Solved Malware causing random ie popups, search redirects, sound files playing, etc..

Good news :)

Do you have any active AV program?
I can see some Radialpoint Frontier Security Services and AVG leftovers...
 
I have a security suite from Frontier, my internet provider, as well as Malwarebytes. I also had Microsoft Security Essentials, but had to remove it bc it was getting in the way of CF. I had AVG but got rid of it because of my frontier AV... I have still seen a couple AVG processes from time to time but didn't know how to get rid of them.
 
I ran the remover and it asked for a restart. Did that, and my Frontier seemed to be operating normally, so I didn't uninstall and reinstall since I wasn't too sure if thats what you wanted. Ran OTL after the Restart, the log is below:

OTL logfile created on: 11/11/2011 3:30:14 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 49.83% Memory free
5.71 Gb Paging File | 4.23 Gb Available in Paging File | 74.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.09 Gb Total Space | 114.72 Gb Free Space | 40.24% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/20 15:00:02 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Frontier\Servicepoint\ServicepointService.exe
PRC - [2011/01/20 14:59:58 | 004,318,520 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Servicepoint\FrontierServicepoint.exe
PRC - [2011/01/20 14:59:58 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Frontier\Servicepoint\FrontierServicepointComHandler.exe
PRC - [2010/12/18 00:06:32 | 000,378,160 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\RPS.exe
PRC - [2010/12/18 00:06:32 | 000,167,016 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe
PRC - [2010/12/18 00:05:34 | 000,382,280 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\Fws.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 13:25:32 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/20 14:51:08 | 000,158,208 | ---- | M] () -- C:\Program Files\Frontier\Servicepoint\Windows7Features.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/20 15:00:02 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Frontier\Servicepoint\ServicepointService.exe -- (ServicepointService)
SRV - [2010/12/18 00:06:32 | 000,167,016 | ---- | M] (Frontier) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/12/18 00:05:34 | 000,382,280 | ---- | M] (Frontier) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\Fws.exe -- (RP_FWS)
SRV - [2010/07/20 11:23:18 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\scan.dll -- (scan)
SRV - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 11:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 11:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/27 12:38:04 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2009/11/26 08:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 08:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 14:27:00 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 14:27:00 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 14:27:00 | 000,027,800 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/10/23 12:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/02/03 10:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008/08/13 17:14:34 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/11 13:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/07/23 09:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 11:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2007/02/08 12:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/07/10 11:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/06/14 09:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 40 EC 31 9D A0 CC 01 [binary data]
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Frontier\Servicepoint\nprpspa.dll (Frontier)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/03/13 21:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions
[2009/09/04 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/03/13 21:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 20:18:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/05 13:02:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/11/11 13:03:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776B2AAC-54DD-4B4A-9919-42C18115253D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (pdboot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 13:43:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/11/11 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\temp
[2011/11/11 13:03:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/11 12:13:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/11 11:50:28 | 000,000,000 | ---D | C] -- C:\kylel6361k
[2011/11/11 09:46:05 | 000,000,000 | ---D | C] -- C:\kylel
[2011/11/11 09:33:18 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
[2011/11/11 09:32:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
[2011/11/10 23:59:23 | 004,289,973 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
[2011/11/10 22:52:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/10 22:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/10 22:51:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/10 22:40:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/10 22:32:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/10 22:27:12 | 009,130,808 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Kyle\Desktop\AppRemover.exe.3wa5vbk.partial
[2011/11/10 21:20:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
[2011/11/10 20:36:38 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/11/10 13:27:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2011/11/10 06:25:14 | 000,000,000 | R-SD | C] -- C:\Users\Kyle\Documents\My Stationery
[2011/11/09 17:54:04 | 000,065,808 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/11/09 17:53:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\RootkitBuster_5.00.1041
[2011/11/09 16:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/11/09 16:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/11/09 15:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/09 14:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AML Free Registry Cleaner
[2011/11/09 14:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\AML Products
[2011/11/09 14:38:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/11/09 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/11/09 13:49:41 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/11/09 09:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/09 09:48:56 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/05 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Conduit
[2011/11/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\WoW+Gametime+Card+Generator+v2
[2011/11/02 17:34:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\IEP
[2011/10/17 12:41:33 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Flip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 15:32:00 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000UA.job
[2011/11/11 15:31:55 | 000,605,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/11 15:31:55 | 000,104,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/11 15:25:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 15:25:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 15:25:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/11/11 13:03:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/11 11:40:26 | 004,289,973 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
[2011/11/11 10:22:53 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/11/11 09:33:18 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
[2011/11/11 09:32:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
[2011/11/10 23:57:48 | 001,008,092 | ---- | M] () -- C:\Users\Kyle\Desktop\rkill.scr
[2011/11/10 22:40:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/10 22:29:01 | 000,006,749 | ---- | M] () -- C:\Users\Kyle\Desktop\latest.rtf
[2011/11/10 22:27:31 | 009,130,808 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Kyle\Desktop\AppRemover.exe.3wa5vbk.partial
[2011/11/10 21:46:11 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kyle\Desktop\boot_cleaner.exe
[2011/11/10 21:20:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
[2011/11/10 20:36:38 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/11/10 13:27:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2011/11/10 13:26:40 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
[2011/11/10 13:26:19 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\vihmwieo.exe.5vki4ku.partial
[2011/11/10 08:56:21 | 000,000,626 | ---- | M] () -- C:\Users\Kyle\Desktop\World of Warcraft - Shortcut.lnk
[2011/11/10 08:32:19 | 000,001,356 | ---- | M] () -- C:\Users\Kyle\AppData\Local\d3d9caps.dat
[2011/11/10 05:32:01 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000Core.job
[2011/11/09 17:54:39 | 000,065,808 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/11/09 16:35:21 | 000,001,339 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/09 16:19:35 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/11/09 15:36:53 | 002,345,954 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/09 15:07:17 | 003,655,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 14:39:59 | 000,000,977 | ---- | M] () -- C:\Users\Kyle\Desktop\AML Free Registry Cleaner.lnk
[2011/11/09 13:59:45 | 000,305,152 | ---- | M] () -- C:\Users\Kyle\Documents\windiag.iso
[2011/11/09 12:08:35 | 000,000,911 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/11/09 09:48:59 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 09:28:30 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6o
[2011/11/09 09:28:30 | 000,000,224 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6or
[2011/11/09 09:28:26 | 000,000,344 | ---- | M] () -- C:\ProgramData\1QrzVQxl0OlX6o
[2011/11/07 18:35:57 | 000,000,000 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/11/07 12:39:32 | 000,136,704 | ---- | M] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 17:32:26 | 000,000,064 | -H-- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/11/05 17:32:26 | 000,000,044 | -H-- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/11/05 17:27:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/10/20 13:03:56 | 000,002,569 | ---- | M] () -- C:\Users\Kyle\Desktop\Microsoft Office Word 2003.lnk
[2011/10/17 13:47:47 | 000,000,279 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\burnaware.ini
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/10/15 03:53:00 | 000,004,359 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/11 10:22:53 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/11/10 23:57:47 | 001,008,092 | ---- | C] () -- C:\Users\Kyle\Desktop\rkill.scr
[2011/11/10 22:52:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/10 22:52:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/10 22:52:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/10 22:52:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/10 22:52:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/10 22:29:01 | 000,006,749 | ---- | C] () -- C:\Users\Kyle\Desktop\latest.rtf
[2011/11/10 13:26:40 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
[2011/11/10 13:26:18 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\vihmwieo.exe.5vki4ku.partial
[2011/11/10 08:56:21 | 000,000,626 | ---- | C] () -- C:\Users\Kyle\Desktop\World of Warcraft - Shortcut.lnk
[2011/11/09 16:17:57 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/11/09 15:35:48 | 002,345,954 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/09 14:39:59 | 000,000,977 | ---- | C] () -- C:\Users\Kyle\Desktop\AML Free Registry Cleaner.lnk
[2011/11/09 13:59:45 | 000,305,152 | ---- | C] () -- C:\Users\Kyle\Documents\windiag.iso
[2011/11/09 12:08:35 | 000,000,911 | ---- | C] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/11/09 09:48:59 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 09:28:30 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1QrzVQxl0OlX6or
[2011/11/09 09:28:29 | 000,000,304 | ---- | C] () -- C:\ProgramData\~1QrzVQxl0OlX6o
[2011/11/09 09:28:26 | 000,000,344 | ---- | C] () -- C:\ProgramData\1QrzVQxl0OlX6o
[2011/11/07 18:35:57 | 000,000,000 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/10/17 13:25:11 | 000,000,279 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\burnaware.ini
[2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
[2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\ProgramData\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
[2011/08/13 19:48:35 | 000,000,064 | -H-- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/13 19:48:35 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/08 13:03:11 | 000,000,304 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/08/08 12:59:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\ProgramData\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\xmfu.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qunm.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qmev.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\demo.exe
[2011/06/20 20:18:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/18 10:45:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\lnyr821l053312
[2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\ProgramData\lnyr821l053312
[2010/07/09 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/07 12:16:51 | 000,069,632 | RH-- | C] () -- C:\Windows\System32\xmltok.dll
[2010/01/07 12:16:51 | 000,036,864 | RH-- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/11/09 17:06:44 | 000,001,339 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/02 16:01:00 | 000,001,609 | ---- | C] () -- C:\Windows\dhstatus.dat
[2009/11/02 15:40:38 | 000,001,561 | ---- | C] () -- C:\Windows\checkip.dat
[2009/10/21 12:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/09/29 11:40:41 | 000,001,356 | ---- | C] () -- C:\Users\Kyle\AppData\Local\d3d9caps.dat
[2009/09/24 02:05:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 02:05:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/01 12:18:05 | 000,568,850 | -H-- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/09/01 12:18:04 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/01 12:18:04 | 000,856,064 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/01 12:18:04 | 000,217,088 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/01 12:10:29 | 000,136,704 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 13:00:22 | 000,021,504 | -H-- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 13:00:21 | 000,185,344 | -H-- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/29 03:34:26 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2009/04/02 01:14:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 21:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,655,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,605,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,342 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/10 07:15:04 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Absolute Poker
[2011/06/28 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AnvSoft
[2010/10/17 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVG10
[2011/05/26 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/16 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/27 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Frontier
[2010/07/05 15:12:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Ideazon
[2009/09/03 09:46:18 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MusicNet
[2011/11/09 15:01:32 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\uTorrent
[2011/11/11 15:24:09 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

I noticed the Absolute Poker thing towards the end. I have tried removing it through the Control Panel/Programs and Features. It always tells me it works but I still have little bits of it on my comp... Any ideas on this?
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
[2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\ProgramData\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
[2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\ProgramData\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\xmfu.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qunm.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qmev.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\demo.exe
[2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\lnyr821l053312
[2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\ProgramData\lnyr821l053312
[2010/10/17 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVG10
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
[2011/11/10 07:15:04 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Absolute Poker

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I tried the link to update my java. When I clicked the button all it did was close my browser and that was it, not sure if that is what should happen. Ran JavaRa then OTL. OTL Below:


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Kyle\AppData\Local\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw moved successfully.
C:\ProgramData\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw moved successfully.
C:\Users\Kyle\AppData\Local\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7 moved successfully.
C:\ProgramData\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7 moved successfully.
C:\ProgramData\xmfu.exe moved successfully.
C:\ProgramData\qunm.exe moved successfully.
C:\ProgramData\qmev.exe moved successfully.
C:\ProgramData\demo.exe moved successfully.
C:\Users\Kyle\AppData\Local\lnyr821l053312 moved successfully.
C:\ProgramData\lnyr821l053312 moved successfully.
C:\Users\Kyle\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Kyle\AppData\Roaming\AVG10 folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\sound folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\menu\esp folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\menu\eng folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\menu folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\lang\eng folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\lang folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\finaltableskin folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\sound folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\menu\esp folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\menu\eng folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\menu folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\lang\eng folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\lang folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\finaltableskin folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\scr folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\phistory\asc folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\phistory folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\resize folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\pk folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\mainbtn\esp folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\mainbtn folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\mainbg folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\jackpotimage folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\ihr folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\gamebtn folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\emoticon folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\effect folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\dlg folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\cs folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\chatwin folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\casino folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\buddy folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\bj folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage\ba folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\gameimage folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data\coord folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst\data folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\DownLoadInst folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\scr folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\phistory\asc folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\phistory folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\resize folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\pk folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\mainbtn\esp folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\mainbtn folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\mainbg folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\jackpotimage folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\ihr folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\gamebtn folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\emoticon folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\effect folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\dlg folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\cs folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\chatwin folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\casino folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\buddy folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\bj folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage\ba folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\gameimage folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data\coord folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker\data folder moved successfully.
C:\Users\Kyle\AppData\Roaming\Absolute Poker folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 39104 bytes
->Temporary Internet Files folder emptied: 11314502 bytes
->Java cache emptied: 85000 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 37215 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12574 bytes
RecycleBin emptied: 9430216 bytes

Total Files Cleaned = 21.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11112011_175517

Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Temp\ZKT{51169137-C93B-47CA-A050-39B379C542E6}.tmp moved successfully.
C:\Windows\temp\ZKT{783624D2-00D0-4109-B857-25FBABE2D1B3}.tmp moved successfully.
File\Folder C:\Windows\temp\ZKT{A4C58C4E-11C0-44D4-B90F-944599BD65F1}.tmp not found!

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
AML Free Registry Cleaner 4.22
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player ( 10.0.12.36) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
Travel here: https://www.techspot.com/downloads/6463-java-se.html and download standalone Java file (Windows 7, XP Offline).
Install it.

Uninstall AML Free Registry Cleaner 4.22.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

 
Downloaded Java, Eset scan results below:

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
 
Programs used during cleanup

Which of the following programs I have from this process should I keep, and which should I delete?

JavaRa
Boot Cleaner
ComboFix
Rkill
OTL
SecurityCheck
TFC
GMER
DDS
aswMBR
TDSSKiller
HijackThis


And should I keep the MBR.dat file from running aswMBR?

Thank you!
 
You can delete MBR.dat file.
As for the rest explained below....


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
I had to logout and in to my comp to finish java, it almost finished and then I got the following: Internal Error 2753. regutils.dll

Here is the OTL Log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 1245572 bytes
->Temporary Internet Files folder emptied: 4785032 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 679 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6949 bytes
RecycleBin emptied: 34569 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11112011_201746

Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player ( 10.0.12.36) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
Well, I suggest you start a new topic in Windows forum regarding this issue.

Meanwhile.....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 54198 bytes
->Temporary Internet Files folder emptied: 8547226 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 679 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7440 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11112011_204824

Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Temp\ZKT{99CCDB4A-7E6C-4AAE-8EA6-E0B9ED4DF4A8}.tmp moved successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q2Z8KI8\topic173268-3[1].htm moved successfully.
File\Folder C:\Windows\temp\ZKT{2E001C26-53A3-4311-97B6-BAD72CA672A2}.tmp not found!
C:\Windows\temp\ZKT{48B3CC95-BF22-436A-B4C9-478B2A0E0461}.tmp moved successfully.

Registry entries deleted on Reboot...
 
Everything seems to be working wonderfully, no further issues as of yet!

My only concern is that I currently have 65 processes running. Is this normal or ok?
 
It's perfectly normal.

Way to go!!
p4193510.gif

Good luck and stay safe :)
 
Thank you so very much! It is totally awesome what you do on here for people who would be lost or pay hundreds of bucks to get this stuff fixed! You are much appreciated boss!
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
4K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
7K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni

Latest posts

Back