Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I suspect a malware in GNR.EXE or GRN.EXE files

Started by paulgleave , Jul 20 2011 08:16 AM

  • Please log in to reply

#31
RKinner
Posted 24 July 2011 - 11:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
PIO only mode was the reason for post 25:

http://www.geekstogo...ost__p__2040143

Did you not see it? It's a very inefficient method of talking to a drive. Wastes a lot of CPU time. In XP if windows gets a certain number of errors when talking to a drive it will switch to PIO only mode which is less prone to errors but slows things down a lot.


I doubt that memory is the problem here.
  • 0

Advertisements

#32
paulgleave
Posted 25 July 2011 - 03:12 AM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
How are you? Thanks for persisting with me, sorry im a little slow to all this.
I did do step #25

IDE ATA/ATAPI controllers
and the 4 sub files are

NVIDIA MCP61 Serial ATA controller -
Tabs were General, Primary Channel, Secondary Channel, Drivers, Details, Resources

Primary IDE channel -
Had the advanced and I changed to what you asked DMI if available

Secondary IDE channel -
Had the advanced and I changed to what you asked DMI if available

Standard Dual Channel PCI IDE Controller -
Tabs only had General, Driver, Details, Resources

Does that help mate?
  • 0

#33
RKinner
Posted 25 July 2011 - 09:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Which ones did you find (if any) in PIO Only mode? Did you run a Process Explorer? What did the Interrupts n/a X 0 K 0 K Hardware Interrupts and DPCs say?

IF you changed any: Go back into Device Manager after you have rebooted at least once and look to see if any reverted back to PIO Only mode. Just to make sure we are clear: we do not want any of them in PIO Only mode. The idea is that if some were like the picture that they would be causing the problem.

Did you boot into Safe Mode? What did the Interrupts n/a X 0 K 0 K Hardware Interrupts and DPCs say?

Ron
  • 0

#34
paulgleave
Posted 25 July 2011 - 08:26 PM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
I hope this is not becoming to much of a pain I'm sorry for my lack of knowledge slowing this process down. :)

None were in PIO mode,
I will run Process Explorer in saftey mode now. I have just had trouble safely removing hardware - my flash memory stick. It couldnt open the software to remove it. I followed the link and this is what it said below. I then tried to to a windows update to check my computer and it said I needed a newer version of explorer 5 and up. so I went to down load version 7 and it detected a newer version. So not sure what is going on there.

Understanding Data Execution PreventionData Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts.

Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code—malicious or not—from a protected location, DEP closes the program and notifies you.

DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers execution protection features.

Is it safe to run a program again if DEP has closed it?

Yes, but only if you leave DEP turned on for that program. Windows can continue to detect attempts to execute code from protected memory locations and help prevent attacks. In cases where a program does not run correctly with DEP turned on, you can reduce security risks by getting a DEP-compatible version of the program from the software publisher. For more information about what to do after DEP closes a program, click Related Topics.

How can I tell if DEP is available on my computer?

To open System Properties, click Start, click Control Panel, click Performance and Maintenance, and then click System.
Click the Advanced tab and, under Performance, click Settings.
Click the Data Execution Prevention tab.
Note

By default, DEP is only turned on for essential Windows operating system programs and services. To help protect more programs with DEP, select Turn on DEP for all programs and services except those I select.
Related Topics
  • 0

#35
RKinner
Posted 25 July 2011 - 11:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
DEP usually gets triggered by malware so the usb may have an infection. Run OTL again and post the log.

Ron
  • 0

#36
paulgleave
Posted 26 July 2011 - 08:21 AM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
Have run OTL here is the Log. I have had trouble getting it into safety mode. I will try again.
Thanks mate

OTL logfile created on: 26/07/2011 10:55:56 PM - Run 6
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Paul\Desktop\geekstogo software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

959.48 Mb Total Physical Memory | 432.43 Mb Available Physical Memory | 45.07% Memory free
2.26 Gb Paging File | 1.44 Gb Available in Paging File | 63.90% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.59 Gb Total Space | 40.04 Gb Free Space | 33.76% Space Free | Partition Type: NTFS
Drive E: | 114.29 Gb Total Space | 72.48 Gb Free Space | 63.42% Space Free | Partition Type: NTFS

Computer Name: KOOROORA-61578C | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 23:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\geekstogo software\OTL.exe
PRC - [2011/06/23 01:41:08 | 001,306,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/06/18 00:03:02 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/26 05:37:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/12/01 23:56:40 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/23 16:58:06 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/06/22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/05/11 10:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2010/04/13 20:11:16 | 003,045,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKstat.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/08/28 19:34:14 | 013,145,448 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
PRC - [2008/04/14 09:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 23:14:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\geekstogo software\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/24 01:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/18 14:02:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/18 00:03:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/01 01:47:32 | 000,745,472 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\GSService.exe -- (GSService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/02/16 09:37:38 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/02/17 01:22:00 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/29 10:21:05 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.SYS -- (AF15BDA)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/13 18:41:07 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/13 16:25:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/06/22 09:54:32 | 000,087,424 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Paul\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 20:10:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/23 19:08:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110625171636.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk = C:\Program Files\McAfee Online Backup\MOBKstat.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/13 18:22:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 12:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/25 22:38:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/24 12:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2011/07/24 12:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/07/23 21:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\geekstogo software
[2011/07/23 21:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\log files
[2011/07/23 12:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Google Chrome
[2011/07/22 21:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/22 16:07:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/22 16:04:21 | 000,000,000 | ---D | C] -- C:\george
[2011/07/21 19:28:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/21 19:28:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/21 19:28:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/21 19:28:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/21 19:28:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/21 19:27:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/21 16:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2011/07/21 16:39:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/21 16:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/21 16:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/21 16:39:35 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/21 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/21 16:11:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/20 22:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2011/07/20 22:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2011/07/20 22:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/07/20 22:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/20 21:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/20 18:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/20 18:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/20 18:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/07/20 18:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/07/20 18:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/07/20 18:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/07/20 16:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/20 16:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Citrix
[2011/07/20 16:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\McAfee
[2011/07/19 11:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\HiJackThis
[2011/07/19 11:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/18 22:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 20:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Nero_AG
[2011/07/18 20:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2011/07/18 19:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\AVS4YOU
[2011/07/18 17:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Library
[2011/07/18 17:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.adobe.ExMan
[2011/07/18 16:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\PCHealth
[2011/07/18 15:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft Help
[2011/07/18 15:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/07/18 12:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Nero
[2011/07/18 12:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Nero
[2011/07/18 12:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/07/14 18:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/07/14 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/07/07 20:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.miniclip.vikingdefense
[2011/07/07 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\vikingdefense
[2011/07/02 14:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Lazy 8 Studios
[2011/07/02 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lazy 8 Studios
[2011/07/01 19:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\dllcache\winhelp.exe.new
[2011/07/26 22:34:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
[2011/07/26 22:29:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/26 18:29:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/26 18:00:01 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/26 12:34:02 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
[2011/07/26 12:01:51 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/26 12:00:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 01:11:51 | 000,027,404 | ---- | M] () -- C:\WINDOWS\MOBK.blk
[2011/07/26 01:11:51 | 000,000,330 | ---- | M] () -- C:\WINDOWS\MOBK.flt
[2011/07/25 23:17:02 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/24 12:43:12 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/07/23 19:08:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/23 17:55:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/23 12:33:03 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/23 10:47:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/22 16:07:59 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/07/21 16:39:44 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/20 22:19:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/20 22:19:41 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/20 22:19:33 | 000,505,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/20 22:19:33 | 000,087,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/20 20:49:45 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\e-Sword.lnk
[2011/07/20 20:36:21 | 000,000,147 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/20 19:26:39 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Elements 6.0.lnk
[2011/07/20 19:25:33 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2011/07/20 19:25:16 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2011/07/20 19:17:15 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/07/20 18:08:44 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/20 17:01:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/07/20 10:45:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/19 17:54:46 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/18 20:17:07 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 16:09:36 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds.lnk
[2011/07/18 13:15:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/18 13:15:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/15 13:28:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Cogs GO Lite.lnk
[2011/07/15 10:46:20 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fruit Ninja Lite.lnk
[2011/07/07 20:58:54 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\vikingdefense.lnk
[2011/07/07 18:02:35 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/30 19:45:00 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/25 23:17:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/24 12:43:12 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/07/23 12:33:03 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/23 12:29:56 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
[2011/07/23 12:29:55 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
[2011/07/23 10:47:48 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/22 16:07:59 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/07/22 16:07:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/21 19:28:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/21 19:28:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/21 19:28:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/21 19:28:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/21 19:28:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/21 16:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/21 00:35:26 | 000,323,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1450960922-2146968213-1004-0.dat
[2011/07/20 22:19:41 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/07/20 22:19:41 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/20 20:49:45 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\e-Sword.lnk
[2011/07/20 19:30:18 | 000,323,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/20 19:26:39 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Elements 6.0.lnk
[2011/07/20 19:25:33 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2011/07/20 19:25:16 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2011/07/20 19:17:15 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/07/20 19:10:27 | 000,000,147 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/20 18:08:29 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/20 16:41:29 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/19 12:36:22 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/07/18 15:48:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/07/18 14:09:09 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/07/18 14:04:30 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011/07/18 14:03:12 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/07/18 13:15:45 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Windows Media Player.lnk
[2011/07/07 20:58:54 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\vikingdefense.lnk
[2011/07/07 20:58:53 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\vikingdefense.lnk
[2011/07/02 14:22:55 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Cogs GO Lite.lnk
[2011/07/02 14:22:55 | 000,002,018 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Cogs GO Lite.lnk
[2011/06/30 19:10:22 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/30 19:10:22 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
[2011/06/17 20:48:54 | 000,060,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/28 20:04:58 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/10/10 14:41:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2010/10/10 14:41:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/10 14:40:12 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2010/07/08 11:51:42 | 001,161,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/08 08:33:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/11 21:05:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/22 18:21:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Biblica.ini
[2009/09/29 16:20:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 13:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 13:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/08/30 17:12:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 21:44:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/08/14 03:23:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/14 03:21:29 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/13 18:54:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/13 18:32:57 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/08/13 18:25:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/13 18:18:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/31 16:05:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 16:05:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 16:05:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 16:05:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 16:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 16:05:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 16:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 16:05:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 16:05:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 16:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 16:05:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 21:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 21:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 21:30:00 | 000,505,546 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 21:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 21:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 21:30:00 | 000,087,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 21:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 21:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 21:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 21:30:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 21:30:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 21:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/15 10:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/18 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo
[2009/08/18 08:16:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/07/20 16:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/11/02 10:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/02/18 14:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/19 15:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/08/17 22:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/08/10 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/08/17 20:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/02/18 15:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/11/02 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/17 20:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/04/30 14:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TFT-DemoAppUp
[2010/04/18 22:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2010/04/18 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2011/06/17 20:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/18 20:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2011/05/08 13:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Canon
[2011/07/18 17:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.adobe.ExMan
[2011/07/18 22:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/07 20:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.miniclip.vikingdefense
[2010/11/01 21:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DriverCure
[2011/07/26 12:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Dropbox
[2010/03/25 10:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Facebook
[2011/04/28 20:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GetRightToGo
[2011/05/16 18:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\HTC
[2011/05/16 19:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/07/02 14:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Lazy 8 Studios
[2010/05/14 18:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\LG Electronics
[2011/07/20 19:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nokia
[2010/08/10 15:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nokia Ovi Suite
[2009/08/17 22:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nseries
[2011/05/23 18:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Outlook
[2010/02/19 13:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\PC Suite
[2011/04/27 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\RegistryKeys
[2011/04/22 23:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Rovio
[2011/07/20 22:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2011/07/20 22:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2011/07/26 18:00:01 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



< End of report >
  • 0

#37
RKinner
Posted 26 July 2011 - 08:43 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you have trouble getting into Safe Mode try:

Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Cancel msconfig when it comes up.

Wait until it settles down then run Process Explorer. Wait 60 seconds then save a log. Start Run, msconfig, OK
check Normal Startup then OK and reboot into regular mode.

Post the latest log from Process Explorer.

Ron
  • 0

#38
RKinner
Posted 26 July 2011 - 08:52 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see any problems with your OTL log - just some deadwood we can remove:

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.:files
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


How attached are you to McAfee? It's a pretty poor anti-virus and a bit of a resource hog. We could replace it with the free Avast and see if that makes a difference.
If you decide to try Avast:

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 )
Uninstall McAfee, run the McAfee uninstall tool, reboot.
Install Avast.

Ron
  • 0

#39
paulgleave
Posted 26 July 2011 - 11:52 PM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron here are the results of the OTL after reboot,
I will remove mcafee and try avast, thanks mate.



========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07272011_092255

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#40
paulgleave
Posted 27 July 2011 - 02:29 AM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron
I have removed Mcafee, it took 2 goes it went down with a fight. But have installed avast like you said. It did a scan and found no problems. I will give my computer a reboot and see how slow or fast my machine still is..
Regards
Paul
  • 0

Advertisements

#41
paulgleave
Posted 27 July 2011 - 05:43 PM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron when windows started it was in system config utility, and in diagnostic selective start up mode then I ran process explorer.
Here is the log.
And that anti virus worked well :)


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 98.44 0 K 28 K
procexp.exe 1856 0.78 12,004 K 17,908 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 3592 2,692 K 5,360 K WMI Microsoft Corporation
winlogon.exe 676 6,372 K 4,220 K Windows NT Logon Application Microsoft Corporation
WindowsSearch.exe 3536 6,204 K 10,900 K Windows Search System Tray Microsoft Corporation
System 4 0 K 252 K
svchost.exe 948 2,164 K 4,920 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 216 7,776 K 6,560 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 896 3,336 K 5,404 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1044 13,728 K 21,884 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1088 2,652 K 3,824 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1160 1,624 K 4,104 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1328 1,748 K 4,328 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1800 1,660 K 4,336 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1848 2,436 K 3,784 K Generic Host Process for Win32 Services Microsoft Corporation
SSScheduler.exe 3480 924 K 2,568 K McAfee Security Scanner Scheduler McAfee, Inc.
spoolsv.exe 2032 3,964 K 6,604 K Spooler SubSystem App Microsoft Corporation
smss.exe 600 176 K 432 K Windows NT Session Manager Microsoft Corporation
skypePM.exe 3072 18,312 K 24,660 K Skype Extras Manager Skype Technologies
Skype.exe 3192 29,332 K 50,928 K Skype Skype Technologies S.A.
services.exe 720 2,128 K 4,048 K Services and Controller app Microsoft Corporation
serviceManager.exe 1592 16,212 K 23,596 K Intel Services Manager Intel Corporation
searchindexer.exe 1012 19,552 K 11,044 K Microsoft Windows Search Indexer Microsoft Corporation
rundll32.exe 192 2,440 K 3,768 K Run a DLL as an App Microsoft Corporation
rundll32.exe 2356 2,548 K 4,064 K Run a DLL as an App Microsoft Corporation
RTHDCPL.EXE 2828 19,752 K 21,544 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
msconfig.exe 3044 1,280 K 4,112 K System Configuration Utility Microsoft Corporation
lsass.exe 732 4,208 K 6,784 K LSA Shell (Export Version) Microsoft Corporation
jusched.exe 2848 1,108 K 3,344 K Java™ Update Scheduler Sun Microsystems, Inc.
htcUPCTLoader.exe 2124 78,440 K 13,596 K HTC UPCT Loader
explorer.exe 1600 17,256 K 25,388 K Windows Explorer Microsoft Corporation
Dropbox.exe 3752 40,944 K 42,788 K Dropbox Dropbox, Inc.
ctfmon.exe 3420 1,204 K 4,132 K CTF Loader Microsoft Corporation
csrss.exe 652 1,632 K 3,864 K Client Server Runtime Process Microsoft Corporation
Bridge.exe 3248 44,400 K 10,036 K Adobe Bridge Adobe Systems, Inc.
AvastUI.exe 2892 4,536 K 2,224 K avast! Antivirus AVAST Software
AvastSvc.exe 1444 10,752 K 13,200 K avast! Service AVAST Software
apdproxy.exe 2600 3,144 K 6,068 K Adobe Photo Downloader 4.0 component Adobe Systems Incorporated
alg.exe 3348 1,472 K 4,056 K Application Layer Gateway Service Microsoft Corporation
acrotray.exe 2708 1,068 K 3,444 K AcroTray Adobe Systems Inc.
  • 0

#42
RKinner
Posted 27 July 2011 - 06:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Your Process Explorer results in Diagnostic startup are now what they should be.

System Idle Process 0 98.44 0 K 28 K <==Most of the CPU here
procexp.exe 1856 0.78 12,004 K 17,908 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com <== a little here
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs <==Less than 1 here

What you have to do now is find out what causes the slowdown. (Assuming Avast didn't already find it for us. When you said it works great what are you going by?)

What we normally do is go back into MSconfig and check about half of the items then apply and restart. Run Process Explorer and see if the results go back to what they were before. IF they did then uncheck half of the ones that you checked, apply and restart. If it stays good, note the ones you checked and check half of the remaining. Eventually you should have it down to one or two culprits.

Ron
  • 0

#43
paulgleave
Posted 27 July 2011 - 09:14 PM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
the reason to say avast is good is my computer is faster, the only time it is slow is restarting it takes a few minutes to start up. and when I first open a program that hasn't been open for a while. But the rest if great compared to what it was and the original google problem with malware is gone.
I have bought 1 bg of ram to add to my computer and see if that helps? I got it cheap on ebay..lol

as for the next part of your message I didnt understand what it was with MSconfig? and check out half the items?
Sorry Im still getting the hang of the jargon and software side.
Thanks again for your time and patience.

P.S can i run cobofix on vista? and do you know where I can dowload microsoft SP2 onto CD, as my second computer need it to run internet softawre and so can not download it to the computer itself.
Regards
Paul

Edited by paulgleave, 27 July 2011 - 09:31 PM.

  • 0

#44
RKinner
Posted 27 July 2011 - 11:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Your Process Explorer log looked great when in msconfig's Diagnostic mode. How does it look now that you have removed McAfee? Perhaps that fixed the problem?

If not then we run msconfig again and select normal boot, apply. This puts check mark next to each item in the Startup and Services tabs.

Now go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and check normal boot and apply then reboot. If it helps then go back and turn on a few items each
time until you find the culprit.

Ron
  • 0

#45
paulgleave
Posted 28 July 2011 - 06:14 AM

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron
I think I know what ones are the culprits, how do I remove them so I can reboot in normal mode?
Regards
Paul
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP