Windows XP Recovery, No DDS!

**ken545** · 2011-06-05, 18:56

Not looking at a rootkit.

Drag OTL to the trash and download a fresh copy , run the scan and post the new log please, there will most likely be no extras this time so dont worry about it.

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**timmyt224** · 2011-06-05, 20:43

OTL logfile created on: 6/5/2011 2:28:40 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 43.65 Mb Available Physical Memory | 17.19% Memory free
624.89 Mb Paging File | 145.00 Mb Available in Paging File | 23.20% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 14.89 Gb Free Space | 44.19% Space Free | Partition Type: NTFS

Computer Name: TORCHIA | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\SunnComm Shared\msscript.OCX (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (acssrv) -- File not found
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (SandBox) -- C:\WINDOWS\SYSTEM32\DRIVERS\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\SYSTEM32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\SYSTEM32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\SYSTEM32\DRIVERS\afwcore.sys (Agnitum Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VBEngNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\WINDOWS\SYSTEM32\DRIVERS\afw.sys (Agnitum Ltd.)
DRV - (FlyUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys (LeapFrog)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (P2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys (Motorola Inc)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (ndiscm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\

O1 HOSTS File: ([2011/06/04 14:26:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OutpostFeedBack] File not found
O4 - HKLM..\Run: [OutpostMonitor] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/s...0Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1254591051484 (MUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/download...2/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://photos.surfline.com/albums/ha...7941.thumb.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 14:28:05 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/04 18:50:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/04 13:52:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/04 10:45:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tim\Start Menu\Programs\Administrative Tools
[2011/06/04 10:44:49 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/03 20:54:53 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2011/06/03 14:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/06/02 20:42:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tim\Recent
[2011/06/02 20:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/02 18:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/29 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/15 09:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\Jen Back Up
[2011/05/14 13:01:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/06/05 14:28:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/05 14:21:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/05 13:06:06 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 13:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/05 08:51:19 | 000,001,155 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/05 07:41:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 19:16:07 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Vz In-Home Agent.lnk
[2011/06/04 14:26:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/06/04 10:45:03 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/04 10:36:21 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\rkill.exe
[2011/06/03 20:55:18 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2011/06/03 15:06:40 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/03 15:06:40 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/05/28 17:11:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/05/15 09:42:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/05/14 13:01:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/05 07:49:13 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 10:36:05 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\rkill.exe
[2011/06/03 15:06:40 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/03 15:06:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/06/03 14:58:15 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Vz In-Home Agent.lnk
[2011/05/29 07:52:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 17:11:12 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Standard
[2011/02/26 16:58:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/02/26 16:58:44 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Speech Enhancer
[2011/02/26 16:54:24 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Strings
[2011/02/26 16:54:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/01/02 22:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/02 22:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/02 22:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 20:38:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 20:38:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/20 18:03:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/25 18:07:49 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\mcs.rma
[2008/11/25 18:07:49 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\8A104B
[2008/11/22 09:12:25 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\kodakpcd.ini
[2007/11/26 21:12:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/29 15:34:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/26 17:40:08 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2006/12/26 17:40:08 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2006/12/26 14:19:51 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2006/12/26 14:19:51 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2006/01/12 18:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 18:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/03/01 16:25:00 | 000,002,832 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/12 18:28:41 | 000,000,176 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 20:44:08 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2004/10/09 12:23:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/19 18:51:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Tim.ini
[2004/08/29 13:04:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/08/16 13:04:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 13:04:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/11 12:25:30 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/07 14:16:41 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JPR.{PB
[2004/08/07 14:16:41 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JCM.{PB
[2004/08/06 18:01:19 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/08/06 18:01:18 | 000,000,528 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/08/06 17:59:20 | 000,001,155 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/05 18:03:01 | 000,000,378 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/08/03 08:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/03 08:24:02 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/03 08:14:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/03 08:14:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/03 08:02:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/03 08:01:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 08:01:32 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/03 08:01:32 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/03 08:01:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 07:47:14 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/16 15:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/11 11:03:20 | 000,343,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/06/10 17:32:17 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/03 17:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/01 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/02 13:04:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/04/17 09:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2010/01/01 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/02/26 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/01 14:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/02/08 11:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/25 09:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\RadialPoint
[2010/04/27 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Research In Motion
[2009/04/17 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Skinux
[2007/02/15 12:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Viewpoint
[2008/07/05 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\aAvgApi
[2004/08/09 19:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2006/12/28 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Musicmatch
[2008/04/04 07:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\RadialPoint
[2006/12/27 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Red Chair Software
[2009/09/20 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Research In Motion
[2008/11/08 10:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Skinux
[2009/07/17 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Smith Micro
[2007/02/08 11:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Viewpoint

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

**ken545** · 2011-06-05, 21:47

Tim,

Want to point out that you have the bare minimum of memory installed, this system must crawl even when its clean . You desperately need to upgrade this memory if you want your system to function normally. If your interested , when where done I will show you how to go about it.

253.98 Mb Total Physical Memory
This amount could be very easily doubled or even adding 1GB would be better

Where going to run a fix with OTL, first back up your registry and then make sure you hooked up to the internet . This will remove some remnants of AVG

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL

O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**timmyt224** · 2011-06-06, 19:50

This process went smoothly, and yes I am interested in upgrading the memory if it will allow me to salvage this unit for another year or so. in addition the anti-virus located a virus. I will send you the log report for the daily scan. This was located prior to the OTL fix. May mean something to you, not sure..

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Tim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tim\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Tim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tim\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Tim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42675270 bytes
->Flash cache emptied: 938 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Tim
->Temp folder emptied: 6530588 bytes
->Temporary Internet Files folder emptied: 39042115 bytes
->Java cache emptied: 1197 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2223 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 57766 bytes

Total Files Cleaned = 84.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_123919

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Tim\Local Settings\Temp\fla22.tmp not found!
File\Folder C:\Documents and Settings\Tim\Local Settings\Temp\fla23.tmp not found!
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\1721260319[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\ac3[4].htm moved successfully.
File\Folder C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\fw-nonplayer-banner[4].htm not found!
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\login_status[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\moviereviews_mevio_com[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\RLN5WSVA\emily[1].html moved successfully.
File\Folder C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\RLN5WSVA\fw-nonplayer-banner[3].htm not found!
File\Folder C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\O3Q2AZTE\1721260319[1].htm not found!
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\O3Q2AZTE\showthread[1].htm moved successfully.
File move failed. C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

**timmyt224** · 2011-06-06, 19:52

Avira AntiVir Personal
Report file date: Monday, June 06, 2011 12:00

Scanning for 2708155 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : TORCHIA

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/27/2011 12:25:26
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 13:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:00:23
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 19:30:26
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 23:02:06
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 01:58:31
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 01:58:32
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 01:58:32
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 01:58:32
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 01:58:32
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 01:58:32
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 01:58:32
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 01:58:33
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 01:58:33
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 01:58:33
VBASE014.VDF : 7.11.8.223 2048 Bytes 6/2/2011 01:58:33
VBASE015.VDF : 7.11.8.224 2048 Bytes 6/2/2011 01:58:33
VBASE016.VDF : 7.11.8.225 2048 Bytes 6/2/2011 01:58:34
VBASE017.VDF : 7.11.8.226 2048 Bytes 6/2/2011 01:58:34
VBASE018.VDF : 7.11.8.227 2048 Bytes 6/2/2011 01:58:34
VBASE019.VDF : 7.11.8.228 2048 Bytes 6/2/2011 01:58:34
VBASE020.VDF : 7.11.8.229 2048 Bytes 6/2/2011 01:58:34
VBASE021.VDF : 7.11.8.230 2048 Bytes 6/2/2011 01:58:34
VBASE022.VDF : 7.11.8.231 2048 Bytes 6/2/2011 01:58:35
VBASE023.VDF : 7.11.8.232 2048 Bytes 6/2/2011 01:58:35
VBASE024.VDF : 7.11.8.233 2048 Bytes 6/2/2011 01:58:35
VBASE025.VDF : 7.11.8.234 2048 Bytes 6/2/2011 01:58:35
VBASE026.VDF : 7.11.8.235 2048 Bytes 6/2/2011 01:58:35
VBASE027.VDF : 7.11.8.236 2048 Bytes 6/2/2011 01:58:35
VBASE028.VDF : 7.11.8.237 2048 Bytes 6/2/2011 01:58:36
VBASE029.VDF : 7.11.8.238 2048 Bytes 6/2/2011 01:58:36
VBASE030.VDF : 7.11.8.239 2048 Bytes 6/2/2011 01:58:36
VBASE031.VDF : 7.11.8.247 38912 Bytes 6/3/2011 01:58:36
Engineversion : 8.2.5.12
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 13:39:51
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/3/2011 01:58:40
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 13:39:50
AESBX.DLL : 8.2.1.34 323957 Bytes 6/3/2011 01:58:40
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 22:44:18
AEPACK.DLL : 8.2.6.8 557430 Bytes 5/18/2011 22:50:11
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/3/2011 01:58:39
AEHEUR.DLL : 8.1.2.123 3502456 Bytes 6/3/2011 01:58:38
AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 11:18:44
AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 11:18:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 13:39:42
AECORE.DLL : 8.1.21.1 196983 Bytes 6/3/2011 01:58:37
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 13:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 13:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 13:39:54
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 22:50:12
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 13:39:54
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/27/2011 12:25:26
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 13:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 13:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 13:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 13:40:20

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, June 06, 2011 12:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'Verizon_IHAMessageCenter.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1821' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[0] Archive type: NSIS
--> ProgramFilesDir/handle.cfxxe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4400a484.qua'.

End of the scan: Monday, June 06, 2011 12:26
Used time: 24:04 Minute(s)

The scan has been canceled!

2366 Scanned directories
44373 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
44372 Files not concerned
906 Archives were scanned
0 Warnings
1 Notes

**ken545** · 2011-06-06, 19:55

Hello Tim

That was a false positive, what it found was part of Combofix detection

How are the redirects, are they gone ?

**timmyt224** · 2011-06-06, 20:23

Yes, I just opened a new tab and attempted a google search and was redirected, otherwise it seems to being operating nicely!

**ken545** · 2011-06-07, 01:06

What site are you being redirected to ? Dont post the link, just type it in.

Are you accessing the internet through a router ? If so, by pass the router, hook your computer up directly to your cable or DSL modem, are you still being redirected when you do this ?

**timmyt224** · 2011-06-07, 01:26

I have a simple hook up with Fios cable Internet service. I just did a simple search for "beach cruisers" and was redirected. Without posting the link it looks like it says, scour.com, If I click on one of those links it redirects me once again to click.scour.com/jump.
As previously stated in an earlier post it's moving smoothly at this point. The only other complication I noticed besides the redirect is I have NO sound over the internet. ( Media clips and video) When I use another program the sound effects work fine....puzzeled at this point!!!

**ken545** · 2011-06-07, 01:44

Open IE and go to Tools> Internet Options> Programs tab> Manage Add Ons> Search Providers and see if scour is listed, if so delete it

Thread: Windows XP Recovery, No DDS!

Thread Tools

Display

OTL Log

OTL Run Fix log

Avira Anti-Virus Log.

Redirects

No Router here.

Posting Permissions