Fake Internet Security infection

**spot812** · 2011-08-02, 06:34

OTL.txt:

OTL logfile created on: 8/1/2011 6:33:49 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\hjh\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 500.67 Mb Available Physical Memory | 48.97% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 130.55 Gb Free Space | 85.52% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: hjh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Themes) -- File not found
SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (StatusAgent4) -- C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV2_01) EPSON V3 Service2(03) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (kbfilter) -- C:\WINDOWS\System32\drivers\kbfilter.sys (WayTech Development, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (hpmmkbd) -- C:\WINDOWS\system32\drivers\HPMMKBD.SYS (Hewlett-Packard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 75 D1 6D 6B 4E CC 01 [binary data]
IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb31e56&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/05 06:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 20:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 20:10:13 | 000,000,000 | ---D | M]

[2011/04/25 16:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Extensions
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions
[2011/04/25 16:03:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 01:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/13 21:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/17 07:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/02/05 14:35:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/04/16 13:25:48 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2011/06/14 15:02:51 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2009/02/09 13:58:27 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/02/09 13:58:27 | 000,001,932 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/07/27 19:59:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Auto EPSON Stylus CX6600 Series on BOTES-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] File not found
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HpMmKbd] C:\WINDOWS\System32\HpMmKbd.exe (Hewlett-Packard Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [PhotoJoy] File not found
O4 - HKU\S-1-5-18..\Run: [PhotoJoy] File not found
O4 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 13:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 06:31:10 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/07/29 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/27 19:38:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/27 19:36:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/27 19:36:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/27 19:36:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/27 19:36:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/27 19:36:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/27 19:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Avira
[2011/07/27 19:24:46 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Malwarebytes
[2011/07/24 16:03:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/24 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/24 16:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/24 16:03:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/24 16:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\My Documents\My Videos
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\Start Menu\Programs\Administrative Tools
[2011/07/17 07:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/17 07:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/17 07:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/17 07:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Desktop\Inoculation
[2011/07/17 07:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/17 07:02:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/17 06:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit
[2011/07/17 06:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\vmntemplate
[2011/07/17 06:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/17 06:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine
[2011/07/17 04:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/07/07 07:57:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/07/06 22:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/07/06 22:30:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/07/06 22:30:13 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/06 22:30:13 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/06 22:30:13 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/07/06 22:30:13 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/07/06 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\My Documents\Downloads
[2011/07/06 20:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/07/06 20:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2011/07/06 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 06:31:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/08/01 05:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 01:30:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/31 14:07:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/31 09:59:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 19:59:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 19:58:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 19:38:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/27 19:24:53 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 00:37:57 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\magicJack.lnk
[2011/07/23 00:27:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 22:32:00 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/13 02:00:36 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/13 02:00:36 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/07 10:35:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 22:31:00 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:35:43 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 19:38:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/27 19:38:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/27 19:36:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/27 19:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/27 19:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/27 19:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/27 19:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 22:32:02 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/17 22:32:00 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 22:32:00 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Internet Explorer.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/06 22:31:00 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:18:30 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/09 07:44:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/03 20:11:40 | 000,208,153 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/10/03 20:11:39 | 000,000,918 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2009/05/22 15:30:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2009/05/22 15:30:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2009/05/04 02:59:07 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2009/04/29 20:46:53 | 000,090,112 | ---- | C] () -- C:\WINDOWS\RSetupCE.exe
[2009/04/16 13:21:01 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/03 17:19:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/25 08:17:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/22 16:03:10 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2009/03/22 16:03:06 | 001,856,107 | ---- | C] () -- C:\WINDOWS\Treasure Planet.dat
[2009/03/22 16:03:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2009/03/22 11:48:06 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2009/03/22 11:48:06 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2009/03/22 11:42:27 | 000,000,194 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/03/22 10:12:38 | 000,000,079 | ---- | C] () -- C:\WINDOWS\fsplugin.ini
[2009/03/02 12:45:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/02/27 22:43:24 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/02/24 21:12:47 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2009/02/10 23:44:52 | 000,001,747 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/10 18:37:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/05 06:10:07 | 000,001,658 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/03 21:52:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/02/03 14:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/03 13:31:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 13:27:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/03 07:24:22 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2009/02/03 07:24:21 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2009/02/03 07:12:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/03 07:11:23 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,436,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,069,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/01/22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[2000/02/23 20:31:22 | 000,003,961 | ---- | C] () -- C:\WINDOWS\System32\HPKBDUNI.DAT
[1999/10/17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[1999/10/17 20:01:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20ENU(2).DLL

========== LOP Check ==========

[2011/06/27 06:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/14 17:55:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/17 05:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/03/03 05:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/10 15:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstalledPackages
[2009/03/04 05:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\livepim
[2010/08/24 14:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/07/06 20:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/05/05 09:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/02/10 21:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/16 00:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SyncClient
[2010/10/03 21:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2009/03/15 16:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/17 05:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32}
[2009/05/11 13:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/17 12:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\AVG10
[2011/07/23 00:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\mjusbsp
[2011/07/17 06:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\vmntemplate
[2011/07/17 06:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[2011/06/14 15:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar
[2011/08/01 01:30:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

**spot812** · 2011-08-02, 06:36

Extras log:

OTL Extras logfile created on: 8/1/2011 6:33:49 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\hjh\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 500.67 Mb Available Physical Memory | 48.97% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 130.55 Gb Free Space | 85.52% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: hjh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1772:UDP" = 1772:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"1870:UDP" = 1870:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"1894:UDP" = 1894:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\hjh\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\hjh\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\PhotoJoy\Bin\PjApp.exe" = C:\Program Files\PhotoJoy\Bin\PjApp.exe:*:Enabled:PhotoJoy

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{465DE3B1-1207-4BBA-828A-0F3ABED81603}" = Treasure Planet: Battle at Procyon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = B44Inst
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2D45137-7631-4824-B285-52742329DE4B}" = Documents To Go
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Flatspace" = Flatspace (remove only)
"Google Updater" = Google Updater
"Heretic Kingdoms" = Heretic Kingdoms - The Inquisition
"Hewlett-Packard Extended Keyboard" = Hewlett-Packard Extended Keyboard
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageElements Picture Framer" = ImageElements Picture Framer
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x Driver Installer
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"LucasArts' TIE Fighter" = LucasArts' TIE Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Maximus XV (Demo)" = Maximus XV (Demo)
"MetalShard Game Engine" = MetalShard Game Engine
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Once Upon a Knight" = Once Upon a Knight
"Pocket Tunes" = Pocket Tunes 5.0.0
"Pocket War" = MetalShard Pocket War
"Product_Name" = Geneforge
"RealPlayer 6.0" = RealPlayer
"RiftSpace" = RiftSpace
"Shop for HP Supplies" = Shop for HP Supplies
"Space Hack Demo" = Space Hack Demo
"Star Wars Galaxy Screensaver_is1" = Star Wars Galaxy Screensaver
"Stickies 6.7a" = Stickies 6.7a
"SwitchSync Ex_is1" = SwitchSync Ex 4.6.1
"System47" = System47 Screen Saver
"Tachyon" = Tachyon
"TVAnts 1.0" = TVAnts 1.0
"Ultravnc2_is1" = UltraVNC 1.0.5
"Universal Document Converter_is1" = Universal Document Converter
"WeatherBug" = WeatherBug
"whitesmoketoolbar" = WhiteSmoke Toolbar
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2011 1:41:26 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/23/2011 2:39:00 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 2:39:02 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 5:04:33 PM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/25/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/26/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/27/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/29/2011 11:51:45 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:52:46 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:58:27 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

[ Application Events ]
Error - 7/23/2011 1:41:26 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/23/2011 2:39:00 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 2:39:02 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 5:04:33 PM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/25/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/26/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/27/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/29/2011 11:51:45 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:52:46 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:58:27 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

[ System Events ]
Error - 7/29/2011 11:52:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >

**ken545** · 2011-08-02, 10:05

Just some leftovers to remove

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
[2009/04/16 13:25:48 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
O4 - HKU\.DEFAULT..\Run: [PhotoJoy] File not found
O4 - HKU\S-1-5-18..\Run: [PhotoJoy] File not found
[2011/07/29 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/17 06:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit
[2011/07/17 06:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/17 06:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine
[2011/07/06 20:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/07/06 20:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2011/07/06 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[2011/07/17 06:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[2011/06/14 15:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**spot812** · 2011-08-02, 15:29

Here is the log produced after the RunFix:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cf45c54f-801c-41b5-ac77-57f2bf418edc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cf45c54f-801c-41b5-ac77-57f2bf418edc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.
C:\Program Files\DNA\plugins\npbtdna.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoJoy deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoJoy not found.
C:\Program Files\Ask.com folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar\CacheIcons folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Repository folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar\Logs folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar\Logs folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar\weather folder moved successfully.
C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar folder moved successfully.
Folder C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar\ not found.
C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\hjh\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\hjh\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : comcast.net
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
C:\Documents and Settings\hjh\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\hjh\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\hjh\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\hjh\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.OFFICE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: hjh
->Temp folder emptied: 9075362 bytes
->Temporary Internet Files folder emptied: 6595999 bytes
->Java cache emptied: 432 bytes
->FireFox cache emptied: 81232949 bytes
->Flash cache emptied: 2747228 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9011334 bytes
->Flash cache emptied: 185898 bytes

User: NetworkService
->Temp folder emptied: 7952 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1712 bytes
->Flash cache emptied: 84418 bytes

User: Owner

%systemdrive% .tmp files removed: 14640 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42883 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 104.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08022011_061652

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\hjh\Local Settings\Temp\~DF5295.tmp not found!
File\Folder C:\Documents and Settings\hjh\Local Settings\Temp\~DFF429.tmp not found!
C:\Documents and Settings\hjh\Local Settings\Temporary Internet Files\Content.IE5\Z5DVG9XB\showthread[3].htm moved successfully.
C:\WINDOWS\temp\HPSLPSVC0000.log moved successfully.

Registry entries deleted on Reboot...

And the OTL and Extra logs after RunScan:

OTL.txt log:

OTL logfile created on: 8/2/2011 6:23:34 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\hjh\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 449.37 Mb Available Physical Memory | 43.95% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 130.48 Gb Free Space | 85.48% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: hjh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\HPMMKBD.EXE (Hewlett-Packard Corp.)
PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Themes) -- File not found
SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (StatusAgent4) -- C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV2_01) EPSON V3 Service2(03) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (kbfilter) -- C:\WINDOWS\System32\drivers\kbfilter.sys (WayTech Development, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (hpmmkbd) -- C:\WINDOWS\system32\drivers\HPMMKBD.SYS (Hewlett-Packard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 75 D1 6D 6B 4E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb31e56&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/05 06:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 20:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 20:10:13 | 000,000,000 | ---D | M]

[2011/04/25 16:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Extensions
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions
[2011/04/25 16:03:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 01:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/13 21:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/17 07:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/02/05 14:35:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/14 15:02:51 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2009/02/09 13:58:27 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/02/09 13:58:27 | 000,001,932 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/08/02 06:17:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus CX6600 Series on BOTES-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] File not found
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HpMmKbd] C:\WINDOWS\System32\HpMmKbd.exe (Hewlett-Packard Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 13:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 06:18:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/02 06:16:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/02 06:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Desktop\erunt
[2011/08/01 06:31:10 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/07/27 19:38:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/27 19:36:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/27 19:36:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/27 19:36:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/27 19:36:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/27 19:36:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/27 19:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Avira
[2011/07/27 19:24:46 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Malwarebytes
[2011/07/24 16:03:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/24 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/24 16:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/24 16:03:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/24 16:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\My Documents\My Videos
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\Start Menu\Programs\Administrative Tools
[2011/07/17 07:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/17 07:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/17 07:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/17 07:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Desktop\Inoculation
[2011/07/17 07:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/17 07:02:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/17 06:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\vmntemplate
[2011/07/17 04:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/07/07 07:57:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/07/06 22:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/07/06 22:30:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/07/06 22:30:13 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/06 22:30:13 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/06 22:30:13 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/07/06 22:30:13 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/07/06 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\My Documents\Downloads

========== Files - Modified Within 30 Days ==========

[2011/08/02 06:23:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/02 06:19:35 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/02 06:19:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 06:19:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 06:17:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/02 06:12:24 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\erunt.zip
[2011/08/02 05:59:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 06:31:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/07/27 19:38:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/27 19:24:53 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 00:37:57 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\magicJack.lnk
[2011/07/23 00:27:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 22:32:00 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/13 02:00:36 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/13 02:00:36 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/07 10:35:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 22:31:00 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:35:43 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/02 06:12:16 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\erunt.zip
[2011/07/27 19:38:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/27 19:38:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/27 19:36:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/27 19:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/27 19:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/27 19:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/27 19:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 22:32:02 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/17 22:32:00 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 22:32:00 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Internet Explorer.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/06 22:31:00 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:18:30 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/09 07:44:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/03 20:11:40 | 000,208,153 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/10/03 20:11:39 | 000,000,918 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2009/05/22 15:30:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2009/05/22 15:30:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2009/05/04 02:59:07 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2009/04/29 20:46:53 | 000,090,112 | ---- | C] () -- C:\WINDOWS\RSetupCE.exe
[2009/04/16 13:21:01 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/03 17:19:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/25 08:17:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/22 16:03:10 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2009/03/22 16:03:06 | 001,856,107 | ---- | C] () -- C:\WINDOWS\Treasure Planet.dat
[2009/03/22 16:03:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2009/03/22 11:48:06 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2009/03/22 11:48:06 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2009/03/22 11:42:27 | 000,000,194 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/03/22 10:12:38 | 000,000,079 | ---- | C] () -- C:\WINDOWS\fsplugin.ini
[2009/03/02 12:45:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/02/27 22:43:24 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/02/24 21:12:47 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2009/02/10 23:44:52 | 000,001,747 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/10 18:37:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/05 06:10:07 | 000,001,658 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/03 21:52:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/02/03 14:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/03 13:31:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 13:27:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/03 07:24:22 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2009/02/03 07:24:21 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2009/02/03 07:12:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/03 07:11:23 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,436,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,069,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/01/22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[2000/02/23 20:31:22 | 000,003,961 | ---- | C] () -- C:\WINDOWS\System32\HPKBDUNI.DAT
[1999/10/17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[1999/10/17 20:01:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20ENU(2).DLL

< End of report >

I did not find an Extras.txt log from this scan. Should there be one?

The computer is running much, much better now.
I think we're winning the battle!
What's next..................?

**ken545** · 2011-08-02, 15:46

looking good, any issues ?

**spot812** · 2011-08-03, 14:30

Everything seems to be running great.

Thank you, so much, for your help, Ken.

I've almost always used trialware or shareware Anti-Virus protection, however it doesn't seem to be quite enough. I've always used SpyBot S&D, of course, along with whicheve flavor of Antivirus I am using, at the time.

It doesn't seem like any one program "does it all" so it takes a group of anti-virus, anti-malware, anti-spyware, programs etc. Could you make a suggestion of which programs you like to have on your own machines? Freeware is preferable, but I'd be happy to pay for shareware or "donation-ware" if I could be more confident it's catching the greatest amount of potential threats.

Other than that, it looks like we are done here. Please let me know if there are any last steps to be performed before we part company and go our seperate ways..............

**ken545** · 2011-08-03, 18:48

With Anti Virus, you just want one, more than one is overkill and can hamper system performance and cause all sorts of issues, just keep Avira, keep it updated and run a scan on a regular basis. Its a nice AV, keep it.

Spybot is also fine to keep.

Malwarebytes is the free version and yours to keep, you can upgrade to the Pro Version ( the cost is minamal..like under $25 I believe ) its just a one time fee, not yearly , the Pro Version includes a Protection Moduale, if you wander into a bad site, you will get a page not found and a pop up from Malwarebytes stating it block a potentially malicious site, but this of course is up to you.

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
WhattheTech
GeeksTo Go
Dslreports

Safe Surfn
Ken

**ken545** · 2011-08-08, 13:09

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Thread: Fake Internet Security infection

Thread Tools

Display

Oldtimer logs part 1 of 2

Oldtimer Logs part 2 of 2

Oldtimer RunFix Log and Run Scan Log

Looking Good

Posting Permissions