Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP Antispyware 2012

Started by KCTIM , Jun 26 2011 03:12 PM

This topic is locked

#1
KCTIM

Posted 26 June 2011 - 03:12 PM

Member

Member
27 posts

Hi again everyone. I didn't think I'd be back so soon, but this time I'm helping my 60 year old dad out. I don't know how it happend, but somehow he got this XP Antispyware 2012 on his PC. I don't know how long it's been on there, he may have thought it was legit, but he seems to think it appeared within the last 2 days. Anyway, I ran Malwarebytes a few times quick and full scans. Removed about 12 malicious objects it found. Everything on his PC appears to be operating normal again, except:

PROBLEM:
His Automatic updates are turned off and they won't turn back on no matter what I do. You guys took good care of me last time I had a problem and hoping you could again. Thanks!!

Here's the OTL Scan Report

OTL logfile created on: 6/26/2011 4:00:31 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.73 Mb Total Physical Memory | 112.35 Mb Available Physical Memory | 22.00% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 55.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 84.45 Gb Free Space | 75.54% Space Free | Partition Type: NTFS
Drive H: | 54.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GATEWAY-EHL84M9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/26 17:50:06 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2010/06/26 17:43:02 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2010/06/26 17:21:08 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2010/05/27 10:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/14 19:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 17:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/03 19:20:06 | 000,293,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/11/05 12:23:28 | 000,303,180 | ---- | M] (Gateway) -- C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe

========== Modules (SafeList) ==========

MOD - [2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/26 17:21:09 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2000/06/15 14:32:24 | 000,036,864 | ---- | M] (Tartan Software) -- C:\Program Files\Gateway\Gateway Ink Monitor\inkpeek.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/06/26 17:43:02 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/06/15 03:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110624.002\navex15.sys -- (NAVEX15)
DRV - [2011/06/15 03:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110624.002\naveng.sys -- (NAVENG)
DRV - [2011/05/16 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/16 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/27 09:53:35 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010/06/26 18:06:15 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/26 17:50:10 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2010/06/26 17:21:11 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/06/26 17:21:11 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/06/26 17:21:11 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/06/26 17:21:11 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/06/26 17:21:11 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/06/26 17:21:11 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/06/26 17:21:11 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/06/26 17:21:11 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/06/26 17:21:11 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/06/26 17:20:57 | 000,050,805 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2010/06/26 17:20:57 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2010/06/26 17:20:56 | 001,075,685 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2010/06/26 17:20:56 | 000,481,305 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2007/02/12 17:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 17:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.1002
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2202
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.2417
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2200
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2207
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2203
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667

[2010/12/29 13:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/29 13:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/12/29 13:36:44 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Philips-Songbird\Profiles\xssd47xq.default\searchplugins\2f6eac7e-ad76-48bc-9535-35e8a81211ad.xml
[2011/02/09 14:58:27 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:36:18 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:36:19 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:21 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:23 | 000,000,000 | ---D | M] (H.264 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:20 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:23 | 000,000,000 | ---D | M] (MPEG-4 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:17 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:19 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:13 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:13 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]

O1 HOSTS File: ([2003/03/31 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe (Gateway)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [sbitunesagent] C:\Program Files\Philips\Philips Songbird\songbirditunesagent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277594069218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1277594599640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/26 16:57:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/22 03:16:40 | 000,000,143 | ---- | M] () - C:\AUTOLOG.REG -- [ NTFS ]
O33 - MountPoints2\{5f7648fe-12ee-11e0-ae95-000cf1f58791}\Shell - "" = Autorun
O33 - MountPoints2\{5f7648fe-12ee-11e0-ae95-000cf1f58791}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 15:59:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/16 11:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\swimming
[2011/06/01 19:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/01 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/01 18:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/01 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/01 18:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/26 17:21:09 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/06/26 17:21:05 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1996/11/17 17:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\IMPLODE.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/26 15:58:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/26 15:37:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 14:56:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/26 12:57:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/26 12:57:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/26 12:57:22 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2011/06/26 12:57:22 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2011/06/26 12:57:21 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 12:57:21 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 12:57:21 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 12:57:21 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/25 00:23:54 | 001,871,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Butler AquaBears.mdb
[2011/06/25 00:23:48 | 000,034,969 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillerelays.pdf
[2011/06/25 00:23:26 | 000,052,702 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillelabels.pdf
[2011/06/25 00:22:41 | 000,084,005 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillenameentries.pdf
[2011/06/25 00:22:04 | 000,066,755 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvilleevententries.pdf
[2011/06/24 23:52:50 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TEAM MANAGER.lnk
[2011/06/22 16:48:02 | 000,087,931 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\toptimes.pdf
[2011/06/22 16:43:20 | 000,087,524 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tmittevent.pdf
[2011/06/22 16:40:26 | 000,204,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SwTM5Archive-Butler AquaBears-01.zip
[2011/06/22 15:15:37 | 000,081,983 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvilleentries.pdf
[2011/06/22 14:56:41 | 000,096,111 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsontoptimes.pdf
[2011/06/22 14:47:06 | 000,062,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsonnameresults.pdf
[2011/06/22 14:46:26 | 000,066,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsoneventresults.pdf
[2011/06/20 17:24:14 | 000,084,369 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top20woodson.pdf
[2011/06/20 17:23:34 | 000,079,981 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top20season.pdf
[2011/06/20 17:16:16 | 000,061,387 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\woodsonnameresults.pdf
[2011/06/20 17:15:16 | 000,066,293 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\woodsoneventresults.pdf
[2011/06/16 17:29:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 10:45:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/09 16:50:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 19:03:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/01 18:57:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 12:48:57 | 000,013,722 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/26 12:48:57 | 000,013,722 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/25 00:23:48 | 000,034,969 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillerelays.pdf
[2011/06/25 00:23:26 | 000,052,702 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillelabels.pdf
[2011/06/25 00:22:40 | 000,084,005 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillenameentries.pdf
[2011/06/25 00:22:01 | 000,066,755 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvilleevententries.pdf
[2011/06/22 16:48:01 | 000,087,931 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\toptimes.pdf
[2011/06/22 16:43:19 | 000,087,524 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tmittevent.pdf
[2011/06/22 16:40:26 | 000,204,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SwTM5Archive-Butler AquaBears-01.zip
[2011/06/22 15:15:36 | 000,081,983 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvilleentries.pdf
[2011/06/22 14:56:40 | 000,096,111 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsontoptimes.pdf
[2011/06/22 14:47:05 | 000,062,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsonnameresults.pdf
[2011/06/22 14:46:25 | 000,066,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsoneventresults.pdf
[2011/06/20 17:24:13 | 000,084,369 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top20woodson.pdf
[2011/06/20 17:23:33 | 000,079,981 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top20season.pdf
[2011/06/20 17:16:15 | 000,061,387 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\woodsonnameresults.pdf
[2011/06/20 17:15:15 | 000,066,293 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\woodsoneventresults.pdf
[2011/06/01 19:03:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/01 18:57:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/05 10:58:27 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
[2011/03/06 18:28:26 | 000,050,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/14 15:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/10/04 19:29:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 16:36:57 | 000,008,956 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/27 16:15:22 | 000,139,758 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/06/27 16:15:21 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/06/27 16:01:02 | 000,019,313 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2010/06/27 16:01:02 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2010/06/27 14:22:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/27 14:11:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/27 10:37:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/06/26 18:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/06/26 17:48:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/26 17:47:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2010/06/26 17:47:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2010/06/26 17:47:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2010/06/26 17:37:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2010/06/26 17:37:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2010/06/26 17:21:11 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/06/26 17:21:09 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/06/26 17:21:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/06/26 17:21:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/06/26 17:21:05 | 000,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2010/06/26 17:21:05 | 000,015,866 | ---- | C] () -- C:\WINDOWS\System32\aud2_gw.ini
[2010/06/26 17:21:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/06/26 17:20:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/06/26 17:18:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/26 17:11:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 16:55:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/26 11:51:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/26 11:50:40 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/16 04:57:36 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/06 13:05:02 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/06/27 12:31:00 | 000,039,611 | ---- | C] () -- C:\WINDOWS\System32\biosid.exe
[1979/12/31 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1979/12/31 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 19:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 19:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 19:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1979/12/31 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/26 17:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/27 15:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/29 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips
[2011/02/09 15:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips-Songbird
[2011/06/26 15:58:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 26 June 2011 - 03:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets see if this will fix it

First we will remove some malware

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n

:Files
ipconfig /flushdns /c
C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Now the update problem

Please go to this page and press the fixit button about halfway down

#3
KCTIM

Posted 26 June 2011 - 03:27 PM

Member

Topic Starter
Member
27 posts

Thank you for the prompt reply Essex, as always you are the man. Will be back with you with the scan results in a few.

-Tim

#4
KCTIM

Posted 26 June 2011 - 04:29 PM

Member

Topic Starter
Member
27 posts

Ok,
Sorry for the delay. I got the auto updates working again from your reccomendation. PC seems to be running slower now than it was before, not sure if we got everything off or not.

Here's the log:

OTL logfile created on: 6/26/2011 4:35:30 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.73 Mb Total Physical Memory | 39.08 Mb Available Physical Memory | 7.65% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 84.45 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
Drive H: | 54.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GATEWAY-EHL84M9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/26 17:50:06 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2010/06/26 17:43:02 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2010/06/26 17:21:08 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2010/05/27 10:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/14 19:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 19:48:42 | 000,024,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 17:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/11/05 12:23:28 | 000,303,180 | ---- | M] (Gateway) -- C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe

========== Modules (SafeList) ==========

MOD - [2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/26 17:21:09 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2000/06/15 14:32:24 | 000,036,864 | ---- | M] (Tartan Software) -- C:\Program Files\Gateway\Gateway Ink Monitor\inkpeek.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/06/26 17:43:02 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/06/15 03:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110624.002\navex15.sys -- (NAVEX15)
DRV - [2011/06/15 03:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110624.002\naveng.sys -- (NAVENG)
DRV - [2011/05/16 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/16 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/27 09:53:35 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010/06/26 18:06:15 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/26 17:50:10 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2010/06/26 17:21:11 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/06/26 17:21:11 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/06/26 17:21:11 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/06/26 17:21:11 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/06/26 17:21:11 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/06/26 17:21:11 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/06/26 17:21:11 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/06/26 17:21:11 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/06/26 17:21:11 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/06/26 17:20:57 | 000,050,805 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2010/06/26 17:20:57 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2010/06/26 17:20:56 | 001,075,685 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2010/06/26 17:20:56 | 000,481,305 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2007/02/12 17:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 17:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.1002
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2202
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.2417
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2200
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2207
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2203
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667

[2010/12/29 13:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/29 13:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/12/29 13:36:44 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Philips-Songbird\Profiles\xssd47xq.default\searchplugins\2f6eac7e-ad76-48bc-9535-35e8a81211ad.xml
[2011/02/09 14:58:27 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:36:18 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:36:19 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:21 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:23 | 000,000,000 | ---D | M] (H.264 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:20 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:23 | 000,000,000 | ---D | M] (MPEG-4 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:17 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:19 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:13 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:13 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]

O1 HOSTS File: ([2003/03/31 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe (Gateway)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [sbitunesagent] C:\Program Files\Philips\Philips Songbird\songbirditunesagent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277594069218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1277594599640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/26 16:57:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/22 03:16:40 | 000,000,143 | ---- | M] () - C:\AUTOLOG.REG -- [ NTFS ]
O33 - MountPoints2\{5f7648fe-12ee-11e0-ae95-000cf1f58791}\Shell - "" = Autorun
O33 - MountPoints2\{5f7648fe-12ee-11e0-ae95-000cf1f58791}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 16:28:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/26 15:59:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/16 11:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\swimming
[2011/06/01 19:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/01 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/01 18:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/01 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/01 18:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/26 17:21:09 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/06/26 17:21:05 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1996/11/17 17:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\IMPLODE.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 16:34:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/26 16:30:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 16:29:33 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 16:29:33 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 16:29:33 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 16:29:33 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 16:29:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/26 16:29:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/26 16:29:33 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2011/06/26 16:29:33 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2011/06/26 16:28:46 | 004,932,758 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000001-00001102-00000004-20041102}.CDF
[2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/26 14:56:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/25 00:23:54 | 001,871,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Butler AquaBears.mdb
[2011/06/25 00:23:48 | 000,034,969 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillerelays.pdf
[2011/06/25 00:23:26 | 000,052,702 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillelabels.pdf
[2011/06/25 00:22:41 | 000,084,005 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillenameentries.pdf
[2011/06/25 00:22:04 | 000,066,755 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvilleevententries.pdf
[2011/06/24 23:52:50 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TEAM MANAGER.lnk
[2011/06/22 16:48:02 | 000,087,931 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\toptimes.pdf
[2011/06/22 16:43:20 | 000,087,524 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tmittevent.pdf
[2011/06/22 16:40:26 | 000,204,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SwTM5Archive-Butler AquaBears-01.zip
[2011/06/22 15:15:37 | 000,081,983 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvilleentries.pdf
[2011/06/22 14:56:41 | 000,096,111 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsontoptimes.pdf
[2011/06/22 14:47:06 | 000,062,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsonnameresults.pdf
[2011/06/22 14:46:26 | 000,066,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsoneventresults.pdf
[2011/06/20 17:24:14 | 000,084,369 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top20woodson.pdf
[2011/06/20 17:23:34 | 000,079,981 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top20season.pdf
[2011/06/20 17:16:16 | 000,061,387 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\woodsonnameresults.pdf
[2011/06/20 17:15:16 | 000,066,293 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\woodsoneventresults.pdf
[2011/06/16 17:29:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 10:45:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/09 16:50:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 19:03:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/01 18:57:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 12:48:57 | 000,013,722 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/26 12:48:57 | 000,013,722 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/25 00:23:48 | 000,034,969 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillerelays.pdf
[2011/06/25 00:23:26 | 000,052,702 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillelabels.pdf
[2011/06/25 00:22:40 | 000,084,005 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillenameentries.pdf
[2011/06/25 00:22:01 | 000,066,755 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvilleevententries.pdf
[2011/06/22 16:48:01 | 000,087,931 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\toptimes.pdf
[2011/06/22 16:43:19 | 000,087,524 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tmittevent.pdf
[2011/06/22 16:40:26 | 000,204,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SwTM5Archive-Butler AquaBears-01.zip
[2011/06/22 15:15:36 | 000,081,983 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvilleentries.pdf
[2011/06/22 14:56:40 | 000,096,111 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsontoptimes.pdf
[2011/06/22 14:47:05 | 000,062,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsonnameresults.pdf
[2011/06/22 14:46:25 | 000,066,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsoneventresults.pdf
[2011/06/20 17:24:13 | 000,084,369 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top20woodson.pdf
[2011/06/20 17:23:33 | 000,079,981 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top20season.pdf
[2011/06/20 17:16:15 | 000,061,387 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\woodsonnameresults.pdf
[2011/06/20 17:15:15 | 000,066,293 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\woodsoneventresults.pdf
[2011/06/01 19:03:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/01 18:57:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/05 10:58:27 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
[2011/03/06 18:28:26 | 000,050,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/14 15:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/10/04 19:29:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 16:36:57 | 000,008,956 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/27 16:15:22 | 000,139,758 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/06/27 16:15:21 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/06/27 16:01:02 | 000,019,313 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2010/06/27 16:01:02 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2010/06/27 14:22:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/27 14:11:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/27 10:37:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/06/26 18:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/06/26 17:48:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/26 17:47:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2010/06/26 17:47:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2010/06/26 17:47:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2010/06/26 17:37:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2010/06/26 17:37:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2010/06/26 17:21:11 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/06/26 17:21:09 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/06/26 17:21:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/06/26 17:21:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/06/26 17:21:05 | 000,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2010/06/26 17:21:05 | 000,015,866 | ---- | C] () -- C:\WINDOWS\System32\aud2_gw.ini
[2010/06/26 17:21:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/06/26 17:20:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/06/26 17:18:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/26 17:11:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 16:55:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/26 11:51:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/26 11:50:40 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/16 04:57:36 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/06 13:05:02 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/06/27 12:31:00 | 000,039,611 | ---- | C] () -- C:\WINDOWS\System32\biosid.exe
[1979/12/31 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1979/12/31 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 19:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 19:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 19:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1979/12/31 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/26 17:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/27 15:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/29 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips
[2011/02/09 15:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips-Songbird
[2011/06/26 16:34:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

#5
Essexboy

Posted 27 June 2011 - 10:06 AM

GeekU Moderator

Retired Staff
69,964 posts

I would concur with that - I will look for mbr problems next then

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
[2011/06/26 13:59:47 | 000,013,722 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n

:Files
ipconfig /flushdns /c
C:\Documents and Settings\Owner\Local Settings\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n
C:\Documents and Settings\All Users\Application Data\q7o6jl7l45h3g8rekv00o6qoai7t88n

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#6
KCTIM

Posted 27 June 2011 - 05:27 PM

Member

Topic Starter
Member
27 posts

Here's the OTL Scan:

OTL logfile created on: 6/27/2011 6:18:03 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.73 Mb Total Physical Memory | 98.64 Mb Available Physical Memory | 19.31% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.40% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 85.52 Gb Free Space | 76.50% Space Free | Partition Type: NTFS
Drive H: | 54.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GATEWAY-EHL84M9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/26 17:50:06 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2010/06/26 17:43:02 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2010/06/26 17:21:08 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2010/05/27 10:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/14 19:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 19:48:42 | 000,024,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 17:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:20:06 | 000,293,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/11/05 12:23:28 | 000,303,180 | ---- | M] (Gateway) -- C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe

========== Modules (SafeList) ==========

MOD - [2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/26 17:21:09 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2000/06/15 14:32:24 | 000,036,864 | ---- | M] (Tartan Software) -- C:\Program Files\Gateway\Gateway Ink Monitor\inkpeek.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/06/26 17:43:02 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/06/15 03:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110624.002\navex15.sys -- (NAVEX15)
DRV - [2011/06/15 03:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110624.002\naveng.sys -- (NAVENG)
DRV - [2011/05/16 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/16 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/27 09:53:35 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010/06/26 18:06:15 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/26 17:50:10 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2010/06/26 17:21:11 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/06/26 17:21:11 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/06/26 17:21:11 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/06/26 17:21:11 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/06/26 17:21:11 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/06/26 17:21:11 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/06/26 17:21:11 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/06/26 17:21:11 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/06/26 17:21:11 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/06/26 17:20:57 | 000,050,805 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2010/06/26 17:20:57 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2010/06/26 17:20:56 | 001,075,685 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2010/06/26 17:20:56 | 000,481,305 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2007/02/12 17:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 17:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.1002
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2202
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.2417
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2200
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2207
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2203
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667

[2010/12/29 13:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/29 13:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/12/29 13:36:44 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Philips-Songbird\Profiles\xssd47xq.default\searchplugins\2f6eac7e-ad76-48bc-9535-35e8a81211ad.xml
[2011/02/09 14:58:27 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:36:18 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:36:19 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\XSSD47XQ.DEFAULT\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:21 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:23 | 000,000,000 | ---D | M] (H.264 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:20 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:23 | 000,000,000 | ---D | M] (MPEG-4 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:24 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:17 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:18 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:19 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:14 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:13 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:26:13 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2010/12/29 13:24:50 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/06/27 17:36:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe (Gateway)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [sbitunesagent] C:\Program Files\Philips\Philips Songbird\songbirditunesagent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277594069218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1277594599640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/26 16:57:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/22 03:16:40 | 000,000,143 | ---- | M] () - C:\AUTOLOG.REG -- [ NTFS ]
O33 - MountPoints2\{5f7648fe-12ee-11e0-ae95-000cf1f58791}\Shell - "" = Autorun
O33 - MountPoints2\{5f7648fe-12ee-11e0-ae95-000cf1f58791}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 16:28:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/26 15:59:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/16 11:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\swimming
[2011/06/01 19:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/01 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/01 18:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/01 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/01 18:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/26 17:21:09 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/06/26 17:21:05 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1996/11/17 17:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2011/06/27 17:59:50 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/27 17:56:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 17:55:15 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/27 17:55:15 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/27 17:55:15 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/27 17:55:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/27 17:55:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/27 17:55:15 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2011/06/27 17:55:15 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2011/06/27 17:55:14 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000001-00001102-00000004-20041102}.rfx
[2011/06/26 18:53:55 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 18:53:55 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 17:21:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 15:59:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/26 14:56:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 00:23:54 | 001,871,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Butler AquaBears.mdb
[2011/06/25 00:23:48 | 000,034,969 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillerelays.pdf
[2011/06/25 00:23:26 | 000,052,702 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillelabels.pdf
[2011/06/25 00:22:41 | 000,084,005 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvillenameentries.pdf
[2011/06/25 00:22:04 | 000,066,755 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvilleevententries.pdf
[2011/06/24 23:52:50 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TEAM MANAGER.lnk
[2011/06/22 16:48:02 | 000,087,931 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\toptimes.pdf
[2011/06/22 16:43:20 | 000,087,524 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tmittevent.pdf
[2011/06/22 16:40:26 | 000,204,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SwTM5Archive-Butler AquaBears-01.zip
[2011/06/22 15:15:37 | 000,081,983 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hvilleentries.pdf
[2011/06/22 14:56:41 | 000,096,111 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsontoptimes.pdf
[2011/06/22 14:47:06 | 000,062,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsonnameresults.pdf
[2011/06/22 14:46:26 | 000,066,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodsoneventresults.pdf
[2011/06/20 17:24:14 | 000,084,369 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top20woodson.pdf
[2011/06/20 17:23:34 | 000,079,981 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top20season.pdf
[2011/06/20 17:16:16 | 000,061,387 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\woodsonnameresults.pdf
[2011/06/20 17:15:16 | 000,066,293 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\woodsoneventresults.pdf
[2011/06/16 17:29:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 10:45:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/01 19:03:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/01 18:57:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/25 00:23:48 | 000,034,969 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillerelays.pdf
[2011/06/25 00:23:26 | 000,052,702 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillelabels.pdf
[2011/06/25 00:22:40 | 000,084,005 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvillenameentries.pdf
[2011/06/25 00:22:01 | 000,066,755 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvilleevententries.pdf
[2011/06/22 16:48:01 | 000,087,931 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\toptimes.pdf
[2011/06/22 16:43:19 | 000,087,524 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tmittevent.pdf
[2011/06/22 16:40:26 | 000,204,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SwTM5Archive-Butler AquaBears-01.zip
[2011/06/22 15:15:36 | 000,081,983 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hvilleentries.pdf
[2011/06/22 14:56:40 | 000,096,111 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsontoptimes.pdf
[2011/06/22 14:47:05 | 000,062,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsonnameresults.pdf
[2011/06/22 14:46:25 | 000,066,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodsoneventresults.pdf
[2011/06/20 17:24:13 | 000,084,369 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top20woodson.pdf
[2011/06/20 17:23:33 | 000,079,981 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top20season.pdf
[2011/06/20 17:16:15 | 000,061,387 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\woodsonnameresults.pdf
[2011/06/20 17:15:15 | 000,066,293 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\woodsoneventresults.pdf
[2011/06/01 19:03:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/01 18:57:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/05 10:58:27 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
[2011/03/06 18:28:26 | 000,050,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/14 15:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/10/04 19:29:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 16:36:57 | 000,008,956 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/27 16:15:22 | 000,139,758 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/06/27 16:15:21 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/06/27 16:01:02 | 000,019,313 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2010/06/27 16:01:02 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2010/06/27 14:22:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/27 14:11:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/27 10:37:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/06/26 18:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/06/26 17:48:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/26 17:47:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2010/06/26 17:47:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2010/06/26 17:47:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2010/06/26 17:37:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2010/06/26 17:37:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-20041102}.dat
[2010/06/26 17:21:11 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/06/26 17:21:09 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/06/26 17:21:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/06/26 17:21:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/06/26 17:21:05 | 000,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2010/06/26 17:21:05 | 000,015,866 | ---- | C] () -- C:\WINDOWS\System32\aud2_gw.ini
[2010/06/26 17:21:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/06/26 17:20:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/06/26 17:18:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/26 17:11:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 16:55:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/26 11:51:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/26 11:50:40 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/16 04:57:36 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/06 13:05:02 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/06/27 12:31:00 | 000,039,611 | ---- | C] () -- C:\WINDOWS\System32\biosid.exe
[1979/12/31 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1979/12/31 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 19:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 19:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 19:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1979/12/31 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/26 17:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/27 15:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/29 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips
[2011/02/09 15:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips-Songbird
[2011/06/27 17:59:50 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

#7
KCTIM

Posted 27 June 2011 - 05:32 PM

Member

Topic Starter
Member
27 posts

Here's the MBR Log:

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-27 18:29:34
-----------------------------
18:29:34.328 OS Version: Windows 5.1.2600 Service Pack 3
18:29:34.328 Number of processors: 2 586 0x303
18:29:34.328 ComputerName: GATEWAY-EHL84M9 UserName: Owner
18:29:41.437 Initialize success
18:29:54.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:29:54.500 Disk 0 Vendor: WDC_WD1200BB-22FTA0 15.05R15 Size: 114473MB BusType: 3
18:29:56.531 Disk 0 MBR read successfully
18:29:56.531 Disk 0 MBR scan
18:29:56.531 Disk 0 Windows XP default MBR code
18:29:58.531 Disk 0 scanning sectors +234436545
18:29:58.546 Disk 0 scanning C:\WINDOWS\system32\drivers
18:30:07.843 Service scanning
18:30:09.203 Disk 0 trace - called modules:
18:30:09.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:30:09.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f58ab8]
18:30:09.218 3 CLASSPNP.SYS[f8757fd7] -> nt!IofCallDriver -> \Device\00000067[0x82f87f18]
18:30:09.218 5 ACPI.sys[f86ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f2ed98]
18:30:09.218 Scan finished successfully
18:30:49.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:30:50.125 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#8
Essexboy

Posted 28 June 2011 - 10:44 AM

GeekU Moderator

Retired Staff
69,964 posts

MBR looks good - so we will now do one final check before we look elsewhere for the speed problem

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

#9
Essexboy

Posted 01 July 2011 - 11:46 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.