Solved Malware blocking internet and antivirus software on Win 7

Status
Not open for further replies.
OK, so....using another working computer, you created new OTLPE CD and while booting bad computer with it, you got BSOD.
Am I correct?
 
OK, using very same CD, boot the good computer from it.
See, if you can reach REATOGO-X-PE desktop without any errors.
 
Unfortunately the disk works fine on the non infected computer, I get to the REATOGO-X-PE desktop without any problems. Does this mean the malware on my computer is deliberately blocking booting from disk?
 
That's not possible, because when you're booting from the CD, no files on your hard drive are active.
Another possibility would be some problem with your CD drive.

Is your bad computer bootable at all?
 
The CD drive is fine (I should know considering the amount of things I run or used to I suppose...) and last I checked it does boot albeit with the virus present. I think I'm going to try and use the disc once more tomorrow evening. Perhaps it was only a fluke,
 
Same blue screen error.....tried twice.
So if this is not the malware directly is it possible the virus corrupted the hard drive in some way to make this message appear?
 
As I said before, when you boot from the CD, hard drive is out of the picture and it's not involved.

Do you have any other bootable disks, like Windows 7 DVD, or recovery DVD?
If so, you can try to boot from them and see, if it'll boot.
 
One more thing to report. I've booted the infected computer normaly, and have yet to be swamped with any pop up messages. Interestingly I no longer get the fake internet explorer warning on safari and instead recive "There was a problem communicating with web proxy server (HTTP) ." (CFURL)ErrorDomain:306)

My connection to steam is fine in all things but the store and other web pages.

I do remember restoring function to my computer after deleting something or stopping a proxy last time around, if only the internet. This did come from the windows team who really shot me in the foot last time so I'm not doing anything with out your approval.
 
I can run my anti virus!
Great day finally!
I'll be fallowing the rest of your advice now, many thanks. Lets hope I never need to post under these circumstances in this thread again. Thank you for your help once again.
 
You're very welcome
smiley_says_hello.gif
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2010 5:21:22 PM
System Uptime: 11/30/2010 6:07:37 PM (0 hours ago)

Motherboard: CLEVO CO. | | W870CU
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 124.809 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 297.801 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP69: 11/10/2010 7:45:39 PM - Scheduled Checkpoint
RP70: 11/12/2010 12:05:05 PM - Windows Update
RP71: 11/12/2010 4:25:31 PM - Windows Update
RP72: 11/29/2010 9:07:54 PM - Windows Update
RP74: 11/29/2010 10:30:00 PM - Windows Defender Checkpoint
RP75: 11/30/2010 3:00:11 AM - Windows Update
RP76: 11/30/2010 5:42:10 AM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Apple Application Support
Apple Software Update
ARMA 2
Battlefield: Bad Company 2
BattlEye Uninstall
BisonCam
Call of Duty
Call of Duty 2
Call of Duty: United Offensive
Call of Duty: World at War
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Company of Heroes
Company of Heroes: Tales of Valor
Counter-Strike: Source Beta
CyberLink DVD Suite
CyberLink Power2Go
CyberLink PowerDVD 8
Garry's Mod
GIMP 2.6.10
Half-Life
Half-Life: Blue Shift
Half-Life: Opposing Force
Intel(R) Control Center
Intel(R) Rapid Storage Technology
ITECIR
Java Auto Updater
Java(TM) 6 Update 21
JMicron 1394 Filter Driver
JMicron JMB38X Flash Media Controller
Killing Floor
Left 4 Dead 2
Malwarebytes' Anti-Malware
Medieval II: Total War
Medieval II: Total War Kingdoms
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
NVIDIA PhysX
OnlineCodex
PunkBuster Services
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Red Orchestra: Ostfront 41-45
Rome: Total War Gold Edition
Safari
Sketchpad
Starcraft
StarCraft II
Steam
Third Age - Total War 2.0 (Part1of2)
Third Age - Total War 2.0 (Part2of2)
Third Age - Total War Patch 1.4
TrackIR5
Unity Web Player

==== Event Viewer Messages From Past Week ========

11/30/2010 6:07:44 PM, Error: rtl8192se [0] -
11/30/2010 6:05:28 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================



DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by (Edited out for privacy) at 18:37:38.17 on Tue 11/30/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4021.2688 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nic Lindenlaub\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:23012
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [fspuip] "C:\Program Files\FSP\fspuip.exe"
mRun-x64: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-2 13336]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R3 fspad_wlh64;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\Windows\System32\drivers\fspad_wlh64.sys [2009-10-12 52224]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-7-13 69736]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-2 1075712]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2009-10-12 20392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-10-12 140712]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 npusbio;npusbio;C:\Windows\System32\drivers\npusbio_x64.sys [2010-10-6 55328]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-2 215040]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-22 1255736]

=============== Created Last 30 ================

2010-12-01 02:10:08 -------- d-----w- C:\Users\NICLIN~1\AppData\Roaming\Malwarebytes
2010-12-01 02:09:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-01 02:09:52 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-01 02:09:49 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-01 02:09:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-30 13:42:19 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{656DD313-CDE9-4E99-AB71-1E1653446E0A}\mpengine.dll
2010-11-30 05:07:53 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-30 05:07:53 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-11-30 05:06:00 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-11-30 05:06:00 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-17 20:38:13 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-09-17 20:38:13 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 18:37:48.48 ===============


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-30 18:36:32
Windows 6.1.7600
Running: ysuri6tr.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c7b531c3f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c7b531c3f (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5221

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/30/2010 6:12:00 PM
mbam-log-2010-11-30 (18-12-00).txt

Scan type: Quick scan
Objects scanned: 150729
Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As a side note I still can't get on the internet and receive the same,apparently legitimate, message I mentioned a post or two up. Any idea what I should do?
 
Looks good, so far :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I can't run Combo fix because of my os it would seem. I consitantly get an incompatable OS message. Will Rkill fix this? I was not quite sure after reading your post.
In the mean while here's the scan.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: CLEVO CO.
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: CLEVO CO.
System Product Name: W870CU
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 196):
0x02C0C000 \SystemRoot\system32\ntoskrnl.exe
0x031E8000 \SystemRoot\system32\hal.dll
0x00BCF000 \SystemRoot\system32\kdcom.dll
0x00CCA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0E000 \SystemRoot\system32\PSHED.dll
0x00D22000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E50000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F03000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F5A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F63000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F6D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FA0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FAD000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FD7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D80000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01295000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0129E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012C8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012D3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012E3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012EE000 \SystemRoot\system32\drivers\fltmgr.sys
0x0133A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0144E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0134E000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01665000 \SystemRoot\system32\drivers\ndis.sys
0x01757000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B7000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x013AC000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164A000 \SystemRoot\System32\Drivers\spldr.sys
0x01AFB000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B35000 \SystemRoot\System32\Drivers\mup.sys
0x01B50000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B59000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B93000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042BE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x042E8000 \SystemRoot\System32\Drivers\Null.SYS
0x042F1000 \SystemRoot\System32\Drivers\Beep.SYS
0x042F8000 \SystemRoot\System32\drivers\vga.sys
0x04306000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0432B000 \SystemRoot\System32\drivers\watchdog.sys
0x0433B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04344000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0434D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04356000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04361000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04372000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04390000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04000000 \SystemRoot\system32\drivers\afd.sys
0x0439D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043E2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01A00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0408A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01A26000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01A41000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01A55000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01AA6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01AB2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01ABD000 \SystemRoot\System32\drivers\discache.sys
0x01ACC000 \SystemRoot\System32\Drivers\dfsc.sys
0x01AEA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00E1A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A10000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0553D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02EC5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02FB9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E11000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02E67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x044BC000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x045E3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04451000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x04480000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04485000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x044A3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02E8B000 \SystemRoot\system32\DRIVERS\fspad_wlh64.sys
0x045F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0553F000 \SystemRoot\system32\DRIVERS\itecir.sys
0x044B2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02E9D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02EB3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x055A1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x055B7000 \SystemRoot\system32\DRIVERS\bridge.sys
0x055D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04612000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04641000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0465C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0467D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04697000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04699000 \SystemRoot\system32\DRIVERS\ks.sys
0x046DC000 \SystemRoot\system32\DRIVERS\circlass.sys
0x046EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04700000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0475A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0681C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0476F000 \SystemRoot\system32\drivers\portcls.sys
0x047AC000 \SystemRoot\system32\drivers\drmk.sys
0x06800000 \SystemRoot\system32\drivers\ksthunk.sys
0x06A5D000 \SystemRoot\system32\DRIVERS\SmSerl64.sys
0x06B97000 \SystemRoot\system32\drivers\modem.sys
0x06BA6000 \SystemRoot\system32\DRIVERS\hidir.sys
0x06BB7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06BD0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06BD9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06BE7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x06BF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x06A00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040A0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06A0E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x06A2F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06A4C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047CE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00DDC000 \SystemRoot\system32\drivers\luafv.sys
0x06A4E000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x03CED000 \SystemRoot\system32\drivers\WudfPf.sys
0x03D0E000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x03D1F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03D50000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03D65000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03DB8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03C00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x070A0000 \SystemRoot\system32\drivers\HTTP.sys
0x07168000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07186000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0719E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0704E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03C36000 \SystemRoot\system32\drivers\peauth.sys
0x07071000 \SystemRoot\System32\Drivers\secdrv.SYS
0x076B9000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x07770000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x077BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x077EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C0C000 \SystemRoot\System32\DRIVERS\srv.sys
0x07CA2000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x07DA2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x07CD4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x779B0000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0xFFCD0000 \Windows\System32\apisetschema.dll
0xFFFF0000 \Windows\System32\autochk.exe
0xFEF30000 \Windows\System32\shell32.dll
0xFED50000 \Windows\System32\setupapi.dll
0xFEC70000 \Windows\System32\oleaut32.dll
0xFEBD0000 \Windows\System32\msvcrt.dll
0xFEB50000 \Windows\System32\difxapi.dll
0xFE8F0000 \Windows\System32\iertutil.dll
0xFE870000 \Windows\System32\shlwapi.dll
0xFE850000 \Windows\System32\imagehlp.dll
0x77890000 \Windows\System32\kernel32.dll
0xFE6D0000 \Windows\System32\urlmon.dll
0xFE4C0000 \Windows\System32\ole32.dll
0xFE450000 \Windows\System32\gdi32.dll
0xFE440000 \Windows\System32\lpk.dll
0xFE410000 \Windows\System32\imm32.dll
0xFE370000 \Windows\System32\comdlg32.dll
0xFE290000 \Windows\System32\advapi32.dll
0x77B80000 \Windows\System32\psapi.dll
0xFE180000 \Windows\System32\msctf.dll
0xFE0E0000 \Windows\System32\clbcatq.dll
0x77B70000 \Windows\System32\normaliz.dll
0xFE0D0000 \Windows\System32\nsi.dll
0xFDFA0000 \Windows\System32\wininet.dll
0xFDED0000 \Windows\System32\usp10.dll
0xFDE80000 \Windows\System32\ws2_32.dll
0xFDE60000 \Windows\System32\sechost.dll
0xFDE10000 \Windows\System32\Wldap32.dll
0xFDCE0000 \Windows\System32\rpcrt4.dll
0x77790000 \Windows\System32\user32.dll
0xFDC70000 \Windows\System32\KernelBase.dll
0xFDBD0000 \Windows\System32\comctl32.dll
0xFDBB0000 \Windows\System32\devobj.dll
0xFDB70000 \Windows\System32\cfgmgr32.dll
0xFDB30000 \Windows\System32\wintrust.dll
0xFD9C0000 \Windows\System32\crypt32.dll
0xFD9B0000 \Windows\System32\msasn1.dll
0x75B00000 \Windows\SysWOW64\normaliz.dll

Processes (total 59):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
468 csrss.exe
528 C:\Windows\System32\wininit.exe
552 csrss.exe
588 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\nvvsvc.exe
812 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\winlogon.exe
672 C:\Windows\System32\svchost.exe
668 WUDFHost.exe
1072 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\spoolsv.exe
1260 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1428 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1488 C:\Windows\System32\svchost.exe
1724 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1852 C:\Windows\System32\nvvsvc.exe
2036 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1044 C:\Windows\System32\svchost.exe
1484 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2080 C:\Program Files\Protector Suite\upeksvr.exe
2684 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
2968 C:\Windows\System32\taskhost.exe
3056 C:\Windows\System32\dwm.exe
1648 C:\Windows\explorer.exe
2616 C:\Windows\System32\rundll32.exe
2300 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2320 C:\Program Files\FSP\FspUip.exe
2372 C:\Program Files (x86)\Steam\Steam.exe
2580 C:\Program Files\Protector Suite\psqltray.exe
3548 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3556 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
3624 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
3720 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4052 C:\Windows\System32\SearchIndexer.exe
3732 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2360 C:\Program Files\Windows Media Player\wmpnetwk.exe
2716 C:\Windows\System32\svchost.exe
3804 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
4528 C:\Windows\System32\svchost.exe
3432 C:\Windows\System32\svchost.exe
3188 C:\Windows\System32\audiodg.exe
256 C:\Windows\SysWOW64\PnkBstrB.exe
1380 C:\Windows\SysWOW64\PnkBstrA.exe
4300 C:\Program Files (x86)\Safari\Safari.exe
2448 C:\Windows\servicing\TrustedInstaller.exe
4024 C:\Windows\System32\SearchProtocolHost.exe
2440 C:\Windows\System32\SearchFilterHost.exe
4984 C:\Users\Nic Lindenlaub\Desktop\MBRCheck.exe
1864 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0002SDM1
PhysicalDrive1 Model Number: ST9320423AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
I can't run Combo fix because of my os it would seem
Click to expand...
I apologize for that. My bad :)

MBRCheck log looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 12/1/2010 9:36:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nic Lindenlaub\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.89 Gb Total Space | 124.45 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.80 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: NICLINDENLAUB | User Name: Nic Lindenlaub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/30 21:10:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
PRC - [2010/08/23 18:56:02 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/30 21:10:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/04 19:04:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/04/24 00:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 00:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 00:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 00:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 19:56:58 | 001,075,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/26 18:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/07/20 03:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/17 01:17:36 | 000,052,224 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
DRV:64bit: - [2009/06/10 13:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/04/25 13:54:58 | 000,055,328 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 65 89 2F 74 78 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012



O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 21:34:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
[2010/12/01 17:36:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/30 18:10:08 | 000,000,000 | ---D | C] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Malwarebytes
[2010/11/30 18:09:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/30 18:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/30 18:09:49 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/30 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/30 18:08:55 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nic Lindenlaub\Desktop\mbam-setup-1.50.0.0.exe
[2010/11/30 18:05:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\TFC.exe
[2010/11/08 15:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[4 C:\Users\Nic Lindenlaub\Documents\*.tmp files -> C:\Users\Nic Lindenlaub\Documents\*.tmp -> ]
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 20:11:07 | 000,268,560 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/12/01 20:11:07 | 000,268,560 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/01 20:09:27 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2010/12/01 17:20:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/30 21:10:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/30 18:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/30 18:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/30 18:13:15 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/30 18:13:15 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/30 18:13:15 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/30 18:09:52 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/30 18:07:43 | 3161,866,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 21:22:34 | 000,296,448 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\ysuri6tr.exe
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 16:15:40 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nic Lindenlaub\Desktop\mbam-setup-1.50.0.0.exe
[2010/11/26 22:50:02 | 000,630,272 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\dds.scr
[2010/11/12 12:41:33 | 000,449,728 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Acid rain.docx
[2010/11/11 15:11:22 | 000,014,769 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Present day activities.docx
[2010/11/11 15:01:13 | 000,000,162 | -H-- | M] () -- C:\Users\Nic Lindenlaub\Documents\~$esent day activities.docx
[2010/11/10 14:28:40 | 000,020,899 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Romeo and Juliet is a classic among classics.docx
[2010/11/10 12:07:40 | 000,000,209 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty United Offensive.url
[2010/11/09 22:01:19 | 000,000,192 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty.url
[2010/11/09 19:22:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/09 19:17:31 | 000,001,536 | ---- | M] () -- C:\Users\Nic Lindenlaub\AppData\Roaming\Sketchpad 5 Preferences.dat
[2010/11/08 21:25:24 | 000,000,194 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty 2.url
[2010/11/08 13:42:13 | 000,000,162 | -H-- | M] () -- C:\Users\Nic Lindenlaub\Documents\~$meo and Juliet is a classic among classics.docx
[2010/11/08 11:01:27 | 000,000,162 | -H-- | M] () -- C:\Users\Nic Lindenlaub\Documents\~$id rain.docx
[2010/11/06 13:16:57 | 000,012,562 | ---- | M] () -- C:\Users\Nic Lindenlaub\Documents\Band names.docx
[2010/11/06 11:17:31 | 000,007,286 | ---- | M] () -- C:\Users\Nic Lindenlaub\.recently-used.xbel
[2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
[4 C:\Users\Nic Lindenlaub\Documents\*.tmp files -> C:\Users\Nic Lindenlaub\Documents\*.tmp -> ]
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/01 17:31:20 | 000,080,384 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\MBRCheck.exe
[2010/11/30 18:37:36 | 000,630,272 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\dds.scr
[2010/11/30 18:13:15 | 000,296,448 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\ysuri6tr.exe
[2010/11/30 18:09:52 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/29 21:10:54 | 005,154,304 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\WindowsDefender.msi
[2010/11/11 15:01:13 | 000,000,162 | -H-- | C] () -- C:\Users\Nic Lindenlaub\Documents\~$esent day activities.docx
[2010/11/11 15:01:12 | 000,014,769 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Present day activities.docx
[2010/11/10 12:07:40 | 000,000,209 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty United Offensive.url
[2010/11/09 22:01:19 | 000,000,192 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty.url
[2010/11/09 19:22:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/08 21:25:24 | 000,000,194 | ---- | C] () -- C:\Users\Nic Lindenlaub\Desktop\Call of Duty 2.url
[2010/11/08 13:42:13 | 000,000,162 | -H-- | C] () -- C:\Users\Nic Lindenlaub\Documents\~$meo and Juliet is a classic among classics.docx
[2010/11/08 11:01:27 | 000,000,162 | -H-- | C] () -- C:\Users\Nic Lindenlaub\Documents\~$id rain.docx
[2010/11/06 13:16:57 | 000,012,562 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Band names.docx
[2010/11/06 11:17:31 | 000,007,286 | ---- | C] () -- C:\Users\Nic Lindenlaub\.recently-used.xbel
[2010/11/05 10:23:47 | 000,449,728 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Acid rain.docx
[2010/11/03 14:44:06 | 000,020,899 | ---- | C] () -- C:\Users\Nic Lindenlaub\Documents\Romeo and Juliet is a classic among classics.docx
[2010/09/10 11:39:24 | 000,001,536 | ---- | C] () -- C:\Users\Nic Lindenlaub\AppData\Roaming\Sketchpad 5 Preferences.dat
[2010/08/06 22:10:46 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/02 09:59:22 | 000,000,227 | ---- | C] () -- C:\Windows\OEM.ini
[2010/08/02 09:53:47 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/17 16:39:05 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\gtk-2.0
[2010/08/03 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Protector Suite
[2010/11/13 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\SoftGrid Client
[2010/08/06 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\TP
[2010/10/15 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Unity
[2010/10/31 09:03:24 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/30 18:07:43 | 3161,866,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/30 18:07:46 | 4215,824,384 | -HS- | M] () -- C:\pagefile.sys
[2010/08/02 09:49:20 | 000,001,993 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/03 17:31:55 | 000,000,221 | -HS- | M] () -- C:\Users\Nic Lindenlaub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/05/06 19:08:18 | 283,648,607 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\2010-04-24-bg2-1.5a-2.0-patch.exe
[2010/03/25 16:11:24 | 014,887,472 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Nic Lindenlaub\Desktop\amd_ccc_apple_8.43_br56378.exe
[2010/03/25 16:11:42 | 018,499,936 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Nic Lindenlaub\Desktop\amd_dd_apple_8.43_br56378.exe
[2010/03/18 11:28:48 | 000,118,784 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\DefaultBrowser.exe
[2010/05/22 10:07:42 | 030,095,877 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\Fortress_Forever_2.41_Patch.exe
[2010/11/29 16:15:40 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nic Lindenlaub\Desktop\mbam-setup-1.50.0.0.exe
[2010/08/01 13:36:52 | 000,080,384 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\MBRCheck.exe
[2010/06/02 17:12:54 | 704,745,583 | ---- | M] (Obsidian Conflict Team ) -- C:\Users\Nic Lindenlaub\Desktop\oc-beta1.35_full.exe
[2010/11/05 13:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\OTL.exe
[2010/07/17 20:46:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nic Lindenlaub\Desktop\TFC.exe
[2010/04/10 20:01:02 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Nic Lindenlaub\Desktop\utorrent.exe
[2010/11/29 21:22:34 | 000,296,448 | ---- | M] () -- C:\Users\Nic Lindenlaub\Desktop\ysuri6tr.exe
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/22 07:29:46 | 000,000,402 | -HS- | M] () -- C:\Users\Nic Lindenlaub\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >


OTL Extras logfile created on: 12/1/2010 9:36:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nic Lindenlaub\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.89 Gb Total Space | 124.45 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.80 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: NICLINDENLAUB | User Name: Nic Lindenlaub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BattlEye" = BattlEye Uninstall
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PunkBusterSvc" = PunkBuster Services
"Sketchpad" = Sketchpad
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 10090" = Call of Duty: World at War
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 1250" = Killing Floor
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 2620" = Call of Duty
"Steam App 2630" = Call of Duty 2
"Steam App 2640" = Call of Duty: United Offensive
"Steam App 33900" = ARMA 2
"Steam App 4000" = Garry's Mod
"Steam App 4560" = Company of Heroes
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 50" = Half-Life: Opposing Force
"Steam App 550" = Left 4 Dead 2
"Steam App 70" = Half-Life
"WinGimp-2.0_is1" = GIMP 2.6.10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineCodex" = OnlineCodex
"Third Age - Total War 2.0 (Part1of2)" = Third Age - Total War 2.0 (Part1of2)
"Third Age - Total War 2.0 (Part2of2)" = Third Age - Total War 2.0 (Part2of2)
"Third Age - Total War Patch 1.4" = Third Age - Total War Patch 1.4
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2010 1:44:38 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

Error - 11/8/2010 3:02:34 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 552: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/8/2010 7:18:36 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/9/2010 1:19:44 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 560: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/9/2010 5:57:51 PM | Computer Name = NicLindenlaub | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 11/10/2010 3:05:17 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/10/2010 9:10:18 PM | Computer Name = NicLindenlaub | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 11/11/2010 2:00:44 AM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 4:56:38 PM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/12/2010 2:00:20 AM | Computer Name = NicLindenlaub | Source = Bonjour Service | ID = 100
Description = 508: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 11/11/2010 4:18:19 PM | Computer Name = NicLindenlaub | Source = bowser | ID = 8003
Description =

Error - 11/11/2010 5:50:52 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/11/2010 6:59:46 PM | Computer Name = NicLindenlaub | Source = bowser | ID = 8003
Description =

Error - 11/11/2010 8:55:43 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 4:01:15 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 4:03:40 PM | Computer Name = NicLindenlaub | Source = bowser | ID = 8003
Description =

Error - 11/12/2010 4:15:29 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 8:19:06 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 8:21:42 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =

Error - 11/12/2010 8:34:09 PM | Computer Name = NicLindenlaub | Source = rtl8192se | ID = 0
Description =


< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

You don't have any AV program running.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
[4 C:\Users\Nic Lindenlaub\Documents\*.tmp files -> C:\Users\Nic Lindenlaub\Documents\*.tmp -> ]
[1 C:\Users\Nic Lindenlaub\Desktop\*.tmp files -> C:\Users\Nic Lindenlaub\Desktop\*.tmp -> ]
[2010/08/03 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Nic Lindenlaub\AppData\Roaming\Protector Suite


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus\ deleted successfully.
C:\Program Files\Protector Suite\psqlpwd.dll moved successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL0003.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL0734.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL1376.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Documents\~WRL1595.tmp deleted successfully.
C:\Users\Nic Lindenlaub\Desktop\~WRL1198.tmp deleted successfully.
C:\Users\Nic Lindenlaub\AppData\Roaming\Protector Suite folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nic Lindenlaub
->Temp folder emptied: 82342611 bytes
->Temporary Internet Files folder emptied: 870515 bytes
->Java cache emptied: 2040 bytes
->Apple Safari cache emptied: 1131520 bytes
->Flash cache emptied: 2055 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4011604 bytes

Total Files Cleaned = 84.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nic Lindenlaub
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12052010_162611

Files\Folders moved on Reboot...
C:\Users\Nic Lindenlaub\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 05 16:13:16 2010

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
475
eriksnyman1
E
losdavos
Malware removal help, please and thank you!
Replies
1
Views
826
losdavos
losdavos
midian182
  • Locked
The MPA plans to collaborate with Congress on piracy website-blocking legislation
2
Replies
35
Views
409
Squid Surprise
Squid Surprise

Latest posts

Back