processes killed

========== OTL ==========

C:\ProgramData\-clPXONau6xQcAxr moved successfully.

C:\ProgramData\-clPXONau6xQcAx moved successfully.

C:\ProgramData\clPXONau6xQcAx moved successfully.

C:\Windows\Tasks\RegistryBooster.job moved successfully.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found.

C:\Users\The Wand\AppData\Roaming\AVG2012\cfgall folder moved successfully.

C:\Users\The Wand\AppData\Roaming\AVG2012 folder moved successfully.

C:\ProgramData\AVG2012\log folder moved successfully.

C:\ProgramData\AVG2012\fet folder moved successfully.

C:\ProgramData\AVG2012 folder moved successfully.

C:\$AVG\$VAULT folder moved successfully.

C:\$AVG\$CHJW folder moved successfully.

C:\$AVG folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012\html\reportcard folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012\html folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\defaults\preferences folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\defaults folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\Chrome folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012\Firefox folder moved successfully.

C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.

C:\Program Files (x86)\AVG folder moved successfully.

C:\Users\bell\AppData\Roaming\AVG2012\cfgall folder moved successfully.

C:\Users\bell\AppData\Roaming\AVG2012 folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Uniblue RegistryBooster not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bell

->Temp folder emptied: 238892051 bytes

->Temporary Internet Files folder emptied: 574569893 bytes

->Java cache emptied: 3120627 bytes

->Google Chrome cache emptied: 201501437 bytes

->Flash cache emptied: 174833 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: susan

->Temp folder emptied: 3631 bytes

->Temporary Internet Files folder emptied: 2711781 bytes

->Flash cache emptied: 3494 bytes

User: The Wand

->Temp folder emptied: 222872433 bytes

->Temporary Internet Files folder emptied: 62169313 bytes

->Java cache emptied: 15891 bytes

->Flash cache emptied: 62959 bytes

User: Tinker

->Temp folder emptied: 6813721 bytes

->Temporary Internet Files folder emptied: 68307527 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 52581 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 480868815 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36079993 bytes

RecycleBin emptied: 2844 bytes

Total Files Cleaned = 1,810.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.0 log created on 04262012_105257

Share this post


Link to post
Share on other sites

Absolutely! Maniac, you are like Gold! It's like no more speed bumps...except for that Stubborn Uniblue just doesn't want to give up.

I clicked on it's properties from the start menu and it says size is 2.82 kb and then it says size on disk is 8.00 kb, 2files, 1 folder.

Dwwann

Share this post


Link to post
Share on other sites

Don't give up!

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *RegistryBooster*

    :folderfind
    *uniblue*

    :regfind
    uniblue
    registrybooster


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

Give up? I may be just getting started...jus kidding.

BUT, I do have this other program "updatechecker.exe" that is part of the ASUS motherboard I have. I have read mixed reviews about it so I never use it, but did use it one time. I will not use it in the future either and since it pops up every time I log in it's probably doing more harm than good...even if that's just because it butts in on my space. What do you think, do I need to use it, or something like it? It's suppose to check for drver updates, but I read some versions are a security risk. And, well you know how we feel about those...

Dwwann

SystemLook 30.07.11 by jpshortstuff

Log created at 07:29 on 28/04/2012 by The Wand

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*RegistryBooster*"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk --a---- 1824 bytes [11:28 24/11/2011] [11:28 24/11/2011] F239E51575F80B267CF0FE3B4E1DEFD8

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\Uninstall RegistryBooster.lnk --a---- 1064 bytes [11:28 24/11/2011] [11:28 24/11/2011] 78B0CD93725D5C43D1BCDAA2FDE12A16

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk --a---- 1824 bytes [11:28 24/11/2011] [11:28 24/11/2011] F239E51575F80B267CF0FE3B4E1DEFD8

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\Uninstall RegistryBooster.lnk --a---- 1064 bytes [11:28 24/11/2011] [11:28 24/11/2011] 78B0CD93725D5C43D1BCDAA2FDE12A16

C:\_OTL\MovedFiles\04262012_105257\C_Windows\Tasks\RegistryBooster.job --a---- 350 bytes [11:28 24/11/2011] [17:43 26/04/2012] D3D61B27663526091D8624C73A08B30A

========== folderfind ==========

Searching for "*uniblue*"

C:\Program Files (x86)\Uniblue d------ [11:28 24/11/2011]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue d------ [11:28 24/11/2011]

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue d------ [11:28 24/11/2011]

========== regfind ==========

Searching for "uniblue"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"DisplayName"="Uniblue RegistryBooster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"Publisher"="Uniblue Systems Ltd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"Contact"="Uniblue Systems Ltd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"HelpLink"="http://support.uniblue.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"URLUpdateInfo"="http://www.uniblue.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"Comments"="Copyright © Uniblue Systems Limited 2009"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"InstallLocation"="C:\Program Files (x86)\Uniblue\RegistryBooster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue]

[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2]

"InstalledLocation"="C:\Program Files (x86)\\Uniblue\RegistryBooster\Launcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2]

"LatestDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2]

"CampaignDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe"

Searching for "registrybooster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"DisplayName"="Uniblue RegistryBooster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue RegistryBooster]

"InstallLocation"="C:\Program Files (x86)\Uniblue\RegistryBooster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2]

"InstalledLocation"="C:\Program Files (x86)\\Uniblue\RegistryBooster\Launcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2]

"LatestDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2]

"CampaignDownloadUrl"="http://download.uniblue.com/aff/rb/sevenforums/bt-11-030/a/registrybooster.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\registrybooster[1].exe]

-= EOF =-

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.