slow keyboard entry

View previous topic View next topic Go down

slow keyboard entry

Post by demoncurrie on Tue 15 Nov 2011, 11:00 am

My keystrokes are not recognised such that I have to wait for the screen to catch up, sometimes several seconds. I have run McAfee and removed some viruses. But the keyboard problem remains.
I have run CCleaner and removed temp files etc.

When I tried to download OTL, McAfee detected an Artemis trojan, and no OTL icon was created.

I ran ASWMBR and created the following file. I chose not to download AVAST!.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-14 23:48:44
-----------------------------
23:48:44.687 OS Version: Windows 5.1.2600 Service Pack 3
23:48:44.687 Number of processors: 1 586 0x5F02
23:48:44.687 ComputerName: YULES UserName:
23:48:45.687 Initialize success
23:50:10.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:50:10.359 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3
23:50:12.375 Disk 0 MBR read successfully
23:50:12.375 Disk 0 MBR scan
23:50:12.375 Disk 0 Windows XP default MBR code
23:50:12.375 Disk 0 scanning sectors +312496380
23:50:12.406 Disk 0 malicious Win32:MBRoot code @ sector 312496383 !
23:50:12.406 Disk 0 PE file @ sector 312496405 !
23:50:12.453 Disk 0 scanning C:\WINDOWS\system32\drivers
23:50:25.937 Service scanning
23:50:27.468 Modules scanning
23:50:45.375 Disk 0 trace - called modules:
23:50:45.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:50:45.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afb1ab8]
23:50:45.484 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8afa27a8]
23:50:45.515 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b000d98]
23:50:45.515 Scan finished successfully
23:51:03.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Yule family\Desktop\MBR.dat"
23:51:03.765 The log file has been saved successfully to "C:\Documents and Settings\Yule family\Desktop\aswMBR.txt"


demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by demoncurrie on Tue 15 Nov 2011, 11:08 am

I have also run Security check; checkup file is:

Results of screen317's Security Check version 0.99.26
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Security Scan Plus
McAfee Virtual Technician
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java(TM) 6 Update 29
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Tue 15 Nov 2011, 11:45 am

Hello, Welcome to GeekPolice! I am Houndmom and I will be helping you get your computer cleaned up.


Please note the following information about the malware forum:


    * Only Tech Officers, Global Moderators, Administrators,, Malware Advisors and [color=green}Tech Staff[/color] are allowed to give advice on removing malware from your computer.
    * From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    * Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    * If you have already asked for help somewhere, please post the link to the topic you were helped.
    * We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

    * Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


I am a student and need to get each step approved before posting. Thank you for your patience.
I will return in a moment with the first step.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Tue 15 Nov 2011, 12:49 pm



  • Download OTL.exe onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.

    Note: To Copy - highlight text and choosing CTRL C or by right click and choose copy
    To Paste - by clicking in your post box here on the forum and choosing CTRL V or right click and choose paste




houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by demoncurrie on Wed 16 Nov 2011, 10:54 am

I have failed to download OTL, and so cannot post the results! Please note that I tried and failed before, as reported in my original posting.
As before, I didn't disable McAfee. On one of my attempts , McAfee warned that Oldtimer.geeks.togo.com/OTL.exe might be risky to vist, but I proceed. The system hung on th edownload. I had to use task Manager to cancel the task.
The next time there was no McAfee warning, but again the download hung.

demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Wed 16 Nov 2011, 12:10 pm


Please download the following:

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH.scr to your desktop

Please download OTL to your Desktop

Save all work and close all programs, the next step will stop nearly every process on your computer!


Double click the OTH file and select Kill All Processes, your desktop will go blank




Then select Start OTL
OTL will now run

  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Click the Internet Explorer button, post these logs in your topic please.



houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by demoncurrie on Thu 17 Nov 2011, 4:12 am

No real progress, I'm afraid!
OTH.scr did download.
But the OTL download hung, as before. The "connecting symbol was displayed; to cancel it I had to use Task Manager.
Again, I was warned by McAfee that this was a risky site, and continued.
Shoud I disable McAfee somehow, before downloading OTL?
Or is there a direct web address that I could try?

demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Fri 18 Nov 2011, 11:16 am

Yes, disable McAfee then run OTH and OTL.
If you need help disabling Mcafee you can read how to do it at this llink:
[You must be registered and logged in to see this link.]

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by demoncurrie on Mon 21 Nov 2011, 10:52 am

Thanks for that tip ; I now have the dumps that you requested. However, please note that the instructions you pointed me at were out of date. (I have Sec Centre v11, and the instructions didn't help. However, i disabled real-time scanning, Fiorewall and anti-spam, plus Site advisor.
The OTL dump is:
_____________________________________
OTL logfile created on: 20/11/2011 23:38:51 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Yule family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 79.93% Memory free
3.44 Gb Paging File | 2.70 Gb Available in Paging File | 78.69% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 62.71 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.17 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: YULES | User Name: Yule family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 23:32:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yule family\Desktop\OTL.exe
PRC - [2011/11/20 23:31:55 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yule family\Desktop\OTH.scr
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/25 18:59:56 | 001,636,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/01/25 20:19:00 | 001,658,965 | ---- | M] (GlobespanVirata, Inc.) -- C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
PRC - [2007/01/25 20:18:00 | 000,016,384 | ---- | M] () -- C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/19 20:38:08 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/15 08:38:41 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2007/01/25 20:18:00 | 001,757,278 | ---- | M] () -- C:\Program Files\BT Voyager 105 ADSL Modem\dbgmode.dll
MOD - [2007/01/25 20:18:00 | 000,016,384 | ---- | M] () -- C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
MOD - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/11/10 12:15:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys -- (RapportCerberus_32029)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/15 08:38:39 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/12/17 06:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - [2008/04/13 17:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 17:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/01/25 20:24:00 | 000,148,338 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gwausb.sys -- (wanusb)
DRV - [2006/11/30 14:11:04 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46bus.sys -- (se46bus) Sony Ericsson Device 070 driver (WDM)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CA0A701A-8DAE-4764-9756-24BCACFD0C61}: C:\Documents and Settings\Yule family\Local Settings\Application Data\{CA0A701A-8DAE-4764-9756-24BCACFD0C61} [2010/08/08 14:53:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 09:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/20 18:17:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/23 23:24:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111115163713.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe ()
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe (GlobespanVirata, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} [You must be registered and logged in to see this link.] (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDFDCEE7-68BD-4CF4-8DF5-8A48D1A001D6}: NameServer = 194.72.0.114 194.74.65.69
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 23:32:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yule family\Desktop\OTL.exe
[2011/11/20 23:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
[2011/11/16 17:03:38 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yule family\Desktop\OTH.scr
[2011/11/14 23:44:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Yule family\Recent
[2011/11/06 10:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Skype
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 23:40:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DF8E2BEC-7A9C-4D85-9DC0-FDC10DEDCB66}.job
[2011/11/20 23:35:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 23:32:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yule family\Desktop\OTL.exe
[2011/11/20 23:32:06 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\McAfee Security Center.lnk
[2011/11/20 23:31:55 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yule family\Desktop\OTH.scr
[2011/11/20 18:14:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/20 18:14:16 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/11/20 18:13:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/20 16:00:34 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\vtscheduletask.job
[2011/11/19 10:59:21 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Yule family\Desktop\Microsoft Excel.lnk
[2011/11/19 10:38:38 | 000,001,644 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/11/16 17:18:32 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Yule family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 23:51:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Yule family\Desktop\MBR.dat
[2011/11/09 22:57:26 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/10/30 06:53:37 | 000,433,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 06:53:37 | 000,068,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/28 05:47:35 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ellyyule2.lnk
[2011/10/25 22:44:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 23:51:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Yule family\Desktop\MBR.dat
[2011/09/25 23:58:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/08/23 23:01:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/22 21:52:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/06/13 18:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2010/06/12 18:05:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/06/12 18:05:35 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/06/12 18:05:35 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/06/12 18:05:35 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/06/12 18:05:35 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/06/12 18:05:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/06/12 18:05:34 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/06/12 18:05:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/06/12 18:05:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/06/12 18:05:34 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/06/12 18:05:34 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/06/12 18:05:34 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/06/12 18:05:34 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/06/12 18:05:34 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/06/12 18:05:34 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/06/12 18:05:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/06/12 18:05:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/06/12 18:05:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/06/12 18:05:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/15 22:44:19 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/20 22:06:51 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/09 21:49:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/09 21:46:26 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Yule family\Application Data\swk.ini
[2010/04/03 21:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/18 13:25:09 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\57E1DD82AC.sys
[2010/02/18 10:57:16 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/02/12 08:19:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/29 22:49:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/19 20:14:08 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2010/01/19 20:14:07 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2010/01/19 20:14:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2010/01/19 20:14:04 | 000,016,938 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2010/01/17 16:48:48 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2010/01/17 13:14:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/17 10:43:57 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Yule family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 10:24:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2010/01/17 09:58:55 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2010/01/17 09:58:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2010/01/17 09:57:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2010/01/17 09:57:52 | 000,001,644 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/16 18:57:11 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/01/16 18:57:03 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/01/16 16:47:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 16:40:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/16 16:30:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/16 16:29:27 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/05/05 02:20:40 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/03/22 18:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 10:00:00 | 000,433,580 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 10:00:00 | 000,068,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

< End of OTL report >
_________________________

The Extra dump is:
OTL Extras logfile created on: 20/11/2011 23:38:51 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Yule family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 79.93% Memory free
3.44 Gb Paging File | 2.70 Gb Available in Paging File | 78.69% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 62.71 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.17 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: YULES | User Name: Yule family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"80:TCP" = 80:TCP:*:Enabled:Services
"443:TCP" = 443:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366CC735-543D-42CB-9C03-D7512314DE52}" = Quicken 2004
"{381D847E-7E56-4E82-B261-F799E0F40EB4}" = PHOTOfunSTUDIO 4.0 HD Edition
"{3CB41017-F5CA-4C56-934C-ED02156251E6}" = iTunes
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CC2C40CE-62A8-4BC2-9FB1-FD8794DE3C1A}" = ClickArt Fonts 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.96
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BT Voyager 105 ADSL Modem" = BT Voyager 105 ADSL Modem
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6}" = iTunes
"InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QuickTime" = QuickTime
"Rapport_msi" = Rapport
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/11/2011 14:01:12 | Computer Name = YULES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/11/2011 14:01:19 | Computer Name = YULES | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 20/11/2011 14:11:36 | Computer Name = YULES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/11/2011 14:11:39 | Computer Name = YULES | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 20/11/2011 19:14:48 | Computer Name = YULES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/11/2011 19:14:51 | Computer Name = YULES | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 20/11/2011 19:29:12 | Computer Name = YULES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/11/2011 19:29:14 | Computer Name = YULES | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 20/11/2011 19:29:25 | Computer Name = YULES | Source = Application Hang | ID = 1002
Description = Hanging application mcagent.exe, version 11.0.623.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20/11/2011 19:29:27 | Computer Name = YULES | Source = Application Hang | ID = 1001
Description = Fault bucket -1658384677.

[ System Events ]
Error - 16/11/2011 03:42:30 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 16/11/2011 12:34:51 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 16/11/2011 18:06:42 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 17/11/2011 04:20:32 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 17/11/2011 08:05:03 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 17/11/2011 11:39:07 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 18/11/2011 03:17:59 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 19/11/2011 03:25:45 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 20/11/2011 03:30:02 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 20/11/2011 14:13:59 | Computer Name = YULES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6


< End of EXTRAS report >

demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Tue 22 Nov 2011, 10:32 am

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by demoncurrie on Fri 25 Nov 2011, 11:44 am

Here's the dump:
ComboFix 11-11-24.01 - Yule family 25/11/2011 0:20.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3006.2563 [GMT 0:00]
Running from: c:\documents and settings\Yule family\desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Yule family\Application Data\PriceGong
c:\documents and settings\Yule family\Local Settings\Application Data\{CA0A701A-8DAE-4764-9756-24BCACFD0C61}
c:\windows\system32\dayi.ime
c:\documents and settings\Yule family\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Yule family\Desktop\internet explorer.lnk
c:\documents and settings\Yule family\GoToAssistDownloadHelper.exe
c:\documents and settings\Yule family\Local Settings\Application Data\{CA0A701A-8DAE-4764-9756-24BCACFD0C61}\chrome.manifest
c:\documents and settings\Yule family\Local Settings\Application Data\{CA0A701A-8DAE-4764-9756-24BCACFD0C61}\chrome\content\overlay.xul
c:\documents and settings\Yule family\Local Settings\Application Data\{CA0A701A-8DAE-4764-9756-24BCACFD0C61}\install.rdf
c:\windows\system32\dayi.ime
c:\windows\system32\regobj.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-10 21:07 . 2011-11-10 21:07 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 14:32 . 2011-10-09 16:49 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 13:16 . 2011-10-09 17:02 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 13:16 . 2011-03-13 10:20 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 13:16 . 2011-03-13 10:20 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 13:16 . 2010-05-30 15:15 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 13:16 . 2010-05-30 15:15 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 13:16 . 2010-05-30 15:15 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 13:16 . 2010-05-30 15:15 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 13:16 . 2010-05-30 15:15 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 13:16 . 2010-05-30 15:15 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 13:16 . 2010-05-30 15:15 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-10 14:22 . 2010-01-16 16:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2010-08-12 19:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2010-08-30 22:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-25 23:57 . 2011-06-06 18:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-25 19:00 . 2011-09-25 19:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2007-01-25 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2007-01-25 16384]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-12-01 17:38 38400 ----a-r- c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-01-17 23:12 98304 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [30/05/2010 15:15 89792]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/11/2011 12:15 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/01/2010 22:42 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [09/10/2011 17:01 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [09/10/2011 17:01 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [09/10/2011 17:02 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [09/10/2011 16:49 150856]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [30/05/2010 15:15 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [30/05/2010 15:15 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [30/05/2010 15:15 83856]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [15/08/2011 08:38 21520]
S1 MpKsl56ce2b3f;MpKsl56ce2b3f;\??\c:\windows\system32\MpEngineStore\MpKsl56ce2b3f.sys --> c:\windows\system32\MpEngineStore\MpKsl56ce2b3f.sys [?]
S1 MpKsl8b16be60;MpKsl8b16be60;\??\c:\windows\system32\MpEngineStore\MpKsl8b16be60.sys --> c:\windows\system32\MpEngineStore\MpKsl8b16be60.sys [?]
S1 MpKslfb1eeb2a;MpKslfb1eeb2a;\??\c:\windows\system32\MpEngineStore\MpKslfb1eeb2a.sys --> c:\windows\system32\MpEngineStore\MpKslfb1eeb2a.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/09/2009 17:28 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/09/2009 17:28 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [30/05/2010 15:15 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [30/05/2010 15:15 87656]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [22/02/2010 11:55 61536]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 17:28]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 17:28]
.
2011-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-20 12:22]
.
2011-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-20 12:22]
.
2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{DF8E2BEC-7A9C-4D85-9DC0-FDC10DEDCB66}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
2011-11-20 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-11-07 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-MP4 Player - c:\program files\MP4 Player\mp4Player.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-25 00:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-11-25 00:37:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 00:37
.
Pre-Run: 68,229,177,344 bytes free
Post-Run: 68,334,174,208 bytes free
.
- - End Of File - - A04D95D786CA6BC4D232B293766C5396

demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Thu 01 Dec 2011, 11:10 am

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Also please tell me if the computer is still having issues.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by demoncurrie on Fri 02 Dec 2011, 7:40 pm

Here is the dump from ESET.
NB I did NOT disable McAfee before running it. However, it did find 6 viruses.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=79a5b4059a3f1a4197661145fb80a500
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-02 01:44:47
# local_time=2011-12-02 01:44:47 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777173 100 75 1411304 23270648 0 0
# compatibility_mode=8192 67108863 100 0 3902 3902 0 0
# scanned=137899
# found=6
# cleaned=6
# scan_time=7506
C:\Documents and Settings\Arnie Yule delet\Local Settings\Temporary Internet Files\Content.IE5\POKSWDT2\go[1].do HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Yule family\Application Data\Sun\Java\Deployment\cache\6.0\2\46c0b442-54e4fbcb a variant of Java/Exploit.CVE-2010-0094.J trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Yule family\Application Data\Sun\Java\Deployment\cache\6.0\22\52afd316-73d34f34 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Yule family\Application Data\Sun\Java\Deployment\cache\6.0\29\4ed7761d-36cd6882 Java/Agent.Y trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Yule family\Application Data\Sun\Java\Deployment\cache\6.0\32\45292260-2797529e Java/TrojanDownloader.Agent.NCM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Yule family\Application Data\Sun\Java\Deployment\cache\6.0\62\23146dfe-2fc9d534 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C

I have not been able to assess if there has been an improvement or not; I will post that in 1-2 days.

demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Sat 03 Dec 2011, 9:13 am

okay I will be waiting.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by demoncurrie on Mon 05 Dec 2011, 10:17 am

Performance certainly is better; but keying is still faltering at times. I'm away for a week; so I won't be able to do any further investigation this week. I'm happy to close this entry and I'll re-assess when I return.
Thanks - as ever - for your help.

demoncurrie

Rookie Surfer
Rookie Surfer

Posts : 123
Joined : 2010-05-14
Operating System : Windows XP Home

View user profile

Back to top Go down

Re: slow keyboard entry

Post by houndmom on Wed 07 Dec 2011, 9:59 am

You're welcome. Glad I could help!!

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: slow keyboard entry

Post by Sponsored content Today at 4:39 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum