Solved Live Security Platinum help

iamaphoenix · Aug 4, 2012

this is the OTL fix log

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mdesd deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hrothghar
->Temp folder emptied: 42533097 bytes
->Temporary Internet Files folder emptied: 12351234 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 52759100 bytes
->Flash cache emptied: 2140 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59143159 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59058012 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 215.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Hrothghar
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Hrothghar
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08042012_133923

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000D9F0CEECED7A3C3EC22C not found!

PendingFileRenameOperations files...
File C:\Windows\temp\TMP0000D9F0CEECED7A3C3EC22C not found!

Registry entries deleted on Reboot...

iamaphoenix · Aug 4, 2012

OTL logfile created on: 8/4/2012 2:49:00 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Hrothghar\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 66.82% Memory free
12.22 Gb Paging File | 9.97 Gb Available in Paging File | 81.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.60 Gb Total Space | 417.95 Gb Free Space | 59.83% Space Free | Partition Type: NTFS

Computer Name: HROTHGHAR-PC | User Name: Hrothghar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 20:49:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hrothghar\Desktop\OTL.exe
PRC - [2012/06/15 22:36:32 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/06/15 22:36:32 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/12 04:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/04 01:35:16 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/09 00:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 02:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IProsetMonitor.exe -- (Intel(R)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 14:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2012/08/04 01:35:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 19:49:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/17 00:42:42 | 000,129,856 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/02 15:36:46 | 000,036,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/09 05:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/09 00:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/17 08:04:18 | 000,111,120 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/17 05:02:24 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2010/04/12 04:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/26 01:17:16 | 000,307,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2010/01/20 23:48:22 | 001,020,192 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ae1000va.sys -- (AE1000)
DRV:64bit: - [2009/02/26 13:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 22:46:53 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2008/01/20 22:46:53 | 000,392,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2007/11/01 17:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/11/01 17:19:50 | 000,410,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2007/11/01 17:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/18 14:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/19 13:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3237160
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...01538&mntrId=0e474d1f0000000000000024e806dacb
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=E0AE1689-BB79-4B0E-9B8D-9D85B41934A2
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\SearchScopes\{F94A8F00-AE05-4562-BDEC-F3FEE34B4755}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,105,0_0,Search,20110207,6900,0,6,0
IE - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/29 21:25:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 19:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/04 00:35:26 | 000,000,000 | ---D | M]

[2011/09/15 22:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hrothghar\AppData\Roaming\Mozilla\Extensions
[2012/08/04 00:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hrothghar\AppData\Roaming\Mozilla\Firefox\Profiles\zr9fcdew.default\extensions
[2012/08/04 00:11:57 | 000,000,000 | ---D | M] (InternetHelper Community Toolbar) -- C:\Users\Hrothghar\AppData\Roaming\Mozilla\Firefox\Profiles\zr9fcdew.default\extensions\{9d0f7eb2-452d-4766-b535-8d23e36c300e}
[2011/10/23 20:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 20:59:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/02 19:49:08 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/14 00:38:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/14 00:38:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/03 20:09:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\..\Toolbar\WebBrowser: (InternetHelper Toolbar) - {9D0F7EB2-452D-4766-B535-8D23E36C300E} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-314256180-2708321711-2672349786-1000..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - Startup: C:\Users\Hrothghar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-314256180-2708321711-2672349786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0080A3D5-50CE-4E62-99F4-BD5A03238BCE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{081F5596-6161-4408-9D0B-E8C353A58A39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7256482D-0FC4-465C-9770-1282F08516C2}: DhcpNameServer = 192.168.169.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{871798BF-CC14-4604-9556-6FFD2E36B32D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Hrothghar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hrothghar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 13:52:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/08/04 12:46:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/04 00:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/04 00:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/04 00:29:12 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\Desktop\Vista
[2012/08/04 00:21:03 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\Desktop\JavaRa-1.16-16-12-11
[2012/08/04 00:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/04 00:15:53 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\AppData\Local\Google
[2012/08/04 00:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/04 00:12:52 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\AppData\Roaming\Free Download Manager
[2012/08/04 00:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2012/08/04 00:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2012/08/04 00:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/08/04 00:11:59 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\AppData\Local\Conduit
[2012/08/04 00:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper
[2012/08/04 00:11:33 | 000,809,840 | ---- | C] (AirInstaller Inc.) -- C:\Users\Hrothghar\Desktop\setup.exe
[2012/08/03 22:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/03 22:13:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Hrothghar\Desktop\esetsmartinstaller_enu.exe
[2012/08/03 22:07:19 | 000,693,139 | ---- | C] (Farbar) -- C:\Users\Hrothghar\Desktop\FSS.exe
[2012/08/03 21:56:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/03 21:53:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/03 20:49:29 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Hrothghar\Desktop\OTL.exe
[2012/08/03 20:15:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/03 14:23:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/03 14:23:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/03 14:23:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/02 23:31:19 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\Desktop\rkill-backup
[2012/08/02 23:30:44 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Hrothghar\Desktop\rkill.com
[2012/08/02 23:30:04 | 004,729,092 | R--- | C] (Swearware) -- C:\Users\Hrothghar\Desktop\ian.exe
[2012/08/02 23:20:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/02 22:07:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/02 19:51:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Hrothghar\Desktop\aswMBR.exe
[2012/08/02 19:47:38 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\Desktop\RK_Quarantine
[2012/08/02 14:29:24 | 000,056,320 | -H-- | C] (FRISK Software International) -- C:\Windows\SysWow64\certgmp2.dll
[2012/08/02 13:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/02 13:13:36 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\Documents\Electronic Arts
[2012/07/24 17:37:17 | 000,000,000 | ---D | C] -- C:\Users\Hrothghar\Documents\Stronghold
[2012/07/23 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2012/07/23 12:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios

========== Files - Modified Within 30 Days ==========

[2012/08/04 14:35:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 14:29:28 | 000,000,973 | ---- | M] () -- C:\Users\Hrothghar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/04 14:03:45 | 000,759,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 14:03:45 | 000,642,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 14:03:45 | 000,119,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 13:58:41 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 13:58:41 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 13:56:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 13:56:20 | 000,264,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/04 13:05:24 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/08/04 13:05:24 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/08/04 13:05:24 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/08/04 13:05:24 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/08/04 13:05:05 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/04 13:05:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/04 12:31:15 | 000,754,588 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/04 11:59:37 | 000,028,294 | ---- | M] () -- C:\Users\Hrothghar\Desktop\Untitled.jpg
[2012/08/04 00:53:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/04 00:35:26 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/04 00:29:03 | 000,014,499 | ---- | M] () -- C:\Users\Hrothghar\Desktop\Vista.zip
[2012/08/04 00:15:04 | 000,160,639 | ---- | M] () -- C:\Users\Hrothghar\Desktop\JavaRa-1.16-16-12-11.zip
[2012/08/04 00:12:01 | 000,000,009 | ---- | M] () -- C:\END
[2012/08/04 00:11:33 | 000,809,840 | ---- | M] (AirInstaller Inc.) -- C:\Users\Hrothghar\Desktop\setup.exe
[2012/08/04 00:08:07 | 000,021,080 | ---- | M] () -- C:\Users\Hrothghar\Desktop\otlfix.odt
[2012/08/03 22:13:12 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Hrothghar\Desktop\esetsmartinstaller_enu.exe
[2012/08/03 22:07:19 | 000,693,139 | ---- | M] (Farbar) -- C:\Users\Hrothghar\Desktop\FSS.exe
[2012/08/03 21:59:01 | 000,806,753 | ---- | M] () -- C:\Users\Hrothghar\Desktop\SecurityCheck.exe
[2012/08/03 20:49:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hrothghar\Desktop\OTL.exe
[2012/08/03 20:09:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/03 14:22:21 | 004,729,092 | R--- | M] (Swearware) -- C:\Users\Hrothghar\Desktop\ian.exe
[2012/08/02 23:30:46 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Hrothghar\Desktop\rkill.com
[2012/08/02 19:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Hrothghar\Desktop\MBR.dat
[2012/08/02 19:51:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Hrothghar\Desktop\aswMBR.exe
[2012/08/02 19:47:19 | 001,552,384 | ---- | M] () -- C:\Users\Hrothghar\Desktop\RogueKiller.exe
[2012/08/02 15:36:46 | 000,036,168 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/08/02 15:32:01 | 000,069,120 | ---- | M] () -- C:\Users\Hrothghar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 15:27:55 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 14:29:24 | 000,056,320 | -H-- | M] (FRISK Software International) -- C:\Windows\SysWow64\certgmp2.dll
[2012/07/24 14:18:41 | 000,000,826 | ---- | M] () -- C:\Users\Hrothghar\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/07/24 14:18:41 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk

========== Files Created - No Company Name ==========

[2012/08/04 14:29:23 | 000,000,973 | ---- | C] () -- C:\Users\Hrothghar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/04 13:05:05 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/04 13:05:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/04 11:58:33 | 000,028,294 | ---- | C] () -- C:\Users\Hrothghar\Desktop\Untitled.jpg
[2012/08/04 00:53:22 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/04 00:34:50 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/04 00:34:50 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/04 00:29:03 | 000,014,499 | ---- | C] () -- C:\Users\Hrothghar\Desktop\Vista.zip
[2012/08/04 00:18:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 00:15:04 | 000,160,639 | ---- | C] () -- C:\Users\Hrothghar\Desktop\JavaRa-1.16-16-12-11.zip
[2012/08/04 00:12:01 | 000,000,009 | ---- | C] () -- C:\END
[2012/08/03 22:04:56 | 000,021,080 | ---- | C] () -- C:\Users\Hrothghar\Desktop\otlfix.odt
[2012/08/03 21:59:01 | 000,806,753 | ---- | C] () -- C:\Users\Hrothghar\Desktop\SecurityCheck.exe
[2012/08/03 14:23:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/03 14:23:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/03 14:23:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/03 14:23:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/03 14:23:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/02 19:57:16 | 000,000,512 | ---- | C] () -- C:\Users\Hrothghar\Desktop\MBR.dat
[2012/08/02 19:47:17 | 001,552,384 | ---- | C] () -- C:\Users\Hrothghar\Desktop\RogueKiller.exe
[2012/08/02 15:36:46 | 000,036,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/24 14:18:41 | 000,000,826 | ---- | C] () -- C:\Users\Hrothghar\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/07/24 14:18:41 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/03/06 01:07:52 | 000,000,048 | ---- | C] () -- C:\Users\Hrothghar\jagex_cl_runescape_LIVE.dat
[2012/03/06 01:07:52 | 000,000,024 | ---- | C] () -- C:\Users\Hrothghar\random.dat
[2011/04/16 01:24:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/01/27 11:54:48 | 000,754,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/12 23:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/22 17:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/15 00:30:56 | 000,069,120 | ---- | C] () -- C:\Users\Hrothghar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/19 01:49:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/11/19 01:48:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/11/19 01:48:19 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/11/18 16:51:35 | 000,000,680 | ---- | C] () -- C:\Users\Hrothghar\AppData\Local\d3d9caps.dat
[2010/09/19 21:43:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/19 21:43:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/10 21:10:02 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/08 10:11:26 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/06 02:54:17 | 000,001,460 | ---- | C] () -- C:\Users\Hrothghar\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2011/11/06 20:21:03 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\.minecraft
[2012/05/04 16:24:33 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\0E474
[2010/09/06 20:25:30 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\Acreon
[2011/10/23 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\Audacity
[2011/09/08 17:22:00 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\Babylon
[2012/08/02 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\BitTorrent
[2012/08/04 00:12:52 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\Free Download Manager
[2012/04/12 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\Mumble
[2010/09/18 14:21:20 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\OpenOffice.org
[2011/09/04 10:11:48 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\Opera
[2012/03/04 21:58:54 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\TS3Client
[2012/03/04 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\Hrothghar\AppData\Roaming\ts3overlay
[2012/08/04 13:53:25 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/02/23 20:23:12 | 315,272,580 | ---- | M] ()(C:\Program Files (x86)\(18????) ??3 ???? ~?????~ (704x396 DivX6.50).avi) -- C:\Program Files (x86)\(18禁アニメ) 姦染3 首都崩壊～神凪悠帆編～ (704x396 DivX6.50).avi
[2011/02/18 14:46:00 | 315,272,580 | ---- | C] ()(C:\Program Files (x86)\(18????) ??3 ???? ~?????~ (704x396 DivX6.50).avi) -- C:\Program Files (x86)\(18禁アニメ) 姦染3 首都崩壊～神凪悠帆編～ (704x396 DivX6.50).avi

< End of report >

Broni · Aug 4, 2012

Let me know if the error is gone after completing OTL fix listed below...

iamaphoenix · Aug 4, 2012

lol im sorry I thought I said it was gone =).

Broni · Aug 4, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

iamaphoenix · Aug 4, 2012

thanks for your help, I really appreciate the time you gave up to help me out. the computer is responsive and a little bit faster than usual but thats because of all the cleaning that was ordered for it =) once again, thank you.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hrothghar
->Temp folder emptied: 55034360 bytes
->Temporary Internet Files folder emptied: 64901 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 52097107 bytes
->Flash cache emptied: 1825 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1924309 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 104.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Hrothghar
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Hrothghar
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08042012_223815

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Broni · Aug 4, 2012

Way to go!!
Good luck and stay safe

Solved Live Security Platinum help

iamaphoenix

Posts: 52 +1

iamaphoenix

Posts: 52 +1

Broni

Posts: 56,041 +516

iamaphoenix

Posts: 52 +1

Broni

Posts: 56,041 +516

iamaphoenix

Posts: 52 +1

Broni

Posts: 56,041 +516

Similar threads

Latest posts