[Solved] Malware blocking internet and antivirus software on Win 7

MASH · Dec 1, 2010

I can't run Combo fix because of my os it would seem. I consitantly get an incompatable OS message. Will Rkill fix this? I was not quite sure after reading your post.
In the mean while here's the scan.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: CLEVO CO.
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: CLEVO CO.
System Product Name: W870CU
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 196):
0x02C0C000 \SystemRoot\system32\ntoskrnl.exe
0x031E8000 \SystemRoot\system32\hal.dll
0x00BCF000 \SystemRoot\system32\kdcom.dll
0x00CCA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0E000 \SystemRoot\system32\PSHED.dll
0x00D22000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E50000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F03000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F5A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F63000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F6D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FA0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FAD000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FD7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D80000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01295000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0129E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012C8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012D3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012E3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012EE000 \SystemRoot\system32\drivers\fltmgr.sys
0x0133A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0144E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0134E000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01665000 \SystemRoot\system32\drivers\ndis.sys
0x01757000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B7000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x013AC000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164A000 \SystemRoot\System32\Drivers\spldr.sys
0x01AFB000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B35000 \SystemRoot\System32\Drivers\mup.sys
0x01B50000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B59000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B93000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042BE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x042E8000 \SystemRoot\System32\Drivers\Null.SYS
0x042F1000 \SystemRoot\System32\Drivers\Beep.SYS
0x042F8000 \SystemRoot\System32\drivers\vga.sys
0x04306000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0432B000 \SystemRoot\System32\drivers\watchdog.sys
0x0433B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04344000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0434D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04356000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04361000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04372000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04390000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04000000 \SystemRoot\system32\drivers\afd.sys
0x0439D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043E2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01A00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0408A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01A26000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01A41000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01A55000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01AA6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01AB2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01ABD000 \SystemRoot\System32\drivers\discache.sys
0x01ACC000 \SystemRoot\System32\Drivers\dfsc.sys
0x01AEA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00E1A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A10000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0553D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02EC5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02FB9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E11000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02E67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x044BC000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x045E3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04451000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x04480000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04485000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x044A3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02E8B000 \SystemRoot\system32\DRIVERS\fspad_wlh64.sys
0x045F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0553F000 \SystemRoot\system32\DRIVERS\itecir.sys
0x044B2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02E9D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02EB3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x055A1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x055B7000 \SystemRoot\system32\DRIVERS\bridge.sys
0x055D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04612000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04641000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0465C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0467D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04697000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04699000 \SystemRoot\system32\DRIVERS\ks.sys
0x046DC000 \SystemRoot\system32\DRIVERS\circlass.sys
0x046EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04700000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0475A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0681C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0476F000 \SystemRoot\system32\drivers\portcls.sys
0x047AC000 \SystemRoot\system32\drivers\drmk.sys
0x06800000 \SystemRoot\system32\drivers\ksthunk.sys
0x06A5D000 \SystemRoot\system32\DRIVERS\SmSerl64.sys
0x06B97000 \SystemRoot\system32\drivers\modem.sys
0x06BA6000 \SystemRoot\system32\DRIVERS\hidir.sys
0x06BB7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06BD0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06BD9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06BE7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x06BF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x06A00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040A0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06A0E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x06A2F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06A4C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047CE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00DDC000 \SystemRoot\system32\drivers\luafv.sys
0x06A4E000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x03CED000 \SystemRoot\system32\drivers\WudfPf.sys
0x03D0E000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x03D1F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03D50000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03D65000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03DB8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03C00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x070A0000 \SystemRoot\system32\drivers\HTTP.sys
0x07168000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07186000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0719E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0704E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03C36000 \SystemRoot\system32\drivers\peauth.sys
0x07071000 \SystemRoot\System32\Drivers\secdrv.SYS
0x076B9000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x07770000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x077BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x077EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C0C000 \SystemRoot\System32\DRIVERS\srv.sys
0x07CA2000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x07DA2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x07CD4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x779B0000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0xFFCD0000 \Windows\System32\apisetschema.dll
0xFFFF0000 \Windows\System32\autochk.exe
0xFEF30000 \Windows\System32\shell32.dll
0xFED50000 \Windows\System32\setupapi.dll
0xFEC70000 \Windows\System32\oleaut32.dll
0xFEBD0000 \Windows\System32\msvcrt.dll
0xFEB50000 \Windows\System32\difxapi.dll
0xFE8F0000 \Windows\System32\iertutil.dll
0xFE870000 \Windows\System32\shlwapi.dll
0xFE850000 \Windows\System32\imagehlp.dll
0x77890000 \Windows\System32\kernel32.dll
0xFE6D0000 \Windows\System32\urlmon.dll
0xFE4C0000 \Windows\System32\ole32.dll
0xFE450000 \Windows\System32\gdi32.dll
0xFE440000 \Windows\System32\lpk.dll
0xFE410000 \Windows\System32\imm32.dll
0xFE370000 \Windows\System32\comdlg32.dll
0xFE290000 \Windows\System32\advapi32.dll
0x77B80000 \Windows\System32\psapi.dll
0xFE180000 \Windows\System32\msctf.dll
0xFE0E0000 \Windows\System32\clbcatq.dll
0x77B70000 \Windows\System32\normaliz.dll
0xFE0D0000 \Windows\System32\nsi.dll
0xFDFA0000 \Windows\System32\wininet.dll
0xFDED0000 \Windows\System32\usp10.dll
0xFDE80000 \Windows\System32\ws2_32.dll
0xFDE60000 \Windows\System32\sechost.dll
0xFDE10000 \Windows\System32\Wldap32.dll
0xFDCE0000 \Windows\System32\rpcrt4.dll
0x77790000 \Windows\System32\user32.dll
0xFDC70000 \Windows\System32\KernelBase.dll
0xFDBD0000 \Windows\System32\comctl32.dll
0xFDBB0000 \Windows\System32\devobj.dll
0xFDB70000 \Windows\System32\cfgmgr32.dll
0xFDB30000 \Windows\System32\wintrust.dll
0xFD9C0000 \Windows\System32\crypt32.dll
0xFD9B0000 \Windows\System32\msasn1.dll
0x75B00000 \Windows\SysWOW64\normaliz.dll

Processes (total 59):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
468 csrss.exe
528 C:\Windows\System32\wininit.exe
552 csrss.exe
588 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\nvvsvc.exe
812 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\winlogon.exe
672 C:\Windows\System32\svchost.exe
668 WUDFHost.exe
1072 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\spoolsv.exe
1260 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1428 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1488 C:\Windows\System32\svchost.exe
1724 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1852 C:\Windows\System32\nvvsvc.exe
2036 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1044 C:\Windows\System32\svchost.exe
1484 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2080 C:\Program Files\Protector Suite\upeksvr.exe
2684 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
2968 C:\Windows\System32\taskhost.exe
3056 C:\Windows\System32\dwm.exe
1648 C:\Windows\explorer.exe
2616 C:\Windows\System32\rundll32.exe
2300 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2320 C:\Program Files\FSP\FspUip.exe
2372 C:\Program Files (x86)\Steam\Steam.exe
2580 C:\Program Files\Protector Suite\psqltray.exe
3548 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3556 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
3624 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
3720 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4052 C:\Windows\System32\SearchIndexer.exe
3732 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2360 C:\Program Files\Windows Media Player\wmpnetwk.exe
2716 C:\Windows\System32\svchost.exe
3804 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
4528 C:\Windows\System32\svchost.exe
3432 C:\Windows\System32\svchost.exe
3188 C:\Windows\System32\audiodg.exe
256 C:\Windows\SysWOW64\PnkBstrB.exe
1380 C:\Windows\SysWOW64\PnkBstrA.exe
4300 C:\Program Files (x86)\Safari\Safari.exe
2448 C:\Windows\servicing\TrustedInstaller.exe
4024 C:\Windows\System32\SearchProtocolHost.exe
2440 C:\Windows\System32\SearchFilterHost.exe
4984 C:\Users\Nic Lindenlaub\Desktop\MBRCheck.exe
1864 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0002SDM1
PhysicalDrive1 Model Number: ST9320423AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Broni · Dec 1, 2010

I can't run Combo fix because of my os it would seem

I apologize for that. My bad

MBRCheck log looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

MASH · Dec 2, 2010

OTL logfile created on: 12/1/2010 9:36:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nic Lindenlaub\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.89 Gb Total Space | 124.45 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.80 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: NICLINDENLAUB | User Name: Nic Lindenlaub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/30 21:10:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
PRC - [2010/08/23 18:56:02 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

========== Modules (SafeList) ==========

MOD - [2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/30 21:10:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/04 19:04:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/04/24 00:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 00:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 00:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 00:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 19:56:58 | 001,075,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/26 18:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/07/20 03:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/17 01:17:36 | 000,052,224 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
DRV:64bit: - [2009/06/10 13:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/04/25 13:54:58 | 000,055,328 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 65 89 2F 74 78 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 21:34:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
[2010/12/01 17:36:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/30 18:10:08 | 000,000,000 | ---D | C] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Malwarebytes
[2010/11/30 18:09:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/30 18:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/30 18:09:49 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/30 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/30 18:08:55 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nic Lindenlaub\Desktop\mbam-setup-1.50.0.0.exe
[2010/11/30 18:05:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\TFC.exe
[2010/11/08 15:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[4 C:\Users\Nic Lindenlaub\Documents\*.tmp files -> C:\Users\Nic Lindenlaub\Documents\*.tmp -> ]
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 20:11:07 | 000,268,560 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/12/01 20:11:07 | 000,268,560 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/01 20:09:27 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2010/12/01 17:20:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/30 21:10:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/30 18:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/30 18:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/30 18:13:15 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/30 18:13:15 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/30 18:13:15 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/30 18:09:52 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/30 18:07:43 | 3161,866,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 21:22:34 | 000,296,448 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\ysuri6tr.exe
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 16:15:40 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nic Lindenlaub\Desktop\mbam-setup-1.50.0.0.exe
[2010/11/26 22:50:02 | 000,630,272 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\dds.scr
[2010/11/12 12:41:33 | 000,449,728 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Acid rain.docx
[2010/11/11 15:11:22 | 000,014,769 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Present day activities.docx
[2010/11/11 15:01:13 | 000,000,162 | -H-- | M] () -- C:\Users\Nic Lindenlaub\Documents\~$esent day activities.docx
[2010/11/10 14:28:40 | 000,020,899 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Romeo and Juliet is a classic among classics.docx
[2010/11/10 12:07:40 | 000,000,209 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty United Offensive.url
[2010/11/09 22:01:19 | 000,000,192 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty.url
[2010/11/09 19:22:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/09 19:17:31 | 000,001,536 | ---- | M] () -- C:\Users\Nic Lindenlaub\AppData\Roaming\Sketchpad 5 Preferences.dat
[2010/11/08 21:25:24 | 000,000,194 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty 2.url
[2010/11/08 13:42:13 | 000,000,162 | -H-- | M] () -- C:\Users\Nic Lindenlaub\Documents\~$meo and Juliet is a classic among classics.docx
[2010/11/08 11:01:27 | 000,000,162 | -H-- | M] () -- C:\Users\Nic Lindenlaub\Documents\~$id rain.docx
[2010/11/06 13:16:57 | 000,012,562 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Band names.docx
[2010/11/06 11:17:31 | 000,007,286 | ---- | M] () -- C:\Users\Nic Lindenlaub\.recently-used.xbel
[2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
[4 C:\Users\Nic Lindenlaub\Documents\*.tmp files -> C:\Users\Nic Lindenlaub\Documents\*.tmp -> ]
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/01 17:31:20 | 000,080,384 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\MBRCheck.exe
[2010/11/30 18:37:36 | 000,630,272 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\dds.scr
[2010/11/30 18:13:15 | 000,296,448 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\ysuri6tr.exe
[2010/11/30 18:09:52 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/29 21:10:54 | 005,154,304 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\WindowsDefender.msi
[2010/11/11 15:01:13 | 000,000,162 | -H-- | C] () -- C:\Users\Nic Lindenlaub\Documents\~$esent day activities.docx
[2010/11/11 15:01:12 | 000,014,769 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Present day activities.docx
[2010/11/10 12:07:40 | 000,000,209 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty United Offensive.url
[2010/11/09 22:01:19 | 000,000,192 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty.url
[2010/11/09 19:22:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/08 21:25:24 | 000,000,194 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty 2.url
[2010/11/08 13:42:13 | 000,000,162 | -H-- | C] () -- C:\Users\Nic Lindenlaub\Documents\~$meo and Juliet is a classic among classics.docx
[2010/11/08 11:01:27 | 000,000,162 | -H-- | C] () -- C:\Users\Nic Lindenlaub\Documents\~$id rain.docx
[2010/11/06 13:16:57 | 000,012,562 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Band names.docx
[2010/11/06 11:17:31 | 000,007,286 | ---- | C] () -- C:\Users\Nic Lindenlaub\.recently-used.xbel
[2010/11/05 10:23:47 | 000,449,728 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Acid rain.docx
[2010/11/03 14:44:06 | 000,020,899 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Romeo and Juliet is a classic among classics.docx
[2010/09/10 11:39:24 | 000,001,536 | ---- | C] () -- C:\Users\Nic Lindenlaub\AppData\Roaming\Sketchpad 5 Preferences.dat
[2010/08/06 22:10:46 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/02 09:59:22 | 000,000,227 | ---- | C] () -- C:\Windows\OEM.ini
[2010/08/02 09:53:47 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/17 16:39:05 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\gtk-2.0
[2010/08/03 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Protector Suite
[2010/11/13 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\SoftGrid Client
[2010/08/06 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\TP
[2010/10/15 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Unity
[2010/10/31 09:03:24 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/30 18:07:43 | 3161,866,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/30 18:07:46 | 4215,824,384 | -HS- | M] () -- C:\pagefile.sys
[2010/08/02 09:49:20 | 000,001,993 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/03 17:31:55 | 000,000,221 | -HS- | M] () -- C:\Users\Nic Lindenlaub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/05/06 19:08:18 | 283,648,607 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\2010-04-24-bg2-1.5a-2.0-patch.exe
[2010/03/25 16:11:24 | 014,887,472 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Nic Lindenlaub\Desktop\amd_ccc_apple_8.43_br56378.exe
[2010/03/25 16:11:42 | 018,499,936 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Nic Lindenlaub\Desktop\amd_dd_apple_8.43_br56378.exe
[2010/03/18 11:28:48 | 000,118,784 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\DefaultBrowser.exe
[2010/05/22 10:07:42 | 030,095,877 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Fortress_Forever_2.41_Patch.exe
[2010/11/29 16:15:40 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nic Lindenlaub\Desktop\mbam-setup-1.50.0.0.exe
[2010/08/01 13:36:52 | 000,080,384 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\MBRCheck.exe
[2010/06/02 17:12:54 | 704,745,583 | ---- | M] (Obsidian Conflict Team ) -- C:\Users\Nic Lindenlaub\Desktop\oc-beta1.35_full.exe
[2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
[2010/07/17 20:46:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\TFC.exe
[2010/04/10 20:01:02 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Nic Lindenlaub\Desktop\utorrent.exe
[2010/11/29 21:22:34 | 000,296,448 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\ysuri6tr.exe
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/22 07:29:46 | 000,000,402 | -HS- | M] () -- C:\Users\Nic Lindenlaub\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 12/1/2010 9:36:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nic Lindenlaub\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.89 Gb Total Space | 124.45 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.80 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: NICLINDENLAUB | User Name: Nic Lindenlaub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BattlEye" = BattlEye Uninstall
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PunkBusterSvc" = PunkBuster Services
"Sketchpad" = Sketchpad
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 10090" = Call of Duty: World at War
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 1250" = Killing Floor
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 2620" = Call of Duty
"Steam App 2630" = Call of Duty 2
"Steam App 2640" = Call of Duty: United Offensive
"Steam App 33900" = ARMA 2
"Steam App 4000" = Garry's Mod
"Steam App 4560" = Company of Heroes
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 50" = Half-Life: Opposing Force
"Steam App 550" = Left 4 Dead 2
"Steam App 70" = Half-Life
"WinGimp-2.0_is1" = GIMP 2.6.10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineCodex" = OnlineCodex
"Third Age - Total War 2.0 (Part1of2)" = Third Age - Total War 2.0 (Part1of2)
"Third Age - Total War 2.0 (Part2of2)" = Third Age - Total War 2.0 (Part2of2)
"Third Age - Total War Patch 1.4" = Third Age - Total War Patch 1.4
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2010 1:44:38 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

Error - 11/8/2010 3:02:34 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 552: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/8/2010 7:18:36 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/9/2010 1:19:44 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 560: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/9/2010 5:57:51 PM | Computer Name = NicLindenlaub | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 11/10/2010 3:05:17 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/10/2010 9:10:18 PM | Computer Name = NicLindenlaub | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 11/11/2010 2:00:44 AM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 4:56:38 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/12/2010 2:00:20 AM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 508: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 11/11/2010 4:18:19 PM | Computer Name = NicLindenlaub | Source = bowser | ID = 8003
Description =

Error - 11/11/2010 5:50:52 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/11/2010 6:59:46 PM | Computer Name = NicLindenlaub | Source = bowser | ID = 8003
Description =

Error - 11/11/2010 8:55:43 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 4:01:15 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 4:03:40 PM | Computer Name = NicLindenlaub | Source = bowser | ID = 8003
Description =

Error - 11/12/2010 4:15:29 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 8:19:06 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 8:21:42 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 8:34:09 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

< End of report >

Broni · Dec 2, 2010

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

======================================================================

You don't have any AV program running.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

======================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
[4 C:\Users\Nic Lindenlaub\Documents\*.tmp files -> C:\Users\Nic Lindenlaub\Documents\*.tmp -> ]
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]
[2010/08/03 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Protector Suite


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

MASH · Dec 5, 2010

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus\ deleted successfully.
C:\Program Files\Protector Suite\psqlpwd.dll moved successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL0003.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL0734.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL1376.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL1595.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Desktop\~WRL1198.tmp deleted successfully.
C:\Users\Nic Lindenlaub\AppData\Roaming\Protector Suite folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nic Lindenlaub
->Temp folder emptied: 82342611 bytes
->Temporary Internet Files folder emptied: 870515 bytes
->Java cache emptied: 2040 bytes
->Apple Safari cache emptied: 1131520 bytes
->Flash cache emptied: 2055 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4011604 bytes

Total Files Cleaned = 84.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nic Lindenlaub
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12052010_162611

Files\Folders moved on Reboot...
C:\Users\Nic Lindenlaub\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 05 16:13:16 2010

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

Broni · Dec 5, 2010

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

Broni · Dec 11, 2010

Are you still out there?

Broni · Dec 17, 2010

The issue seems to be resolved....

TechSpot

[Solved] Malware blocking internet and antivirus software on Win 7

MASH Newcomer, in training

Broni Malware Annihilator

MASH Newcomer, in training

Broni Malware Annihilator

MASH Newcomer, in training

Broni Malware Annihilator

Broni Malware Annihilator

Broni Malware Annihilator