Windows XP Recovery, No DDS!

[timmyt224]

I am getting a message indicating that the post is too long for the combo fix report. The TDSKiller would not work as well, I deleted it and re-loaded it but it would not fire up!!!

[ken545]

Hi,

When you reply to this thread, look at the lower part for MANAGE ATTACHMENTS and you can attach the Combofix report

[timmyt224]

****This is the message I got when I attempted to upload the log.***

(Your file of 128.9 KB bytes exceeds the forum's limit of 48.8 KB for this filetype.)

[ken545]

Right click on Combofix.txt and select SEND TO .......COMPRESSED ZIP FOLDER and then try to upload that zipped file

[timmyt224]

I think were in luck!

[ken545]

Nice, good job, nothing malicious removed

Please download ATF Cleaner by Atribune to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[timmyt224]

ATF cleaner complete, ESET complete as well.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2114\A0256769.exe a variant of Win32/Kryptik.OGD trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2114\A0256770.exe a variant of Win32/Kryptik.OGD trojan

[ken545]

Hello Timmy,

No biggie, what ESET found was in your System Restore Program and its harmless unless you use the program to revert your system to an earlier date, but lets get rid of it and flush it all out


System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

1. Click Start > Run > copy and paste the following into the run box:
   
   %SystemRoot%\System32\restore\rstrui.exe
2. Press OK. Choose Create a Restore Point then click Next.
3. Name it (something you'll remember) and click Create.
4. When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

1. Click Start > Run > copy and paste the following into the run box:
   
   cleanmgr
2. Choose to scan drive C:\ (if C:\ is your main drive).
3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
4. Click on the Yes button.
5. When finished, click on Cancel button to exit.

How are things running now, any browser redirects or unwanted pop up windows ????



Let take one last look at your system
OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[timmyt224]

Update: The good news is there are no pop ups or re-directs, however extremely slow.....Night and day difference from when I was operating in Safe Mode. More so with pulling up programs... The first log from OTL is here, stand by for the extra log in the follow up post.

OTL logfile created on: 6/2/2011 9:23:03 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 91.01 Mb Available Physical Memory | 35.83% Memory free
624.89 Mb Paging File | 309.26 Mb Available in Paging File | 49.49% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 1.78 Gb Free Space | 5.27% Space Free | Partition Type: NTFS

Computer Name: TORCHIA | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\SunnComm Shared\msscript.OCX (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (acssrv) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (SandBox) -- C:\WINDOWS\SYSTEM32\DRIVERS\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\SYSTEM32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\SYSTEM32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\SYSTEM32\DRIVERS\afwcore.sys (Agnitum Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VBEngNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\WINDOWS\SYSTEM32\DRIVERS\afw.sys (Agnitum Ltd.)
DRV - (FlyUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys (LeapFrog)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (P2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys (Motorola Inc)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (ndiscm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\


O1 HOSTS File: ([2010/09/06 21:11:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OutpostFeedBack] File not found
O4 - HKLM..\Run: [OutpostMonitor] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/s...0Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1254591051484 (MUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/download...2/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://photos.surfline.com/albums/ha...7941.thumb.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 21:21:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/02 20:42:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tim\Recent
[2011/06/02 20:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/02 20:40:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/02 18:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/02 18:44:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)
[2011/06/02 10:34:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/02 06:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\tdsskiller(2)
[2011/05/29 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/15 09:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\Jen Back Up
[2011/05/14 13:01:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/06/02 21:21:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/02 20:48:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/02 20:46:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/02 20:46:45 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 18:47:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/02 14:54:25 | 000,021,233 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\log - For Combo fix.zip
[2011/06/02 06:57:06 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\tdsskiller.zip
[2011/06/01 20:59:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\MBR.dat
[2011/05/28 17:11:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/05/18 11:04:25 | 000,001,155 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/15 09:42:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/05/14 13:01:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/02 20:46:44 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/02 14:54:24 | 000,021,233 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\log - For Combo fix.zip
[2011/06/02 06:57:09 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\tdsskiller.zip
[2011/06/01 18:41:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\MBR.dat
[2011/05/29 07:52:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 17:11:12 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Standard
[2011/02/26 16:58:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/02/26 16:58:44 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Speech Enhancer
[2011/02/26 16:54:24 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Strings
[2011/02/26 16:54:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/01/02 22:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/02 22:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/02 22:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 20:38:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 20:38:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/20 18:03:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/25 18:07:49 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\mcs.rma
[2008/11/25 18:07:49 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\8A104B
[2008/11/22 09:12:25 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\kodakpcd.ini
[2007/11/26 21:12:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/29 15:34:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/26 17:40:08 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2006/12/26 17:40:08 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2006/12/26 14:19:51 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2006/12/26 14:19:51 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2006/01/12 18:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 18:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/03/01 16:25:00 | 000,002,832 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/12 18:28:41 | 000,000,176 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 20:44:08 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2004/10/09 12:23:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/19 18:51:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Tim.ini
[2004/08/29 13:04:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/08/16 13:04:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 13:04:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/11 12:25:30 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/07 14:16:41 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JPR.{PB
[2004/08/07 14:16:41 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JCM.{PB
[2004/08/06 18:01:19 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/08/06 18:01:18 | 000,000,528 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/08/06 17:59:20 | 000,001,155 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/05 18:03:01 | 000,000,378 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/08/03 08:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/03 08:24:02 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/03 08:14:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/03 08:14:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/03 08:02:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/03 08:01:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 08:01:32 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/03 08:01:32 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/03 08:01:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 07:47:14 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/16 15:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/11 11:03:20 | 000,343,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/06/10 17:32:17 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/03 17:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/01 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/02 13:04:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/04/17 09:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2010/01/01 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/02/26 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/01 14:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/02/08 11:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/25 09:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\RadialPoint
[2010/04/27 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Research In Motion
[2009/04/17 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Skinux
[2007/02/15 12:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Viewpoint
[2008/07/05 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\aAvgApi
[2004/08/09 19:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2006/12/28 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Musicmatch
[2008/04/04 07:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\RadialPoint
[2006/12/27 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Red Chair Software
[2009/09/20 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Research In Motion
[2008/11/08 10:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Skinux
[2009/07/17 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Smith Micro
[2007/02/08 11:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Viewpoint

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

[timmyt224]

Update: Running quicker now, I spoke to soon.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Service DUAYVYQW stopped successfully!
Service DUAYVYQW deleted successfully!
File C:\WINDOWS\System32\duayvyqw.yks File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 14774182 bytes
->Flash cache emptied: 2182 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Tim
->Temp folder emptied: 616115 bytes
->Temporary Internet Files folder emptied: 5295319 bytes
->Java cache emptied: 75174397 bytes
->FireFox cache emptied: 56650404 bytes
->Apple Safari cache emptied: 867328 bytes
->Flash cache emptied: 482285 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 168825 bytes
%systemroot%\System32 .tmp files removed: 4464145 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13729612 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 164.00 mb


OTL by OldTimer - Version 3.2.20.0 log created on 01022011_112413

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...