Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I suspect a malware in GNR.EXE or GRN.EXE files


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Gmer didn't find anything evil. Is it still running slow? If so go ahead and run george and process expolorer.
  • 0

Advertisements


#17
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron here are the results of Process Explorer
1st saved file

Process PID CPU Private Bytes Working Set Description Company Name
mcshield.exe 1968 171,628 K 62,864 K McAfee On-Access Scanner service McAfee, Inc.
htcUPCTLoader.exe 3420 78,096 K 1,580 K HTC UPCT Loader
TeaTimer.exe 3936 0.77 58,132 K 45,588 K System settings protector Safer Networking Limited
McSvHost.exe 1584 47,600 K 12,492 K McAfee Service Host McAfee, Inc.
Bridge.exe 3904 44,168 K 2,260 K Adobe Bridge Adobe Systems, Inc.
NokiaMServer.exe 548 0.77 42,664 K 52,444 K Nokia M Platform Nokia
Dropbox.exe 2100 40,720 K 13,728 K Dropbox Dropbox, Inc.
mcagent.exe 3352 33,192 K 376 K McAfee Security Center McAfee, Inc.
explorer.exe 2444 0.77 32,632 K 22,908 K Windows Explorer Microsoft Corporation
searchindexer.exe 288 1.54 32,208 K 35,192 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1032 23,132 K 18,772 K Generic Host Process for Win32 Services Microsoft Corporation
RTHDCPL.EXE 3536 19,476 K 2,568 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
serviceManager.exe 3388 15,872 K 1,040 K Intel Services Manager Intel Corporation
procexp.exe 5080 12,416 K 18,568 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
winlogon.exe 660 8,908 K 9,308 K Windows NT Logon Application Microsoft Corporation
MOBKstat.exe 900 8,764 K 2,108 K McAfee Online Backup Status Application McAfee, Inc.
svchost.exe 1880 7,596 K 2,376 K Generic Host Process for Win32 Services Microsoft Corporation
searchprotocolhost.exe 2644 6,896 K 5,276 K Microsoft Windows Search Protocol Host Microsoft Corporation
MOBKbackup.exe 1692 6,716 K 3,076 K McAfee Online Backup Service bootstrapper McAfee, Inc.
WindowsSearch.exe 1184 5,972 K 1,260 K Windows Search System Tray Microsoft Corporation
lsass.exe 716 5,528 K 1,720 K LSA Shell (Export Version) Microsoft Corporation
mfefire.exe 224 5,124 K 788 K McAfee Core Firewall Service McAfee, Inc.
PassThruSvr.exe 1768 4,816 K 312 K PassThruSvr Application
mfevtps.exe 1660 4,484 K 4,312 K McAfee Process Validation Service McAfee, Inc.
spoolsv.exe 1308 3,860 K 4,176 K Spooler SubSystem App Microsoft Corporation
svchost.exe 880 3,296 K 1,892 K Generic Host Process for Win32 Services Microsoft Corporation
searchfilterhost.exe 4736 3,152 K 6,708 K Microsoft Windows Search Filter Host Microsoft Corporation
apdproxy.exe 3448 3,120 K 2,796 K Adobe Photo Downloader 4.0 component Adobe Systems Incorporated
svchost.exe 1072 2,472 K 296 K Generic Host Process for Win32 Services Microsoft Corporation
NclMSBTSrv.exe 3776 2,372 K 1,308 K Microsoft Bluetooth Media Server Nokia
rundll32.exe 3440 2,308 K 496 K Run a DLL as an App Microsoft Corporation
jqs.exe 1552 2,304 K 1,836 K Java™ Quick Starter Service Sun Microsystems, Inc.
svchost.exe 1460 2,264 K 372 K Generic Host Process for Win32 Services Microsoft Corporation
nvsvc32.exe 1720 2,260 K 568 K NVIDIA Driver Helper Service, Version 91.63 NVIDIA Corporation
rundll32.exe 3320 2,204 K 476 K Run a DLL as an App Microsoft Corporation
svchost.exe 992 2,168 K 2,348 K Generic Host Process for Win32 Services Microsoft Corporation
rundll32.exe 2480 1,984 K 460 K Run a DLL as an App Microsoft Corporation
PhotoshopElementsFileAgent.exe 1428 1,976 K 252 K
services.exe 704 1,944 K 1,876 K Services and Controller app Microsoft Corporation
csrss.exe 636 1,836 K 3,332 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1120 1,744 K 1,616 K Generic Host Process for Win32 Services Microsoft Corporation
NclUSBSrv.exe 3704 1,648 K 768 K USB Media Server Nokia
svchost.exe 1160 1,600 K 320 K Generic Host Process for Win32 Services Microsoft Corporation
jusched.exe 3564 1,600 K 372 K Java™ Update Scheduler Sun Microsystems, Inc.
svchost.exe 1392 1,448 K 592 K Generic Host Process for Win32 Services Microsoft Corporation
ServiceLayer.exe 3616 1,324 K 1,012 K ServiceLayer Module Nokia
alg.exe 2832 1,208 K 916 K Application Layer Gateway Service Microsoft Corporation
MDM.EXE 1640 1,048 K 600 K Machine Debug Manager Microsoft Corporation
ctfmon.exe 416 1,008 K 1,968 K CTF Loader Microsoft Corporation
acrotray.exe 3504 812 K 468 K AcroTray Adobe Systems Inc.
SSScheduler.exe 1208 664 K 272 K McAfee Security Scanner Scheduler McAfee, Inc.
NclRSSrv.exe 3748 604 K 548 K Serial Media Server Nokia
smss.exe 576 172 K 152 K Windows NT Session Manager Microsoft Corporation
System Idle Process 0 49.23 0 K 28 K
System 4 0 K 124 K
Interrupts n/a 46.92 0 K 0 K Hardware Interrupts and DPCs



2nd saved file Process Explorer

Process PID CPU Private Bytes Working Set Description Company Name
mcshield.exe 1968 171,624 K 64,560 K McAfee On-Access Scanner service McAfee, Inc.
htcUPCTLoader.exe 3420 78,096 K 1,584 K HTC UPCT Loader
TeaTimer.exe 3936 1.54 58,132 K 45,592 K System settings protector Safer Networking Limited
McSvHost.exe 1584 47,844 K 4,392 K McAfee Service Host McAfee, Inc.
Bridge.exe 3904 44,168 K 2,272 K Adobe Bridge Adobe Systems, Inc.
chrome.exe 2288 43,900 K 7,428 K Google Chrome Google Inc.
NokiaMServer.exe 548 3.08 43,884 K 53,632 K Nokia M Platform Nokia
Dropbox.exe 2100 40,720 K 13,728 K Dropbox Dropbox, Inc.
searchindexer.exe 288 37,088 K 41,156 K Microsoft Windows Search Indexer Microsoft Corporation
mcagent.exe 3352 33,192 K 1,408 K McAfee Security Center McAfee, Inc.
explorer.exe 2444 32,564 K 23,872 K Windows Explorer Microsoft Corporation
chrome.exe 1252 28,492 K 39,772 K Google Chrome Google Inc.
svchost.exe 1032 23,156 K 18,844 K Generic Host Process for Win32 Services Microsoft Corporation
RTHDCPL.EXE 3536 19,476 K 2,568 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
serviceManager.exe 3388 15,872 K 1,040 K Intel Services Manager Intel Corporation
procexp.exe 3864 2.31 11,728 K 16,804 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
winlogon.exe 660 10,692 K 8,452 K Windows NT Logon Application Microsoft Corporation
chrome.exe 320 9,920 K 17,676 K Google Chrome Google Inc.
MOBKstat.exe 900 8,764 K 2,108 K McAfee Online Backup Status Application McAfee, Inc.
svchost.exe 1880 7,572 K 2,352 K Generic Host Process for Win32 Services Microsoft Corporation
searchprotocolhost.exe 2644 6,852 K 5,340 K Microsoft Windows Search Protocol Host Microsoft Corporation
MOBKbackup.exe 1692 6,716 K 3,076 K McAfee Online Backup Service bootstrapper McAfee, Inc.
WindowsSearch.exe 1184 5,972 K 1,260 K Windows Search System Tray Microsoft Corporation
chrome.exe 4916 5,872 K 10,680 K Google Chrome Google Inc.
lsass.exe 716 0.77 5,584 K 2,068 K LSA Shell (Export Version) Microsoft Corporation
mfefire.exe 224 5,124 K 788 K McAfee Core Firewall Service McAfee, Inc.
PassThruSvr.exe 1768 4,816 K 312 K PassThruSvr Application
mfevtps.exe 1660 4,484 K 4,312 K McAfee Process Validation Service McAfee, Inc.
spoolsv.exe 1308 3,860 K 4,176 K Spooler SubSystem App Microsoft Corporation
svchost.exe 880 3,316 K 1,908 K Generic Host Process for Win32 Services Microsoft Corporation
searchfilterhost.exe 5412 3,200 K 6,768 K Microsoft Windows Search Filter Host Microsoft Corporation
apdproxy.exe 3448 3,120 K 2,796 K Adobe Photo Downloader 4.0 component Adobe Systems Incorporated
svchost.exe 1072 2,472 K 296 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 4216 2,432 K 4,992 K WMI Microsoft Corporation
NclMSBTSrv.exe 3776 2,372 K 1,308 K Microsoft Bluetooth Media Server Nokia
rundll32.exe 3440 2,308 K 496 K Run a DLL as an App Microsoft Corporation
jqs.exe 1552 2,304 K 1,836 K Java™ Quick Starter Service Sun Microsystems, Inc.
svchost.exe 1460 2,264 K 372 K Generic Host Process for Win32 Services Microsoft Corporation
nvsvc32.exe 1720 2,260 K 568 K NVIDIA Driver Helper Service, Version 91.63 NVIDIA Corporation
rundll32.exe 3320 2,204 K 476 K Run a DLL as an App Microsoft Corporation
svchost.exe 992 2,180 K 2,364 K Generic Host Process for Win32 Services Microsoft Corporation
rundll32.exe 2480 1,984 K 460 K Run a DLL as an App Microsoft Corporation
PhotoshopElementsFileAgent.exe 1428 1,976 K 252 K
services.exe 704 1,968 K 1,888 K Services and Controller app Microsoft Corporation
csrss.exe 636 1,808 K 2,596 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1120 1,648 K 1,528 K Generic Host Process for Win32 Services Microsoft Corporation
NclUSBSrv.exe 3704 1,648 K 768 K USB Media Server Nokia
svchost.exe 1160 1,600 K 320 K Generic Host Process for Win32 Services Microsoft Corporation
jusched.exe 3564 1,600 K 372 K Java™ Update Scheduler Sun Microsystems, Inc.
svchost.exe 1392 1,448 K 840 K Generic Host Process for Win32 Services Microsoft Corporation
ServiceLayer.exe 3616 1,324 K 1,012 K ServiceLayer Module Nokia
alg.exe 2832 1,208 K 916 K Application Layer Gateway Service Microsoft Corporation
MDM.EXE 1640 1,048 K 600 K Machine Debug Manager Microsoft Corporation
ctfmon.exe 416 1,008 K 1,996 K CTF Loader Microsoft Corporation
acrotray.exe 3504 812 K 480 K AcroTray Adobe Systems Inc.
SSScheduler.exe 1208 664 K 272 K McAfee Security Scanner Scheduler McAfee, Inc.
NclRSSrv.exe 3748 604 K 548 K Serial Media Server Nokia
smss.exe 576 172 K 152 K Windows NT Session Manager Microsoft Corporation
System Idle Process 0 65.38 0 K 28 K
System 4 0 K 124 K
Interrupts n/a 26.92 0 K 0 K Hardware Interrupts and DPCs
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
It's probably the GMER driver that isn't happy even tho it worked. Can you run Combofix? Or if not can you run OTL?

Ron
  • 0

#19
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron, I hope your having a good weekend here are the Process Explorer result
result 1

Process PID CPU Private Bytes Working Set Description Company Name
mcshield.exe 1968 171,628 K 62,864 K McAfee On-Access Scanner service McAfee, Inc.
htcUPCTLoader.exe 3420 78,096 K 1,580 K HTC UPCT Loader
TeaTimer.exe 3936 0.77 58,132 K 45,588 K System settings protector Safer Networking Limited
McSvHost.exe 1584 47,600 K 12,492 K McAfee Service Host McAfee, Inc.
Bridge.exe 3904 44,168 K 2,260 K Adobe Bridge Adobe Systems, Inc.
NokiaMServer.exe 548 0.77 42,664 K 52,444 K Nokia M Platform Nokia
Dropbox.exe 2100 40,720 K 13,728 K Dropbox Dropbox, Inc.
mcagent.exe 3352 33,192 K 376 K McAfee Security Center McAfee, Inc.
explorer.exe 2444 0.77 32,632 K 22,908 K Windows Explorer Microsoft Corporation
searchindexer.exe 288 1.54 32,208 K 35,192 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1032 23,132 K 18,772 K Generic Host Process for Win32 Services Microsoft Corporation
RTHDCPL.EXE 3536 19,476 K 2,568 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
serviceManager.exe 3388 15,872 K 1,040 K Intel Services Manager Intel Corporation
procexp.exe 5080 12,416 K 18,568 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
winlogon.exe 660 8,908 K 9,308 K Windows NT Logon Application Microsoft Corporation
MOBKstat.exe 900 8,764 K 2,108 K McAfee Online Backup Status Application McAfee, Inc.
svchost.exe 1880 7,596 K 2,376 K Generic Host Process for Win32 Services Microsoft Corporation
searchprotocolhost.exe 2644 6,896 K 5,276 K Microsoft Windows Search Protocol Host Microsoft Corporation
MOBKbackup.exe 1692 6,716 K 3,076 K McAfee Online Backup Service bootstrapper McAfee, Inc.
WindowsSearch.exe 1184 5,972 K 1,260 K Windows Search System Tray Microsoft Corporation
lsass.exe 716 5,528 K 1,720 K LSA Shell (Export Version) Microsoft Corporation
mfefire.exe 224 5,124 K 788 K McAfee Core Firewall Service McAfee, Inc.
PassThruSvr.exe 1768 4,816 K 312 K PassThruSvr Application
mfevtps.exe 1660 4,484 K 4,312 K McAfee Process Validation Service McAfee, Inc.
spoolsv.exe 1308 3,860 K 4,176 K Spooler SubSystem App Microsoft Corporation
svchost.exe 880 3,296 K 1,892 K Generic Host Process for Win32 Services Microsoft Corporation
searchfilterhost.exe 4736 3,152 K 6,708 K Microsoft Windows Search Filter Host Microsoft Corporation
apdproxy.exe 3448 3,120 K 2,796 K Adobe Photo Downloader 4.0 component Adobe Systems Incorporated
svchost.exe 1072 2,472 K 296 K Generic Host Process for Win32 Services Microsoft Corporation
NclMSBTSrv.exe 3776 2,372 K 1,308 K Microsoft Bluetooth Media Server Nokia
rundll32.exe 3440 2,308 K 496 K Run a DLL as an App Microsoft Corporation
jqs.exe 1552 2,304 K 1,836 K Java™ Quick Starter Service Sun Microsystems, Inc.
svchost.exe 1460 2,264 K 372 K Generic Host Process for Win32 Services Microsoft Corporation
nvsvc32.exe 1720 2,260 K 568 K NVIDIA Driver Helper Service, Version 91.63 NVIDIA Corporation
rundll32.exe 3320 2,204 K 476 K Run a DLL as an App Microsoft Corporation
svchost.exe 992 2,168 K 2,348 K Generic Host Process for Win32 Services Microsoft Corporation
rundll32.exe 2480 1,984 K 460 K Run a DLL as an App Microsoft Corporation
PhotoshopElementsFileAgent.exe 1428 1,976 K 252 K
services.exe 704 1,944 K 1,876 K Services and Controller app Microsoft Corporation
csrss.exe 636 1,836 K 3,332 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1120 1,744 K 1,616 K Generic Host Process for Win32 Services Microsoft Corporation
NclUSBSrv.exe 3704 1,648 K 768 K USB Media Server Nokia
svchost.exe 1160 1,600 K 320 K Generic Host Process for Win32 Services Microsoft Corporation
jusched.exe 3564 1,600 K 372 K Java™ Update Scheduler Sun Microsystems, Inc.
svchost.exe 1392 1,448 K 592 K Generic Host Process for Win32 Services Microsoft Corporation
ServiceLayer.exe 3616 1,324 K 1,012 K ServiceLayer Module Nokia
alg.exe 2832 1,208 K 916 K Application Layer Gateway Service Microsoft Corporation
MDM.EXE 1640 1,048 K 600 K Machine Debug Manager Microsoft Corporation
ctfmon.exe 416 1,008 K 1,968 K CTF Loader Microsoft Corporation
acrotray.exe 3504 812 K 468 K AcroTray Adobe Systems Inc.
SSScheduler.exe 1208 664 K 272 K McAfee Security Scanner Scheduler McAfee, Inc.
NclRSSrv.exe 3748 604 K 548 K Serial Media Server Nokia
smss.exe 576 172 K 152 K Windows NT Session Manager Microsoft Corporation
System Idle Process 0 49.23 0 K 28 K
System 4 0 K 124 K
Interrupts n/a 46.92 0 K 0 K Hardware Interrupts and DPCs


Here is result 2


Process PID CPU Private Bytes Working Set Description Company Name
mcshield.exe 1968 171,624 K 64,560 K McAfee On-Access Scanner service McAfee, Inc.
htcUPCTLoader.exe 3420 78,096 K 1,584 K HTC UPCT Loader
TeaTimer.exe 3936 1.54 58,132 K 45,592 K System settings protector Safer Networking Limited
McSvHost.exe 1584 47,844 K 4,392 K McAfee Service Host McAfee, Inc.
Bridge.exe 3904 44,168 K 2,272 K Adobe Bridge Adobe Systems, Inc.
chrome.exe 2288 43,900 K 7,428 K Google Chrome Google Inc.
NokiaMServer.exe 548 3.08 43,884 K 53,632 K Nokia M Platform Nokia
Dropbox.exe 2100 40,720 K 13,728 K Dropbox Dropbox, Inc.
searchindexer.exe 288 37,088 K 41,156 K Microsoft Windows Search Indexer Microsoft Corporation
mcagent.exe 3352 33,192 K 1,408 K McAfee Security Center McAfee, Inc.
explorer.exe 2444 32,564 K 23,872 K Windows Explorer Microsoft Corporation
chrome.exe 1252 28,492 K 39,772 K Google Chrome Google Inc.
svchost.exe 1032 23,156 K 18,844 K Generic Host Process for Win32 Services Microsoft Corporation
RTHDCPL.EXE 3536 19,476 K 2,568 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
serviceManager.exe 3388 15,872 K 1,040 K Intel Services Manager Intel Corporation
procexp.exe 3864 2.31 11,728 K 16,804 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
winlogon.exe 660 10,692 K 8,452 K Windows NT Logon Application Microsoft Corporation
chrome.exe 320 9,920 K 17,676 K Google Chrome Google Inc.
MOBKstat.exe 900 8,764 K 2,108 K McAfee Online Backup Status Application McAfee, Inc.
svchost.exe 1880 7,572 K 2,352 K Generic Host Process for Win32 Services Microsoft Corporation
searchprotocolhost.exe 2644 6,852 K 5,340 K Microsoft Windows Search Protocol Host Microsoft Corporation
MOBKbackup.exe 1692 6,716 K 3,076 K McAfee Online Backup Service bootstrapper McAfee, Inc.
WindowsSearch.exe 1184 5,972 K 1,260 K Windows Search System Tray Microsoft Corporation
chrome.exe 4916 5,872 K 10,680 K Google Chrome Google Inc.
lsass.exe 716 0.77 5,584 K 2,068 K LSA Shell (Export Version) Microsoft Corporation
mfefire.exe 224 5,124 K 788 K McAfee Core Firewall Service McAfee, Inc.
PassThruSvr.exe 1768 4,816 K 312 K PassThruSvr Application
mfevtps.exe 1660 4,484 K 4,312 K McAfee Process Validation Service McAfee, Inc.
spoolsv.exe 1308 3,860 K 4,176 K Spooler SubSystem App Microsoft Corporation
svchost.exe 880 3,316 K 1,908 K Generic Host Process for Win32 Services Microsoft Corporation
searchfilterhost.exe 5412 3,200 K 6,768 K Microsoft Windows Search Filter Host Microsoft Corporation
apdproxy.exe 3448 3,120 K 2,796 K Adobe Photo Downloader 4.0 component Adobe Systems Incorporated
svchost.exe 1072 2,472 K 296 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 4216 2,432 K 4,992 K WMI Microsoft Corporation
NclMSBTSrv.exe 3776 2,372 K 1,308 K Microsoft Bluetooth Media Server Nokia
rundll32.exe 3440 2,308 K 496 K Run a DLL as an App Microsoft Corporation
jqs.exe 1552 2,304 K 1,836 K Java™ Quick Starter Service Sun Microsystems, Inc.
svchost.exe 1460 2,264 K 372 K Generic Host Process for Win32 Services Microsoft Corporation
nvsvc32.exe 1720 2,260 K 568 K NVIDIA Driver Helper Service, Version 91.63 NVIDIA Corporation
rundll32.exe 3320 2,204 K 476 K Run a DLL as an App Microsoft Corporation
svchost.exe 992 2,180 K 2,364 K Generic Host Process for Win32 Services Microsoft Corporation
rundll32.exe 2480 1,984 K 460 K Run a DLL as an App Microsoft Corporation
PhotoshopElementsFileAgent.exe 1428 1,976 K 252 K
services.exe 704 1,968 K 1,888 K Services and Controller app Microsoft Corporation
csrss.exe 636 1,808 K 2,596 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1120 1,648 K 1,528 K Generic Host Process for Win32 Services Microsoft Corporation
NclUSBSrv.exe 3704 1,648 K 768 K USB Media Server Nokia
svchost.exe 1160 1,600 K 320 K Generic Host Process for Win32 Services Microsoft Corporation
jusched.exe 3564 1,600 K 372 K Java™ Update Scheduler Sun Microsystems, Inc.
svchost.exe 1392 1,448 K 840 K Generic Host Process for Win32 Services Microsoft Corporation
ServiceLayer.exe 3616 1,324 K 1,012 K ServiceLayer Module Nokia
alg.exe 2832 1,208 K 916 K Application Layer Gateway Service Microsoft Corporation
MDM.EXE 1640 1,048 K 600 K Machine Debug Manager Microsoft Corporation
ctfmon.exe 416 1,008 K 1,996 K CTF Loader Microsoft Corporation
acrotray.exe 3504 812 K 480 K AcroTray Adobe Systems Inc.
SSScheduler.exe 1208 664 K 272 K McAfee Security Scanner Scheduler McAfee, Inc.
NclRSSrv.exe 3748 604 K 548 K Serial Media Server Nokia
smss.exe 576 172 K 152 K Windows NT Session Manager Microsoft Corporation
System Idle Process 0 65.38 0 K 28 K
System 4 0 K 124 K
Interrupts n/a 26.92 0 K 0 K Hardware Interrupts and DPCs
  • 0

#20
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
I have run george again and here is the report, Only thing is is didn't ask to save again after file exit. I will run OTL now and give you the report.

Thanks mate speak to you soon
Regards
Paul
P.S my computer is heaps faster now.. :)
omboFix 11-07-23.01 - Paul 23/07/2011 18:23:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.369 [GMT 9.5:30]
Running from: c:\documents and settings\Paul\Desktop\george.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kernel32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-23 09:33 . 2011-07-23 09:33 -------- d-----w- c:\windows\LastGood
2011-07-22 06:34 . 2011-07-22 06:51 -------- d-----w- C:\george
2011-07-21 07:09 . 2011-07-21 07:09 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes
2011-07-21 07:09 . 2011-07-06 10:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 07:09 . 2011-07-21 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-21 07:09 . 2011-07-06 10:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 07:09 . 2011-07-21 09:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 06:41 . 2011-07-21 06:41 -------- d-----w- C:\_OTL
2011-07-20 13:20 . 2011-07-20 13:20 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Search
2011-07-20 12:59 . 2011-07-20 12:59 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Desktop Search
2011-07-20 12:50 . 2011-07-20 12:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-20 12:49 . 2011-07-20 15:41 -------- d-----w- c:\program files\Windows Desktop Search
2011-07-20 12:49 . 2011-07-20 12:49 -------- d-----w- c:\windows\system32\GroupPolicy
2011-07-20 12:03 . 2011-07-20 12:03 -------- d-----w- c:\program files\Common Files\Java
2011-07-20 09:07 . 2011-07-23 08:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-20 09:07 . 2011-07-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-20 09:02 . 2011-07-20 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2011-07-20 08:38 . 2011-07-20 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-07-20 08:38 . 2011-07-20 08:38 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-20 07:23 . 2011-07-20 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2011-07-20 07:16 . 2011-07-20 07:16 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Citrix
2011-07-20 07:11 . 2011-07-20 07:11 -------- d-----w- c:\documents and settings\Paul\Application Data\McAfee
2011-07-19 02:19 . 2011-07-19 02:19 388096 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-19 02:19 . 2011-07-19 02:19 -------- d-----w- c:\program files\Trend Micro
2011-07-18 13:21 . 2011-07-18 13:21 -------- d-----w- c:\documents and settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-18 10:36 . 2011-07-18 10:42 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2011-07-18 07:48 . 2011-07-18 07:48 -------- d-----w- c:\documents and settings\Paul\Library
2011-07-18 07:48 . 2011-07-18 07:48 -------- d-----w- c:\documents and settings\Paul\Application Data\com.adobe.ExMan
2011-07-18 06:55 . 2011-07-18 06:55 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\PCHealth
2011-07-18 06:11 . 2011-07-18 06:11 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Microsoft Help
2011-07-18 06:10 . 2011-07-19 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-07-18 03:16 . 2011-07-20 09:57 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Nero
2011-07-18 03:16 . 2011-07-18 14:00 -------- d-----w- c:\documents and settings\Paul\Application Data\Nero
2011-07-18 02:57 . 2011-07-18 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-07-14 09:17 . 2011-07-14 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-07-14 07:50 . 2011-07-14 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-07-07 11:29 . 2011-07-07 11:29 -------- d-----w- c:\documents and settings\Paul\Application Data\com.miniclip.vikingdefense
2011-07-07 11:28 . 2011-07-07 11:28 -------- d-----w- c:\program files\vikingdefense
2011-07-02 04:53 . 2011-07-02 04:53 -------- d-----w- c:\documents and settings\Paul\Application Data\Lazy 8 Studios
2011-07-02 04:52 . 2011-07-02 04:52 -------- d-----w- c:\program files\Lazy 8 Studios
2011-07-01 09:52 . 2011-07-01 09:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-03 19:22 . 2010-06-03 08:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 16:55 . 2009-10-23 23:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-08-13 08:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-02-28 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( [email protected]_06.48.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-23 09:29 . 2011-07-23 09:29 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2011-07-23 09:29 . 2011-07-23 09:29 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2011-07-22 13:11 . 2011-07-22 13:11 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
+ 2006-02-28 12:00 . 2008-04-14 00:12 69120 c:\windows\system32\dllcache\notepad.exe
- 2009-08-13 17:52 . 2008-04-14 00:12 69120 c:\windows\system32\dllcache\notepad.exe
- 2009-08-13 08:58 . 2011-07-22 05:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-13 08:58 . 2011-07-23 07:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-13 08:58 . 2011-07-23 07:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-13 08:58 . 2011-07-22 05:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-13 08:58 . 2011-07-22 05:33 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-23 06:38 . 2011-07-23 07:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-28 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2009-08-13 17:52 . 2008-04-14 00:12 146432 c:\windows\system32\dllcache\winspool.drv
+ 2006-02-28 12:00 . 2008-04-14 00:12 146432 c:\windows\system32\dllcache\winspool.drv
+ 2011-07-22 13:03 . 2011-07-22 13:08 1590348 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 10:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 10:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 10:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-08 26100520]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-25 1306216]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-04-22 933]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-03-08 585728]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Paul\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Paul\Application Data\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files\McAfee Online Backup\MOBKstat.exe [2010-4-13 3045176]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-18 272528]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Paul\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [16/03/2010 5:58 AM 89368]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [19/08/2010 1:41 PM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19/08/2010 1:39 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19/08/2010 1:39 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [19/08/2010 1:39 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [19/08/2010 1:39 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [19/08/2010 1:39 PM 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 8:11 PM 229688]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 2:06 PM 80896]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [16/03/2010 5:58 AM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [16/03/2010 5:58 AM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [16/03/2010 5:58 AM 83688]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [28/04/2011 8:04 PM 23608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2010 1:04 PM 136176]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [6/06/2007 11:36 AM 87424]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [13/12/2006 6:31 PM 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2010 1:04 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [16/05/2011 5:44 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 6:01 PM 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21/07/2011 4:39 PM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [18/06/2011 12:03 AM 237008]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [16/03/2010 5:58 AM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [16/03/2010 5:58 AM 85984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 GSService;GSService;c:\windows\system32\GSService.exe [28/04/2011 8:04 PM 745472]
S4 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [28/04/2011 8:04 PM 245760]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 03:34]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 03:34]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-23 02:59]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-23 02:59]
.
2011-07-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 19:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(416)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Intel\IntelAppStore\bin\serviceManager.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2011-07-23 19:20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 09:50
ComboFix2.txt 2011-07-22 06:51
.
Pre-Run: 42,989,031,424 bytes free
Post-Run: 42,696,437,760 bytes free
.
- - End Of File - - 13E43CAA94A58AE4B529E93B5B79D385

Edited by paulgleave, 23 July 2011 - 04:03 AM.

  • 0

#21
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
here is my OTL log.

Bless you speak to you soon.


OTL logfile created on: 23/07/2011 7:35:16 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

959.48 Mb Total Physical Memory | 331.13 Mb Available Physical Memory | 34.51% Memory free
2.26 Gb Paging File | 1.48 Gb Available in Paging File | 65.44% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.59 Gb Total Space | 39.64 Gb Free Space | 33.43% Space Free | Partition Type: NTFS
Drive E: | 114.29 Gb Total Space | 72.48 Gb Free Space | 63.42% Space Free | Partition Type: NTFS

Computer Name: KOOROORA-61578C | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 23:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2011/06/18 00:03:02 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/26 05:37:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/25 21:24:16 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/12/01 23:56:40 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/23 16:58:06 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/06/22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/05/11 10:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2010/04/13 20:11:16 | 003,045,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKstat.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/08/28 19:34:14 | 013,145,448 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
PRC - [2008/04/14 09:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 23:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/24 01:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/18 14:02:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/18 00:03:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/01 01:47:32 | 000,745,472 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\GSService.exe -- (GSService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/02/16 09:37:38 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/02/17 01:22:00 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/29 10:21:05 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.SYS -- (AF15BDA)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/13 18:41:07 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/13 16:25:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/06/22 09:54:32 | 000,087,424 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Paul\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 20:10:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/23 19:08:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110625171636.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk = C:\Program Files\McAfee Online Backup\MOBKstat.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/13 18:22:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/23 18:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/23 12:55:52 | 004,754,224 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Paul\Desktop\procexp.exe
[2011/07/23 12:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Google Chrome
[2011/07/22 21:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/22 16:07:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/22 16:04:21 | 000,000,000 | ---D | C] -- C:\george
[2011/07/22 15:59:26 | 004,153,948 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\george.exe
[2011/07/21 19:28:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/21 19:28:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/21 19:28:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/21 19:28:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/21 19:28:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/21 19:27:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/21 16:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2011/07/21 16:39:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/21 16:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/21 16:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/21 16:39:35 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/21 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/21 16:11:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/20 23:14:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2011/07/20 22:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2011/07/20 22:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2011/07/20 22:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/07/20 22:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/20 21:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/20 18:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/20 18:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/20 18:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/07/20 18:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/07/20 18:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/07/20 18:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/07/20 16:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/20 16:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Citrix
[2011/07/20 16:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\McAfee
[2011/07/19 11:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\HiJackThis
[2011/07/19 11:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/18 22:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 20:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Nero_AG
[2011/07/18 20:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2011/07/18 19:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\AVS4YOU
[2011/07/18 17:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Library
[2011/07/18 17:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.adobe.ExMan
[2011/07/18 16:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\PCHealth
[2011/07/18 15:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft Help
[2011/07/18 15:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/07/18 12:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Nero
[2011/07/18 12:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Nero
[2011/07/18 12:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/07/14 18:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/07/14 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/07/07 20:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.miniclip.vikingdefense
[2011/07/07 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\vikingdefense
[2011/07/02 14:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Lazy 8 Studios
[2011/07/02 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lazy 8 Studios
[2011/07/01 19:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/23 19:34:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
[2011/07/23 19:29:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 19:09:02 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/23 19:08:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/23 19:08:05 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 18:58:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 18:19:52 | 004,153,948 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\george.exe
[2011/07/23 18:00:13 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/23 17:55:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/23 12:56:17 | 004,754,224 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Paul\Desktop\procexp.exe
[2011/07/23 12:34:23 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
[2011/07/23 12:33:03 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/23 12:33:02 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Google Chrome.lnk
[2011/07/23 10:47:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/22 21:02:08 | 000,027,198 | ---- | M] () -- C:\WINDOWS\MOBK.blk
[2011/07/22 21:02:08 | 000,000,330 | ---- | M] () -- C:\WINDOWS\MOBK.flt
[2011/07/22 16:07:59 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/07/21 16:39:44 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/20 23:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2011/07/20 22:19:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/20 22:19:41 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/20 22:19:33 | 000,505,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/20 22:19:33 | 000,087,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/20 20:49:45 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\e-Sword.lnk
[2011/07/20 20:36:21 | 000,000,147 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/20 19:26:39 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Elements 6.0.lnk
[2011/07/20 19:25:33 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2011/07/20 19:25:16 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2011/07/20 19:17:15 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/07/20 18:08:44 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/20 17:01:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/07/20 10:45:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/19 17:54:46 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/18 20:17:07 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 16:09:36 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds.lnk
[2011/07/18 13:20:15 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/18 13:15:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/18 13:15:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/15 13:28:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Cogs GO Lite.lnk
[2011/07/15 10:46:20 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fruit Ninja Lite.lnk
[2011/07/07 20:58:54 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\vikingdefense.lnk
[2011/07/07 18:02:35 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/30 19:45:00 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/06/26 16:15:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/23 12:33:03 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/23 12:33:02 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Google Chrome.lnk
[2011/07/23 12:29:56 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
[2011/07/23 12:29:55 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
[2011/07/23 10:47:48 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/22 16:07:59 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/07/22 16:07:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/21 19:28:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/21 19:28:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/21 19:28:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/21 19:28:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/21 19:28:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/21 16:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/21 00:35:26 | 000,323,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1450960922-2146968213-1004-0.dat
[2011/07/20 22:19:41 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/07/20 22:19:41 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/20 20:49:45 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\e-Sword.lnk
[2011/07/20 19:30:18 | 000,323,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/20 19:26:39 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Elements 6.0.lnk
[2011/07/20 19:25:33 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2011/07/20 19:25:16 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2011/07/20 19:17:15 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/07/20 19:10:27 | 000,000,147 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/20 18:08:29 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/20 16:41:29 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/19 12:36:22 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/07/18 15:48:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/07/18 14:09:09 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/07/18 14:04:30 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011/07/18 14:03:12 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/07/18 13:15:45 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Windows Media Player.lnk
[2011/07/07 20:58:54 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\vikingdefense.lnk
[2011/07/07 20:58:53 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\vikingdefense.lnk
[2011/07/02 14:22:55 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Cogs GO Lite.lnk
[2011/07/02 14:22:55 | 000,002,018 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Cogs GO Lite.lnk
[2011/06/30 19:10:22 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/30 19:10:22 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
[2011/06/24 17:10:37 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 20:48:54 | 000,060,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/28 20:04:58 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/10/10 14:41:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2010/10/10 14:41:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/10 14:40:12 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2010/07/08 11:51:42 | 001,161,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/08 08:33:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/11 21:05:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/22 18:21:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Biblica.ini
[2009/09/29 16:20:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 13:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 13:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/08/30 17:12:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 21:44:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/08/14 03:23:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/14 03:21:29 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/13 18:54:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/13 18:32:57 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/08/13 18:25:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/13 18:18:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/31 16:05:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 16:05:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 16:05:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 16:05:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 16:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 16:05:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 16:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 16:05:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 16:05:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 16:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 16:05:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 21:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 21:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 21:30:00 | 000,505,546 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 21:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 21:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 21:30:00 | 000,087,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 21:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 21:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 21:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 21:30:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 21:30:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 21:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/15 10:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/18 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo
[2009/08/18 08:16:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/07/20 16:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/11/02 10:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/02/18 14:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/19 15:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/08/17 22:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/08/10 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/08/17 20:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/02/18 15:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/11/02 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/17 20:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/04/30 14:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TFT-DemoAppUp
[2010/04/18 22:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2010/04/18 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2011/06/17 20:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/18 20:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2011/05/08 13:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Canon
[2011/07/18 17:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.adobe.ExMan
[2011/07/18 22:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/07 20:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.miniclip.vikingdefense
[2010/11/01 21:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DriverCure
[2011/07/23 19:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Dropbox
[2010/03/25 10:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Facebook
[2011/04/28 20:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GetRightToGo
[2011/05/16 18:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\HTC
[2011/05/16 19:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/07/02 14:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Lazy 8 Studios
[2010/05/14 18:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\LG Electronics
[2011/07/20 19:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nokia
[2010/08/10 15:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nokia Ovi Suite
[2009/08/17 22:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nseries
[2011/05/23 18:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Outlook
[2010/02/19 13:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\PC Suite
[2011/04/27 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\RegistryKeys
[2011/04/22 23:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Rovio
[2011/07/20 22:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2011/07/20 22:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2011/07/23 18:00:13 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



< End of report >
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Combofix says it found an infection and removed it. Can you run Process Explorer again? This time click twice on the CPU column header to get the big CPU users at the top then wait a minute for it to settle down then save the log and post it? The last two logs have shown a problem with this line:

Interrupts n/a 46.92 0 K 0 K Hardware Interrupts and DPCs

This normally uses a little less than 1 % and here it is using almost 1/2 the CPU time. I've seen laptops run slow if this goes up to 2% (usually because the main battery was too weak and it was dragging down the power supply.)

Also
Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Attach the file to your next post. Do not copy and paste.


Ron
  • 0

#23
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

I have run it as you asked here is the log. I did a de-fragment last night and when I woke up my computer was so slow again. I will run speccy now.
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 37.69 0 K 28 K
Interrupts n/a 37.69 0 K 0 K Hardware Interrupts and DPCs
mcshield.exe 3208 3.08 170,068 K 69,948 K McAfee On-Access Scanner service McAfee, Inc.
procexp.exe 2604 0.77 11,512 K 17,152 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
lsass.exe 1044 5,668 K 2,868 K LSA Shell (Export Version) Microsoft Corporation
csrss.exe 964 1,788 K 2,180 K Client Server Runtime Process Microsoft Corporation
wmiprvse.exe 2652 2,360 K 4,984 K WMI Microsoft Corporation
winlogon.exe 988 8,904 K 6,820 K Windows NT Logon Application Microsoft Corporation
WindowsSearch.exe 680 5,968 K 1,796 K Windows Search System Tray Microsoft Corporation
System 4 0 K 44 K
svchost.exe 1392 25,500 K 23,700 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 852 2,740 K 1,488 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1268 2,056 K 1,836 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1492 1,988 K 2,064 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1212 3,316 K 1,932 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1432 2,472 K 300 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1676 1,576 K 336 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1956 1,448 K 924 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2024 2,264 K 700 K Generic Host Process for Win32 Services Microsoft Corporation
SSScheduler.exe 2424 664 K 564 K McAfee Security Scanner Scheduler McAfee, Inc.
spoolsv.exe 1860 3,636 K 2,208 K Spooler SubSystem App Microsoft Corporation
smss.exe 904 172 K 64 K Windows NT Session Manager Microsoft Corporation
skypePM.exe 2396 18,004 K 21,832 K Skype Extras Manager Skype Technologies
Skype.exe 2964 29,908 K 15,332 K Skype Skype Technologies S.A.
services.exe 1032 1,972 K 2,116 K Services and Controller app Microsoft Corporation
serviceManager.exe 3952 16,428 K 2,348 K Intel Services Manager Intel Corporation
ServiceLayer.exe 2972 1,312 K 1,260 K ServiceLayer Module Nokia
searchprotocolhost.exe 1360 4,620 K 6,052 K Microsoft Windows Search Protocol Host Microsoft Corporation
searchindexer.exe 1632 20,128 K 11,060 K Microsoft Windows Search Indexer Microsoft Corporation
searchfilterhost.exe 4008 3,052 K 5,480 K Microsoft Windows Search Filter Host Microsoft Corporation
rundll32.exe 3460 1,984 K 404 K Run a DLL as an App Microsoft Corporation
rundll32.exe 3052 2,204 K 408 K Run a DLL as an App Microsoft Corporation
rundll32.exe 3232 2,308 K 448 K Run a DLL as an App Microsoft Corporation
RTHDCPL.EXE 164 19,476 K 2,272 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
procexp.exe 1368 9,512 K 13,348 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PhotoshopElementsFileAgent.exe 1992 1,976 K 180 K
PassThruSvr.exe 672 4,808 K 252 K PassThruSvr Application
nvsvc32.exe 660 2,260 K 476 K NVIDIA Driver Helper Service, Version 91.63 NVIDIA Corporation
NokiaMServer.exe 1716 13,948 K 7,876 K Nokia M Platform Nokia
NclUSBSrv.exe 3392 1,648 K 732 K USB Media Server Nokia
NclRSSrv.exe 3140 604 K 516 K Serial Media Server Nokia
NclMSBTSrv.exe 2268 2,368 K 1,296 K Microsoft Bluetooth Media Server Nokia
MOBKstat.exe 1136 8,752 K 2,084 K McAfee Online Backup Status Application McAfee, Inc.
MOBKbackup.exe 644 6,752 K 3,040 K McAfee Online Backup Service bootstrapper McAfee, Inc.
mfevtps.exe 128 4,468 K 1,812 K McAfee Process Validation Service McAfee, Inc.
mfefire.exe 1520 5,136 K 740 K McAfee Core Firewall Service McAfee, Inc.
MDM.EXE 332 1,052 K 472 K Machine Debug Manager Microsoft Corporation
McSvHost.exe 280 47,368 K 20,428 K McAfee Service Host McAfee, Inc.
mcagent.exe 3120 38,072 K 1,512 K McAfee Security Center McAfee, Inc.
jusched.exe 2476 868 K 988 K Java™ Update Scheduler Sun Microsystems, Inc.
jqs.exe 240 2,304 K 1,400 K Java™ Quick Starter Service Sun Microsystems, Inc.
htcUPCTLoader.exe 460 78,040 K 2,288 K HTC UPCT Loader
explorer.exe 712 22,424 K 14,400 K Windows Explorer Microsoft Corporation
Dropbox.exe 3756 40,740 K 20,324 K Dropbox Dropbox, Inc.
ctfmon.exe 3352 952 K 1,648 K CTF Loader Microsoft Corporation
chrome.exe 196 27,776 K 38,632 K Google Chrome Google Inc.
chrome.exe 1536 9,792 K 17,540 K Google Chrome Google Inc.
chrome.exe 2112 44,936 K 5,320 K Google Chrome Google Inc.
chrome.exe 808 5,896 K 10,696 K Google Chrome Google Inc.
Bridge.exe 1388 45,028 K 7,300 K Adobe Bridge Adobe Systems, Inc.
apdproxy.exe 3200 3,116 K 1,924 K Adobe Photo Downloader 4.0 component Adobe Systems Incorporated
alg.exe 3804 1,208 K 232 K Application Layer Gateway Service Microsoft Corporation
acrotray.exe 2096 828 K 380 K AcroTray Adobe Systems Inc.
  • 0

#24
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

Not sure how to attach the speccy file to this?
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
When you start a post there will be a Browse button below the word Attachments. Click on it and point it at the log and hit Open then hit Attach This File.

Start, Run, devmgmt.msc , OK to bring up the device manager. Expand the IDE ATA/ATAPI Controllers node by clicking on the + in front.

For each subitem below the node, right click and select Properties then Advanced Settings. If either Device 0 or 1 says Transfer Mode: PIO Only change it to DMA if Available.

Posted Image

Note which one you change and tell me. Reboot.

Run Process Explorer again as before and post the log.

Ron
  • 0

Advertisements


#26
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron

I was unable to follow what you meant to attach a file so I hit reply it had a place to attch the file hope you get it let me know.
Regards
Paul

Attached Files


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
The attachment worked correctly. Unfortunately it doesn't show any problems. Were you able to get into Device Manager?

Ron
  • 0

#28
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
I have done that in device manager.
It is slow to open up browsers and when my computer starts?
What do you suggest.
Regards
Paul
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Were any in PIO Only mode?

Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode. Login with your usual login.

Run Process Explorer and look at the line that looks like this:

Interrupts n/a X 0 K 0 K Hardware Interrupts and DPCs

What is X?

Reboot back into regular mode and tell me.

Ron
  • 0

#30
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

What is POI mode?

And would it help if I got extra ram?
Regards
Paul
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP