Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: unregistered files  (Read 16016 times)

0 Members and 1 Guest are viewing this topic.

bandalex

    Topic Starter


    Rookie

    • Experience: Experienced
    • OS: Windows XP
    unregistered files
    « on: July 21, 2011, 04:09:10 PM »
    Hi

    I posted a query in windows xp and was directed (by Allan, moderator) to run all the virus/malware etc checks I do out of habit.  Finally ran hijackthis(sniper) and now post the log for your observations.  I'm not a genius but since I'm not experiencing any operating problems other than the twic-appearing windows file protection message at startup I have to query that I have a virus.  Still, perhaps the log will reveal something.  Surely though it should be possible to find a simpler way to identify the unregistered files?

    Anyway, here's the log and I hope you can help.

    Thanks
    Alex

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:01:59, on 21/07/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17098)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll
    O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON PX820FWD Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGXE.EXE /FU "C:\WINDOWS\TEMP\E_S92.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1157552183-2752306718-432289623-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User '?')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199112852312
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://uk.games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Update Service (gupdate1ca3dc146c6f28a) (gupdate1ca3dc146c6f28a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

    --
    End of file - 13253 bytes
    You can never have too much of what you don't need.

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 991
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: unregistered files
    « Reply #1 on: July 21, 2011, 04:53:41 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    ****************************************************
    At what point do you receive that message?

    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot

    Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
    O15 - Trusted Zone: http://*.mcafee.com

    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.
    *****************************************************
    Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

    •Open the folder and run Dial-a-fix.exe
    •2 windows will open. Close the one in the background labeled Restrictive Policies
    •Check the box in section 1, Empty temp folders.

    •Check the box in section 2, Fix Windows Installer.

    •Check the box in section 3, Fix Windows Update.

    •Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked

    •Check all boxes in section 5, labeled Registration Center.

    •Click Go

    •OK any error messages if received, but write them down and post them here.

    Restart the computer when done.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    bandalex

      Topic Starter


      Rookie

      • Experience: Experienced
      • OS: Windows XP
      Re: unregistered files
      « Reply #2 on: July 21, 2011, 06:13:03 PM »
      Hi guys

      First of all, thanks for the help so far but I'm sorry to report that on restart I'm still getting the Windows File Protection box - once early on in the startup and once more near the end. 

      Have you any other suggestions or do I have to go through the whole time-consuming business again?

      And, is it possible to simply identify the unregistered files or not? - please try to answer my questions - I'd appreciate it very much.

      Alex

      You can never have too much of what you don't need.

      bandalex

        Topic Starter


        Rookie

        • Experience: Experienced
        • OS: Windows XP
        Re: unregistered files
        « Reply #3 on: July 22, 2011, 04:14:09 AM »
        Just an additional observation.  I noticed the message appeared both times on startup this morning (UK time) when it was reading (or attempting to read) the e: drive (CDRom).  Don't know if that's helpful or not.

        Alex
        You can never have too much of what you don't need.

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 991
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: unregistered files
        « Reply #4 on: July 22, 2011, 01:31:18 PM »
        Quote
        I noticed the message appeared both times on startup this morning (UK time) when it was reading (or attempting to read) the e: drive (CDRom). 
        Is there any disk in that drive?
        I don't know too much about this Windows File Protection problem.
        Here's is one site that may help.
        Another site here.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        bandalex

          Topic Starter


          Rookie

          • Experience: Experienced
          • OS: Windows XP
          Re: unregistered files
          « Reply #5 on: July 22, 2011, 03:04:34 PM »
          Yes, there is usually a games disk (GTA or EA Sports Golf for example).  I'll startup without the disk and see if I still get the message and let you know. 
          You don't seem to be alone in not knowing much about this problem.  All I really want to know is how to identify the faulty .dll or .osx file(s) so I can either replace or register them and I've found nothing to be of much help so far.  I really don't think I have a virus - I run all the malware/antivirus/cleaners etc on a regular basis as well as having McAfee on top (no sour comments on that please!) and apart from a couple of medium risk alerts most of the problems are minor cookie trackers and the like. 

          If you find anything more I'd be grateful.  I'm not able to understand Microsoft speak too well, partly because I'm a skilled user but not a techie and partly because they require a level of knowledge somewhat higher than I have!

          Thanks for your efforts so far.

          Alex
          You can never have too much of what you don't need.

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 991
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: unregistered files
          « Reply #6 on: July 22, 2011, 06:15:21 PM »
          Please try this even if you don't have the OS disk

          Place it in your CD ROM drive and follow the instructions below:
          •Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
          *Let this run undisturbed until the window with the blue  progress bar goes away
          SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          bandalex

            Topic Starter


            Rookie

            • Experience: Experienced
            • OS: Windows XP
            Re: unregistered files
            « Reply #7 on: July 23, 2011, 07:08:11 AM »
            Thanks Super Dave

            This last looks like it might have worked - at least when restarting there were no nasty little boxes.  Before I mark it solved I'll wait until a cold start to confirm the fix.

            BTW, presuming by your avatar you're in Canada just a byline to say my big sis has been over there for the last 45 years - first in Vancouver then Calgary for last 15 years or so.

            Alex
            You can never have too much of what you don't need.

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 991
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: unregistered files
            « Reply #8 on: July 23, 2011, 01:13:43 PM »
            Quote
            BTW, presuming by your avatar you're in Canada just a byline to say my big sis has been over there for the last 45 years - first in Vancouver then Calgary for last 15 years or so.
            That's on the other side of the country from where I live on the east coast.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            bandalex

              Topic Starter


              Rookie

              • Experience: Experienced
              • OS: Windows XP
              Re: unregistered files
              « Reply #9 on: July 24, 2011, 04:09:04 AM »
              Such a big country - like I'm in Yorkshire and a similar distance would take me to Morocco!

              Anyhoo, switched on half n hour ago and, guess what, the *censored* boxes appeared again?

              What next Dave? (or should I just put up with the message as a minor irritation?)

              Alex

              You can never have too much of what you don't need.

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 991
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: unregistered files
              « Reply #10 on: July 24, 2011, 04:25:55 PM »
              When you tried SFC the first time, did it request that you insert the OS disk?
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              bandalex

                Topic Starter


                Rookie

                • Experience: Experienced
                • OS: Windows XP
                Re: unregistered files
                « Reply #11 on: July 24, 2011, 04:45:45 PM »
                No, it ran but stopped a couple of times with the same File Protection Message appearing.  Once cleared it seemed to run quite happily.
                You can never have too much of what you don't need.

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: unregistered files
                « Reply #12 on: July 24, 2011, 07:09:33 PM »
                Ok. Let's run a few more scans just to make sure that your computer is clean.

                Please download ComboFix from BleepingComputer.com

                Alternate link: GeeksToGo.com

                and save it to your Desktop.
                It would be easiest to download using Internet Explorer.
                If you insist on using Firefox, make sure that your download settings are as follows:

                * Tools->Options->Main tab
                * Set to "Always ask me where to Save the files".

                Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
                Double click ComboFix.exe & follow the prompts.
                As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
                Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

                Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

                Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


                Click on Yes, to continue scanning for malware.
                When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

                If you have problems with ComboFix usage, see How to use ComboFix
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                bandalex

                  Topic Starter


                  Rookie

                  • Experience: Experienced
                  • OS: Windows XP
                  Re: unregistered files
                  « Reply #13 on: July 25, 2011, 03:44:16 AM »
                  Okay, done - here's the log:

                  ComboFix 11-07-24.03 - HP_Owner 25/07/2011   9:59.1.2 - x86
                  Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
                   * Created a new restore point
                   * Resident AV is active
                  .
                  .
                  .
                  (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  c:\documents and settings\Default User\WINDOWS
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\chrome\xulcache.jar
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\defaults\preferences\xulcache.js
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\install.rdf
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\chrome\xulcache.jar
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\defaults\preferences\xulcache.js
                  c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\install.rdf
                  c:\documents and settings\HP_Owner\Application Data\PriceGong
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\1.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\a.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\b.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\c.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\d.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\e.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\f.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\g.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\h.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\i.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\J.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\k.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\l.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\m.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\mru.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\n.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\o.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\p.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\q.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\r.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\s.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\t.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\u.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\v.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\w.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\x.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\y.xml
                  c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\z.xml
                  c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17.tmp
                  c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1B.tmp
                  c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD.tmp
                  c:\documents and settings\HP_Owner\WINDOWS
                  c:\documents and settings\Sauerbraten\uninstall.exe
                  c:\program files\INSTALL.PIF
                  c:\windows\system32\config\systemprofile\WINDOWS
                  D:\Autorun.inf
                  .
                  .
                  (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  -------\Legacy_USNJSVC
                  -------\Service_usnjsvc
                  .
                  .
                  (((((((((((((((((((((((((   Files Created from 2011-06-25 to 2011-07-25  )))))))))))))))))))))))))))))))
                  .
                  .
                  2011-07-21 23:53 . 2011-07-21 23:53   --------   d-----w-   c:\program files\Dial-a-fix-v0.60.0.24
                  2011-07-21 21:58 . 2011-07-21 21:58   388096   ----a-r-   c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                  2011-07-21 21:58 . 2011-07-21 21:58   --------   d-----w-   c:\program files\Trend Micro
                  2011-07-21 21:50 . 2011-07-21 21:50   73728   ----a-w-   c:\windows\system32\javacpl.cpl
                  2011-07-12 14:52 . 2007-04-10 02:06   8192   ----a-w-   c:\windows\system32\E_DCINST.DLL
                  2011-07-12 14:51 . 2009-10-01 04:01   63488   ----a-w-   c:\windows\system32\E_FD4BGXE.DLL
                  2011-07-12 14:51 . 2008-11-12 03:00   93696   ----a-w-   c:\windows\system32\E_FLBGXE.DLL
                  2011-07-12 14:46 . 2011-07-12 14:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\UDL
                  2011-07-12 14:39 . 2011-07-13 08:25   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\Epson
                  2011-07-12 14:38 . 2011-07-12 14:44   --------   d-----w-   c:\program files\Epson Software
                  2011-07-12 14:38 . 2010-09-13 14:01   458129   ----a-w-   c:\windows\system32\ensppui.dll
                  2011-07-12 14:38 . 2010-09-13 14:00   475410   ----a-w-   c:\windows\system32\ensppmon.dll
                  2011-07-12 14:38 . 2008-06-18 10:49   249344   ----a-w-   c:\windows\system32\enspres.dll
                  2011-07-12 14:38 . 2010-09-13 14:01   458129   ----a-w-   c:\windows\system32\enppui.dll
                  2011-07-12 14:38 . 2010-09-13 14:00   475410   ----a-w-   c:\windows\system32\enppmon.dll
                  2011-07-12 14:38 . 2008-06-18 10:49   249344   ----a-w-   c:\windows\system32\enpres.dll
                  2011-07-12 14:38 . 2011-07-12 14:38   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\InstallShield
                  2011-07-12 14:36 . 2011-07-12 14:38   --------   d-----w-   c:\program files\EpsonNet
                  2011-07-12 14:34 . 2011-07-12 14:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\EPSON
                  2011-07-12 14:34 . 2009-10-15 23:00   132560   ----a-w-   c:\windows\system32\esdevapp.exe
                  2011-07-12 14:34 . 2009-10-15 23:00   12800   ----a-w-   c:\windows\system32\escdev.dll
                  2011-07-12 14:34 . 2009-09-16 23:00   342016   ----a-w-   c:\windows\system32\eswiaud.dll
                  2011-07-07 14:35 . 2011-07-06 18:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                  2011-07-07 14:34 . 2011-07-06 18:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
                  2011-07-07 14:34 . 2011-07-17 08:19   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                  2011-07-03 13:50 . 2011-07-03 15:19   --------   d-----w-   C:\Games
                  2011-06-30 11:04 . 2011-02-11 13:25   229888   ----a-w-   c:\windows\system32\fxscover.exe
                  2011-06-30 10:49 . 2011-07-01 20:16   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\Audacity
                  2011-06-29 09:24 . 2008-04-13 17:36   10240   ----a-w-   c:\windows\system32\dllcache\compbatt.sys
                  2011-06-29 09:15 . 2001-08-17 12:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
                  2011-06-29 09:14 . 2008-04-13 17:46   13696   ----a-w-   c:\windows\system32\dllcache\avcstrm.sys
                  2011-06-29 09:13 . 2001-08-17 21:36   462848   ----a-w-   c:\windows\system32\dllcache\a3dapi.dll
                  2011-06-29 09:13 . 2001-08-17 12:52   23552   ----a-w-   c:\windows\system32\dllcache\abp480n5.sys
                  2011-06-29 09:13 . 2001-08-17 21:36   98304   ----a-w-   c:\windows\system32\dllcache\a3d.dll
                  2011-06-29 09:13 . 2001-08-17 13:55   38400   ----a-w-   c:\windows\system32\dllcache\8514a.dll
                  2011-06-29 09:13 . 2008-04-13 17:46   48128   ----a-w-   c:\windows\system32\dllcache\61883.sys
                  2011-06-29 09:13 . 2008-04-13 17:40   12288   ----a-w-   c:\windows\system32\dllcache\4mmdat.sys
                  2011-06-29 09:13 . 2001-08-17 13:55   689216   ----a-w-   c:\windows\system32\dllcache\3dfxvs.dll
                  2011-06-29 09:13 . 2001-08-17 12:28   762780   ----a-w-   c:\windows\system32\dllcache\3cwmcru.sys
                  2011-06-29 09:13 . 2001-08-17 11:48   148352   ----a-w-   c:\windows\system32\dllcache\3dfxvsm.sys
                  2011-06-29 09:13 . 2001-08-17 13:06   11264   ----a-w-   c:\windows\system32\dllcache\1394vdbg.sys
                  2011-06-28 17:52 . 2011-06-28 17:52   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\Unity
                  2011-06-28 17:43 . 2011-06-28 17:43   --------   d-----w-   c:\documents and settings\HP_Owner\Local Settings\Application Data\Unity
                  2011-06-27 16:09 . 2011-06-30 10:49   --------   d-----w-   c:\program files\Audacity 1.3 Beta (Unicode)
                  2011-06-25 18:10 . 2011-06-25 18:10   --------   d-----w-   C:\Nexon
                  2011-06-25 18:10 . 2011-06-25 18:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\NexonEU
                  .
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2011-07-21 21:50 . 2010-04-27 14:54   472808   ----a-w-   c:\windows\system32\deployJava1.dll
                  2011-06-22 17:10 . 2011-06-22 17:10   25992   ----a-w-   c:\windows\system32\pgdfgsvc.exe
                  2011-06-19 10:32 . 2011-05-15 08:29   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
                  2011-06-02 14:02 . 2004-08-04 11:00   1858944   ----a-w-   c:\windows\system32\win32k.sys
                  2011-05-17 14:55 . 2010-12-07 01:31   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp
                  2011-05-14 18:22 . 2011-05-14 18:22   53248   ----a-r-   c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
                  2011-05-02 15:31 . 2004-08-04 11:00   692736   ----a-w-   c:\windows\system32\inetcomm.dll
                  2011-04-29 17:25 . 2004-08-04 11:00   151552   ----a-w-   c:\windows\system32\schannel.dll
                  2011-04-29 16:19 . 2004-08-04 11:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
                  2011-04-26 11:07 . 2004-08-04 11:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
                  2011-04-26 11:07 . 2004-08-04 11:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
                  2010-06-07 15:16 . 2010-08-11 09:14   3887480   ----a-w-   c:\program files\procexp.exe
                  2009-12-01 10:53 . 2010-02-20 22:05   559992   ----a-w-   c:\program files\autorunsc.exe
                  2009-11-24 13:15 . 2009-11-24 13:22   18665720   ----a-w-   c:\program files\LimeWireWin.exe
                  2009-07-10 00:20 . 2009-07-10 00:19   347928562   ----a-w-   c:\program files\sauerbraten_2009_05_04_trooper_edition_win32_setup.exe
                  2009-06-11 22:46 . 2009-07-07 12:05   172032   ----a-w-   c:\program files\libpng13.dll
                  2009-04-12 19:22 . 2009-04-12 19:22   6237728   ----a-w-   c:\program files\SUPERAntiSpyware.exe
                  2009-03-20 12:20 . 2009-03-20 12:20   573   ----a-w-   c:\program files\xp_system32opens.vbs
                  2009-03-12 19:17 . 2009-09-30 11:27   5486113   ----a-w-   c:\program files\DarkWave-Studio-2.4.exe
                  2009-03-12 15:43 . 2009-03-12 15:43   1971378   ----a-w-   c:\program files\SetupImgBurn_2.4.2.0.exe
                  2009-02-22 21:35 . 2009-02-22 21:35   3171208   ----a-w-   c:\program files\ccsetup216.exe
                  2009-02-21 13:50 . 2009-02-21 13:50   18638688   ----a-w-   c:\program files\sdsetup.exe
                  2009-02-01 15:28 . 2009-07-07 12:05   45056   ----a-w-   c:\program files\Launcher.exe
                  2009-01-30 18:13 . 2009-01-30 18:13   1053744   ----a-w-   c:\program files\revosetup.exe
                  2009-01-03 20:33 . 2009-01-03 20:33   6832928   ----a-w-   c:\program files\alzip.exe
                  2009-01-03 17:40 . 2009-01-03 17:40   939698   ----a-w-   c:\program files\7z464.exe
                  2009-01-03 17:33 . 2009-01-03 17:33   8973608   ----a-w-   c:\program files\zg603sui.exe
                  2008-12-09 15:01 . 2008-12-09 15:01   4399029   ----a-w-   c:\program files\quickzip.exe
                  2008-11-19 17:48 . 2010-10-19 15:51   14709760   ----a-w-   c:\program files\ClassActionKillers.msi
                  2008-11-19 17:48 . 2010-10-19 15:51   370176   ----a-w-   c:\program files\setup.exe
                  2008-07-09 11:27 . 2008-07-09 11:27   820380   ----a-w-   c:\program files\audacity-win-1.2.6.exe
                  2004-03-18 18:36 . 2009-07-07 12:05   401484   ----a-w-   c:\program files\msvcrtd.dll
                  2011-06-22 14:57 . 2011-04-28 10:58   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
                  2011-04-14 13:01 . 2010-04-22 18:23   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
                  2004-08-04 11:00   94784   --sha-w-   c:\windows\twain.dll
                  2008-04-14 00:12   50688   --sha-w-   c:\windows\twain_32.dll
                  2004-07-30 06:04   1216   --sha-w-   c:\windows\Twunk_16.dll
                  2004-07-30 06:04   1216   --sha-w-   c:\windows\Twunk_32.dll
                  2008-04-14 00:12   57344   --sha-w-   c:\windows\system32\msvcirt.dll
                  2008-04-14 00:12   413696   --sha-w-   c:\windows\system32\msvcp60.dll
                  2008-04-14 00:12   343040   --sha-w-   c:\windows\system32\msvcrt.dll
                  2011-02-08 13:33   978944   --sha-w-   c:\windows\system32\OLDCC.tmp
                  2010-12-20 17:32   551936   --sh--w-   c:\windows\system32\oleaut32.dll
                  2008-04-14 00:12   84992   --sh--w-   c:\windows\system32\olepro32.dll
                  2008-04-14 00:12   11776   --sh--w-   c:\windows\system32\regsvr32.exe
                  .
                  .
                  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Note* empty entries & legit default entries are not shown
                  REGEDIT4
                  .
                  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
                  "{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\prxtbDow0.dll" [2011-01-17 175912]
                  .
                  [HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                  "{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\prxtbDow0.dll" [2011-01-17 175912]
                  "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
                  .
                  [HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
                  .
                  [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
                  .
                  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
                  "{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\prxtbDow0.dll" [2011-01-17 175912]
                  .
                  [HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
                  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "ftutil2"="ftutil2.dll" [2004-06-07 106496]
                  "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
                  "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
                  "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
                  "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
                  "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
                  "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-25 1306216]
                  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
                  "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
                  "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
                  "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
                  "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-12 273544]
                  .
                  c:\documents and settings\Default User\Start Menu\Programs\Startup\
                  Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-5 27136]
                  .
                  c:\documents and settings\All Users\Start Menu\Programs\Startup\
                  McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
                  .
                  c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
                  HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
                  .
                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
                  "NoDevMgrUpdate"= 0 (0x0)
                  .
                  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                  2009-09-06 09:58   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                  @=""
                  .
                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
                  backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                  2009-04-02 15:11   342312   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                  "iPod Service"=3 (0x3)
                  "Apple Mobile Device"=2 (0x2)
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                  "AntiVirusOverride"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
                  "DisableMonitoring"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
                  "DisableMonitoring"=dword:00000001
                  .
                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"=
                  "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
                  "c:\\Program Files\\FrostWire\\FrostWire.exe"=
                  "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
                  .
                  R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys

                  R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys

                  R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
                  R2 gupdate1ca3dc146c6f28a;Google Update Service (gupdate1ca3dc146c6f28a);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
                  R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-06-08 73728]
                  R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys

                  R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
                  R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
                  R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-03-13 83688]
                  R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
                  R3 RTPP2K;RTPP2K;c:\windows\system32\DRIVERS\rtpp2k.sys [2001-04-30 87374]
                  R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
                  R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys

                  R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
                  S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-03-13 89368]
                  S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
                  S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]
                  S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-07-22 3029208]
                  S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
                  S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
                  S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
                  S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
                  S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
                  S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 148520]
                  S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
                  S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
                  S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
                  S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-03-13 83688]
                  .
                  .
                  --- Other Services/Drivers In Memory ---
                  .
                  *Deregistered* - mfeavfk01
                  .
                  Contents of the 'Scheduled Tasks' folder
                  .
                  2009-06-18 c:\windows\Tasks\Easy Internet Sign-up.job
                  - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
                  .
                  2011-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
                  - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
                  .
                  2011-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
                  - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
                  .
                  2011-03-21 c:\windows\Tasks\wavepadShakeIcon.job
                  - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-03-18 13:53]
                  .
                  .
                  ------- Supplementary Scan -------
                  .
                  uInternet Settings,ProxyOverride = *.local
                  uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
                  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  Trusted Zone: internet
                  Trusted Zone: mcafee.com
                  TCP: DhcpNameServer = 192.168.1.254
                  FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\
                  FF - prefs.js: browser.search.selectedEngine - Google
                  FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&source=hp&btnG=Google+Search
                  FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
                  .
                  - - - - ORPHANS REMOVED - - - -
                  .
                  WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
                  HKLM-Run-PCDrProfiler - (no file)
                  SafeBoot-Wdf01000.sys
                  AddRemove-Sauerbraten - c:\documents and settings\Sauerbraten\uninstall.exe
                  .
                  .
                  .
                  **************************************************************************
                  .
                  disk not found C:\
                  .
                  please note that you need administrator rights to perform deep scan
                  scanning hidden processes ... 
                  .
                  scanning hidden autostart entries ...
                  .
                  scanning hidden files ... 
                  .
                  scan completed successfully
                  hidden files:
                  .
                  **************************************************************************
                  .
                  --------------------- DLLs Loaded Under Running Processes ---------------------
                  .
                  - - - - - - - > 'winlogon.exe'(532)
                  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                  c:\windows\system32\WININET.dll
                  c:\windows\system32\Ati2evxx.dll
                  .
                  - - - - - - - > 'explorer.exe'(2088)
                  c:\windows\system32\WININET.dll
                  c:\progra~1\mcafee\SITEAD~1\saHook.dll
                  c:\program files\Windows Media Player\wmpband.dll
                  c:\windows\system32\ieframe.dll
                  c:\windows\system32\WPDShServiceObj.dll
                  c:\windows\system32\PortableDeviceTypes.dll
                  c:\windows\system32\PortableDeviceApi.dll
                  .
                  ------------------------ Other Running Processes ------------------------
                  .
                  c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
                  c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
                  c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
                  c:\program files\Java\jre6\bin\jqs.exe
                  c:\program files\Common Files\LightScribe\LSSrvc.exe
                  c:\program files\Common Files\Motive\McciCMService.exe
                  c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  c:\windows\system32\nvsvc32.exe
                  c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
                  c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
                  c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
                  c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
                  c:\windows\system32\rundll32.exe
                  c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
                  .
                  **************************************************************************
                  .
                  Completion time: 2011-07-25  10:36:32 - machine was rebooted
                  ComboFix-quarantined-files.txt  2011-07-25 09:36
                  .
                  Pre-Run: 93,165,621,248 bytes free
                  Post-Run: 92,944,678,912 bytes free
                  .
                  WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
                  [boot loader]
                  timeout=2
                  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                  [operating systems]
                  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
                  UnsupportedDebug="do not select this" /debug
                  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
                  .
                  - - End Of File - - 0415A439B65A3AE295F4D2ABBF72BDDC

                  Will now reboot clean and see what happens.
                  You can never have too much of what you don't need.

                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 991
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: unregistered files
                  « Reply #14 on: July 25, 2011, 06:00:43 PM »
                  Re-running ComboFix to remove infections:

                  • Close any open browsers.
                  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
                  • Open notepad and copy/paste the text in the quotebox below into it:
                    Quote
                    KillAll::

                    DDS::
                    Trusted Zone: internet
                    Trusted Zone: mcafee.com

                  • Save this as CFScript.txt, in the same location as ComboFix.exe



                  • Referring to the picture above, drag CFScript into ComboFix.exe
                  • When finished, it shall produce a log for you at C:\ComboFix.txt
                  • I don't need to see the log from this script.
                  ***************************************************
                  P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
                  FrostWire
                  Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

                  I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
                  ******************************************************
                  SysProt Antirootkit

                  Download
                  SysProt Antirootkit from the link below (you will find it at the bottom
                  of the page under attachments, or you can get it from one of the
                  mirrors).

                  http://sites.google.com/site/sysprotantirootkit/

                  Unzip it into a folder on your desktop.
                  • Double click Sysprot.exe to start the program.
                  • Click on the Log tab.
                  • In the Write to log box select the following items.
                    • Process << Selected
                    • Kernel Modules << Selected
                    • SSDT << Selected
                    • Kernel Hooks << Selected
                    • IRP Hooks << NOT Selected
                    • Ports << NOT Selected
                    • Hidden Files << Selected
                  • At the bottom of the page
                    • Hidden Objects Only << Selected
                  • Click on the Create Log button on the bottom right.
                  • After a few seconds a new window should appear.
                  • Select Scan Root Drive. Click on the Start button.
                  • When it is complete a new window will appear to indicate that the scan is finished.
                  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                  bandalex

                    Topic Starter


                    Rookie

                    • Experience: Experienced
                    • OS: Windows XP
                    Re: unregistered files
                    « Reply #15 on: July 26, 2011, 07:45:12 AM »
                    Hi Dave

                    Log is pasted after this - have used P2P from Emule thru Limewire then Frostwire.  Latterly had noticed and read about growing number of issues and have not used at all in last 6 months but never got round to deleting it.  Small point though, have had to delete manually as it didn't appear in Control Panel - is that odd or not?

                    Anyhow as promised and hope it all amkes sense to you!

                    Alex


                    SysProt AntiRootkit v1.0.1.0
                    by swatkat

                    ******************************************************************************************
                    ******************************************************************************************

                    No Hidden Processes found

                    ******************************************************************************************
                    ******************************************************************************************
                    Kernel Modules:
                    Module Name: Combo-Fix.sys
                    Service Name: ---
                    Module Base: F757C000
                    Module End: F758B000
                    Hidden: Yes

                    Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
                    Service Name: ---
                    Module Base: F34B7000
                    Module End: F34CF000
                    Hidden: Yes

                    Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
                    Service Name: ---
                    Module Base: F7AB0000
                    Module End: F7AB2000
                    Hidden: Yes

                    Module Name: \??\C:\ComboFix\catchme.sys
                    Service Name: catchme
                    Module Base: F7914000
                    Module End: F791C000
                    Hidden: Yes

                    Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
                    Service Name: ---
                    Module Base: F7AD6000
                    Module End: F7AD8000
                    Hidden: Yes

                    ******************************************************************************************
                    ******************************************************************************************
                    SSDT:
                    Function Name: ZwTerminateProcess
                    Address: F3A38620
                    Driver Base: F3A2E000
                    Driver End: F3A50000
                    Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

                    ******************************************************************************************
                    ******************************************************************************************
                    Kernel Hooks:
                    Hooked Function: ZwYieldExecution
                    At Address: 80504B08
                    Jump To: F726FDF4
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwUnmapViewOfSection
                    At Address: 805B2E48
                    Jump To: F726FE20
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwTerminateProcess
                    At Address: 805D29E2
                    Jump To: F726FE34
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwSetValueKey
                    At Address: 80622662
                    Jump To: F726FDCA
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwSetSecurityObject
                    At Address: 805C062E
                    Jump To: F726FDE0
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwRenameKey
                    At Address: 80623B12
                    Jump To: F726FD9E
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwOpenThread
                    At Address: 805CB6CC
                    Jump To: F726FD4C
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwOpenProcess
                    At Address: 805CB440
                    Jump To: F726FD38
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwOpenKey
                    At Address: 806254CE
                    Jump To: F726FD60
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwMapViewOfSection
                    At Address: 805B203A
                    Jump To: F726FE0A
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwDeleteValueKey
                    At Address: 8062475C
                    Jump To: F726FDB4
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwDeleteKey
                    At Address: 8062458C
                    Jump To: F726FD88
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    Hooked Function: ZwCreateKey
                    At Address: 806240F0
                    Jump To: F726FD74
                    Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

                    ******************************************************************************************
                    ******************************************************************************************
                    Hidden files/folders:
                    Object: C:\Documents and Settings\HP_Owner\Cookies\???????????????L???????????????
                    Status: Hidden

                    Object: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{EE1C98D5-5C6E-7C57-C992-EC9B935BBB83}\01\12-{EE1C98D5-5C6E-7C57-C992-EC9B935
                    Status: Hidden

                    Object: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{BAFAFF34-6546-1C02-5C98-D03178B14D18}\01\10-{BAFAFF34-6546-1C02-5C98-D03178B14D1
                    Status: Hidden

                    Object: C:\Qoobox\BackEnv\AppData.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Cache.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Cookies.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Desktop.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Favorites.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\History.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Music.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\NetHood.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Personal.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Pictures.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Programs.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Recent.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\SendTo.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\SetPath.bat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\StartUp.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\SysPath.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\Templates.folder.dat
                    Status: Access denied

                    Object: C:\Qoobox\BackEnv\VikPev00
                    Status: Access denied

                    You can never have too much of what you don't need.

                    SuperDave

                    • Malware Removal Specialist


                    • Genius
                    • Thanked: 991
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 8
                    Re: unregistered files
                    « Reply #16 on: July 26, 2011, 04:32:29 PM »
                    Quote
                    have had to delete manually as it didn't appear in Control Panel - is that odd or not?
                    Some of them have their own uninstaller. Just look at All Programs and see if there an uninstaller for that program. Or, you can see if HJT will find it.

                    Delete An Uninstall Entry

                    •Start HijackThis

                    •Click on the Open the Misc Tools section

                    •Click on the Open Uninstall Manager button.

                    •Highlight the entry you want to remove.
                    •Click Delete this entry
                    ************************************************

                    I'd like to scan your machine with ESET OnlineScan

                    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                    ESET OnlineScan
                    •Click the button.
                    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                    • Click on to download the ESET Smart Installer. Save it to your desktop.
                    • Double click on the icon on your desktop.
                    •Check
                    •Click the button.
                    •Accept any security warnings from your browser.
                    •Check
                    •Push the Start button.
                    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                    •When the scan completes, push
                    •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                    •Push the button.
                    •Push
                    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                    bandalex

                      Topic Starter


                      Rookie

                      • Experience: Experienced
                      • OS: Windows XP
                      Re: unregistered files
                      « Reply #17 on: July 27, 2011, 03:43:20 AM »
                      Wow, that took a long time (almost 6 hours!) - slept thru most of it.

                      Here's the results

                      C:\Bens Stuff\MsgPlusLive-460.exe   a variant of Win32/Adware.CiDHelp application   cleaned by deleting - quarantined
                      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
                      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
                      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
                      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
                      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
                      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
                      C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\11\7ed88b0b-6574cc5b   multiple threats   deleted - quarantined
                      C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\hfnfjpohnpggkhfgolfffpcljnllfojl\contentscript.js   Win32/TrojanDownloader.Tracur.F trojan   cleaned by deleting - quarantined
                      C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\chrome\xulcache.jar.vir   JS/Agent.NCP trojan   deleted - quarantined
                      C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\chrome\xulcache.jar.vir   JS/Agent.NCP trojan   deleted - quarantined
                      C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP1209\A0310536.exe   a variant of Win32/Adware.CiDHelp application   cleaned by deleting - quarantined

                      Have just re-started and (so far) no d**mned messages!

                      Also, why did you appear a little critical of Firefox v Explorer - are there serious security problems with it?

                      Cheers
                      Alex
                      You can never have too much of what you don't need.

                      SuperDave

                      • Malware Removal Specialist


                      • Genius
                      • Thanked: 991
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 8
                      Re: unregistered files
                      « Reply #18 on: July 27, 2011, 05:39:51 PM »
                      Quote
                      Also, why did you appear a little critical of Firefox v Explorer - are there serious security problems with it?
                      Firefox is reported to be a safer browser than IE but I'm not critical about Firefox. In fact, I use both.
                      Let's give it a few days to see what happens and then come back and we'll do some cleanup.
                      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                      bandalex

                        Topic Starter


                        Rookie

                        • Experience: Experienced
                        • OS: Windows XP
                        Re: unregistered files
                        « Reply #19 on: July 28, 2011, 02:58:52 AM »
                        Thanks for that.  Just a small note to say I did first cold start this a.m. and again no repetition of the problem.  If I may ask a slightly unrelated question - McAfee Security Centre is pretty resource hungry and vibes I'm getting from around the Net are that it's not as efficient as some of the free systems like AVG.  What's your take?

                        Alex
                        You can never have too much of what you don't need.

                        SuperDave

                        • Malware Removal Specialist


                        • Genius
                        • Thanked: 991
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 8
                        Re: unregistered files
                        « Reply #20 on: July 28, 2011, 04:11:23 PM »
                        Quote
                        McAfee Security Centre is pretty resource hungry and vibes I'm getting from around the Net are that it's not as efficient as some of the free systems like AVG.  What's your take?
                        In my opinion, the best of the free AV's is MSE. It's lightweight and updates all the time and no need to register; install it and forget about it. AVG is also very resource hungry.

                        Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
                        Microsoft Security Essentials for Windows XP

                        We may just as well do some cleanup.

                        To uninstall ComboFix

                        • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                        • In the field, type in ComboFix /uninstall


                        (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                        • Then, press Enter, or click OK.
                        • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                        If this doesn't remove ComboFix, please let me know.
                        *************************************************************
                        Clean out your temporary internet files and temp files.

                        Download TFC by OldTimer to your desktop.

                        Double-click TFC.exe to run it.

                        Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                        TFC will close all programs when run, so make sure you have saved all your work before you begin.

                        * Click the Start button to begin the cleaning process.
                        * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                        * Please let TFC run uninterrupted until it is finished.

                        Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
                        ***********************************************************
                        Use the Secunia Software Inspector to check for out of date software.

                        •Click Start Now

                        •Check the box next to Enable thorough system inspection.

                        •Click Start

                        •Allow the scan to finish and scroll down to see if any updates are needed.
                        •Update anything listed.
                        .
                        ----------

                        Go to Microsoft Windows Update and get all critical updates.

                        ----------

                        I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                        SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                        * Using SpywareBlaster to protect your computer from Spyware and Malware
                        * If you don't know what ActiveX controls are, see here

                        Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                        Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                        Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                        Safe Surfing!
                        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                        bandalex

                          Topic Starter


                          Rookie

                          • Experience: Experienced
                          • OS: Windows XP
                          Re: unregistered files
                          « Reply #21 on: July 29, 2011, 02:47:05 AM »
                          Hi Dave

                          Oh dear - switched on this a.m. and the messages are back.  I thought they might be as I was updating my GTA user radio file and as I was copying across the message flashed up again.  That might mean that there's a nasty in my music files or there's a meanie in the games disk (unlikely I guess).  Before I follow your last lot of instructions, how should I proceed next?

                          Alex
                          You can never have too much of what you don't need.

                          bandalex

                            Topic Starter


                            Rookie

                            • Experience: Experienced
                            • OS: Windows XP
                            Re: unregistered files
                            « Reply #22 on: July 29, 2011, 06:11:18 AM »
                            Also should mention there was an update of McAfee during the day - again it seems unlikely but is it possible there's a glitch in my files that might be causing this?

                            Alex
                            You can never have too much of what you don't need.

                            SuperDave

                            • Malware Removal Specialist


                            • Genius
                            • Thanked: 991
                            • Certifications: List
                            • Experience: Expert
                            • OS: Windows 8
                            Re: unregistered files
                            « Reply #23 on: July 29, 2011, 04:38:07 PM »
                            Quote
                            again it seems unlikely but is it possible there's a glitch in my files that might be causing this?
                            I'm sorry but I'm at a loss as to what to do next.
                            Are you just getting the WFP message?
                            Have you ever received messages like this?
                            Quote
                            Windows File Protection
                            Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your product CD-ROM now.
                            or this?[/COLOR]
                            Quote
                            Windows File Protection
                            Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. The network location from which these files should be copied, \\server\share, is not available. Contact your system administrator or insert product CD-ROM now.
                            Note: You must be logged in as Administrator to receive these messages.
                            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                            bandalex

                              Topic Starter


                              Rookie

                              • Experience: Experienced
                              • OS: Windows XP
                              Re: unregistered files
                              « Reply #24 on: July 29, 2011, 05:01:14 PM »
                              Yes, the first of the 2 messages you quote has been the one appearing regularly for the past couple of weeks.  You may recall that I bought the machine 3 years ago without a system disk (Its a hewlett packard by the way) but with Windows XP duly loaded up and full I386 backup.  Until this started I'd never had this message before.

                              It seems odd to me that there is no software that seems able to monitorregistry files and identify which ones are specifically unregistered so that I/we can pinpoint the area that's causing problems.  Maybe it's just something I'll have to live with.

                              Should I continue with the instructions from your previous post or go back over some of the prior routines - if the latter, advice please.

                              If there's nothing else you can suggest then many thanks for your efforts and my apologies for being a nuisance!

                              Alex
                              You can never have too much of what you don't need.

                              SuperDave

                              • Malware Removal Specialist


                              • Genius
                              • Thanked: 991
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 8
                              Re: unregistered files
                              « Reply #25 on: July 30, 2011, 05:50:18 PM »
                              I'm going to check with my colleague about this problem.
                              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                              SuperDave

                              • Malware Removal Specialist


                              • Genius
                              • Thanked: 991
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 8
                              Re: unregistered files
                              « Reply #26 on: July 31, 2011, 01:29:41 PM »
                              Ok. Let's try this. Please remove McAfee using this tool below and then re-install McAfee and see what happens.

                              Download the McAfee Consumer Product Removal Tool to your Desktop.

                              Using McAfee Consumer Product Removal tool:

                              * Double click the MCPR.exe
                              * A Command Line window will be displayed, and then close automatically.
                              * Wait for a second Command Line window to be displayed.

                              Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

                              * After the second window appears, the program will begin the cleanup.
                              * Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
                              * Press Y on the keyboard.
                              * Wait for the computer to restart.
                              * All McAfee products are now removed from your computer.
                              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                              bandalex

                                Topic Starter


                                Rookie

                                • Experience: Experienced
                                • OS: Windows XP
                                Re: unregistered files
                                « Reply #27 on: August 02, 2011, 04:31:55 AM »
                                Okay, that's done.  2 warm starts and no re-occurence so I'll wait for the next cold start before I get too excited!  Apparently McAfee doesn't get along with Malwarebytes or Spybot.  I've let it delete the first but it couldn't scupper the second.

                                Alex
                                You can never have too much of what you don't need.

                                bandalex

                                  Topic Starter


                                  Rookie

                                  • Experience: Experienced
                                  • OS: Windows XP
                                  Re: unregistered files
                                  « Reply #28 on: August 03, 2011, 09:49:27 AM »
                                  Cold start resulted in 2 things - first a re-occurrence of the File Protection message - just once though, not twice) and then a re-installation of McAfee which I can only assume was automatically generated from the host after I deleted and didn't noticed that I'd manually re-instated it!

                                  Just warm-started again and again got a single repetition of the problem - maybe we're making some progress.  I want to remind you that this is not having any apparent negative effects on speed or performance.

                                  Alex
                                  You can never have too much of what you don't need.

                                  SuperDave

                                  • Malware Removal Specialist


                                  • Genius
                                  • Thanked: 991
                                  • Certifications: List
                                  • Experience: Expert
                                  • OS: Windows 8
                                  Re: unregistered files
                                  « Reply #29 on: August 04, 2011, 01:23:36 PM »
                                  Did you use the Removal tool I provided? Programs do not re-install by themselves unless it's malware.
                                  Please run this scan for me.


                                  Download OTL to your desktop.

                                  * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
                                  * When the window appears, underneath Output at the top change it to Minimal Output.
                                  * Check the boxes beside LOP Check and Purity Check.
                                  * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

                                  When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

                                  Please copy and pate the contents of these files, one at a time, into your next reply.

                                  Note: You may need two or more posts to fit them all in.
                                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                  bandalex

                                    Topic Starter


                                    Rookie

                                    • Experience: Experienced
                                    • OS: Windows XP
                                    Re: unregistered files
                                    « Reply #30 on: August 05, 2011, 04:00:58 AM »
                                    Hi there
                                    Yes I used the removal tool and I've just finished doing the other housekeeping you suggested in an earlier message (28 July).  Take your point about programs re-installing though I did wonder if I buy McAfee online and it recognises that the program's been removed (which it did) and I still have 240 days of my subscription left it wilol try to re-install - I guess I should ask McAfee that question huh?

                                    Anyway, after a clean cold start yesterday and today, once I got into cleaning and so on the first reboot (after running TFC) I did brought up the same old messages.  I've still to do the OTL so we'll see what that pushes out.

                                    Thanks

                                    Alex
                                    You can never have too much of what you don't need.

                                    bandalex

                                      Topic Starter


                                      Rookie

                                      • Experience: Experienced
                                      • OS: Windows XP
                                      Re: unregistered files
                                      « Reply #31 on: August 07, 2011, 08:32:01 AM »
                                      okay, done the OTL scan and the reports as follows - OTL.Txt first:

                                      OTL logfile created on: 07/08/2011 14:53:35 - Run 1
                                      OTL by OldTimer - Version 3.2.26.1     Folder = C:\Documents and Settings\HP_Owner\Desktop
                                      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
                                      Internet Explorer (Version = 8.0.6001.18702)
                                      Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
                                       
                                      1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
                                      2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
                                      Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
                                       
                                      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
                                      Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
                                      Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
                                      Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
                                       
                                      Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
                                      Boot Mode: Normal | Scan Mode: Current user
                                      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
                                       
                                      ========== Processes (SafeList) ==========
                                       
                                      PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
                                      PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
                                      PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
                                      PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
                                      PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
                                      PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
                                      PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
                                      PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
                                      PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
                                      PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
                                      PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
                                      PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
                                      PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
                                      PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
                                      PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
                                      PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
                                      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
                                      PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
                                      PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
                                      PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
                                      PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
                                      PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
                                      PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
                                      PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
                                       
                                       
                                      ========== Modules (SafeList) ==========
                                       
                                      MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
                                      MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
                                      MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
                                      MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
                                      MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
                                      MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
                                      MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
                                       
                                       
                                      ========== Win32 Services (SafeList) ==========
                                       
                                      SRV - (HidServ) --  File not found
                                      SRV - (AppMgmt) --  File not found
                                      SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
                                      SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
                                      SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
                                      SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
                                      SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
                                      SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
                                      SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
                                      SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
                                      SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
                                      SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
                                      SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
                                      SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
                                      SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
                                       
                                       
                                      ========== Driver Services (SafeList) ==========
                                       
                                      DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
                                      DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
                                      DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
                                      DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
                                      DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
                                      DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
                                      DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
                                      DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
                                      DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
                                      DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
                                      DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
                                      DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
                                      DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
                                      DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
                                      DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
                                      DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
                                      DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
                                      DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
                                      DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
                                      DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
                                      DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
                                      DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
                                      DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
                                      DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
                                      DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
                                      DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
                                      DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
                                      DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
                                      DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
                                      DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
                                      DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
                                      DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
                                      DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
                                      DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
                                      DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
                                      DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
                                      DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
                                      DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
                                      DRV - (RTPP2K) -- C:\WINDOWS\system32\drivers\rtpp2k.sys (Shuttle Technology.)
                                      DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
                                       
                                       
                                      ========== Standard Registry (SafeList) ==========
                                       
                                       
                                      ========== Internet Explorer ==========
                                       
                                      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
                                       
                                      IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
                                      IE - HKCU\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
                                      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
                                      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
                                       
                                      ========== FireFox ==========
                                       
                                      FF - prefs.js..browser.search.defaultengine: "Ask.com"
                                      FF - prefs.js..browser.search.defaultenginen ame: "Ask.com"
                                      FF - prefs.js..browser.search.order.1: "Ask.com"
                                      FF - prefs.js..browser.search.selectedEngine: "Google"
                                      FF - prefs.js..browser.search.suggest.enable d: false
                                      FF - prefs.js..browser.search.useDBForOrder: true
                                      FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?hl=en&source=hp&btnG=Google+Search"
                                      FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
                                      FF - prefs.js..extensions.enabledItems: [email protected]:1.0
                                      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
                                      FF - prefs.js..extensions.enabledItems: {73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}:1.0
                                      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
                                      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
                                      FF - prefs.js..extensions.enabledItems: {b9452a5b-916c-404f-8479-850185ae13bc}:1.0
                                      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
                                      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
                                      FF - prefs.js..network.proxy.no_proxies_on: "*.local"
                                       
                                       
                                      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
                                      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
                                      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
                                      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
                                      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
                                      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
                                      FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame:  File not found
                                      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
                                      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
                                      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
                                      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
                                      FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
                                       
                                      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/12 09:55:53 | 000,000,000 | ---D | M]
                                      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/04 14:45:08 | 000,000,000 | ---D | M]
                                      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:57:49 | 000,000,000 | ---D | M]
                                      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 10:35:12 | 000,000,000 | ---D | M]
                                       
                                      [2009/10/31 14:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
                                      [2009/03/06 00:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[email protected]
                                      [2011/08/05 10:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions
                                      [2011/08/05 10:49:36 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
                                      [2011/06/22 17:28:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\askcom.xml
                                      [2010/10/01 22:31:36 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\bing.xml
                                      [2010/10/01 22:12:25 | 000,005,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\googlecom-in-english.xml
                                      [2011/07/21 22:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
                                      [2010/04/27 15:54:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
                                      [2010/10/02 14:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
                                      [2010/10/26 21:03:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
                                      [2010/12/27 11:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
                                      [2011/02/27 10:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
                                      [2011/07/21 22:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
                                      File not found (No name found) --
                                      () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JVO1QB88.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
                                      [2011/07/21 22:50:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
                                      [2011/06/27 10:51:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
                                      [2011/06/22 15:57:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
                                      [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
                                      [2011/07/21 22:50:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
                                      [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
                                      [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
                                      [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
                                      [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
                                      [2010/08/24 11:08:35 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
                                      [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
                                       
                                      O1 HOSTS File: ([2011/07/26 12:53:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
                                      O1 - Hosts: 127.0.0.1       localhost
                                      O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110803101551.dll (McAfee, Inc.)
                                      O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
                                      O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
                                      O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
                                      O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
                                      O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
                                      O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
                                      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
                                      O3 - HKCU\..\Toolbar\WebBrowser: (Download Energy Toolbar) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
                                      O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
                                      O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
                                      O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
                                      O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
                                      O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
                                      O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
                                      O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
                                      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
                                      O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
                                      O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
                                      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
                                      O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
                                      O4 - HKCU..\Run: [EPSON PX820FWD Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGXE.EXE (SEIKO EPSON CORPORATION)
                                      O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
                                      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/16 10:31:49 | 000,000,000 | -H-D | M]
                                      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
                                      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
                                      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
                                      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
                                      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
                                      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
                                      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
                                      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
                                      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
                                      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
                                      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
                                      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
                                      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
                                      O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
                                      O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
                                      O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
                                      O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
                                      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
                                      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
                                      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199112852312 (MUWebControl Class)
                                      O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/securelogin-devel.cab (SecureLogin class)
                                      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
                                      O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
                                      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
                                      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
                                      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://uk.games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
                                      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
                                      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
                                      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
                                      O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
                                      O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
                                      O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
                                      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
                                      O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
                                      O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
                                      O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
                                      O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
                                      O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
                                      O32 - HKLM CDRom: AutoRun - 1
                                      O32 - AutoRun File - [2005/12/06 00:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
                                      O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
                                      O32 - AutoRun File - [2005/02/25 18:24:46 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
                                      O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
                                      O35 - HKLM\..comfile [open] -- "%1" %*
                                      O35 - HKLM\..exefile [open] -- "%1" %*
                                      O37 - HKLM\...com [@ = comfile] -- "%1" %*
                                      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
                                       
                                      ========== Files/Folders - Created Within 30 Days ==========
                                       
                                      [2011/08/07 14:49:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
                                      [2011/08/07 11:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
                                      [2011/08/07 11:17:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
                                      [2011/08/05 10:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
                                      [2011/08/05 10:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
                                      [2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
                                      [2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
                                      [2011/08/05 10:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
                                      [2011/08/05 10:22:26 | 081,496,432 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
                                      [2011/08/05 10:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
                                      [2011/08/05 10:17:20 | 037,806,960 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
                                      [2011/08/05 10:12:57 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
                                      [2011/08/05 10:11:42 | 003,124,384 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
                                      [2011/08/05 09:13:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
                                      [2011/08/04 20:01:09 | 000,000,000 | --SD | C] -- C:\ComboFix
                                      [2011/08/04 09:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
                                      [2011/08/03 10:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
                                      [2011/08/03 10:17:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
                                      [2011/08/03 10:17:38 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
                                      [2011/08/03 10:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
                                      [2011/08/03 10:15:50 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
                                      [2011/08/03 10:15:46 | 000,089,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
                                      [2011/08/03 10:00:22 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
                                      [2011/08/03 10:00:22 | 000,083,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
                                      [2011/08/03 10:00:21 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
                                      [2011/08/03 10:00:21 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
                                      [2011/08/03 10:00:21 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
                                      [2011/08/03 10:00:21 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
                                      [2011/08/03 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
                                      [2011/08/03 10:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
                                      [2011/08/03 09:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
                                      [2011/08/03 09:58:24 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
                                      [2011/08/02 11:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
                                      [2011/07/26 23:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
                                      [2011/07/26 23:50:11 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
                                      [2011/07/26 14:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\SysProt
                                      [2011/07/26 14:23:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
                                      [2011/07/26 12:50:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
                                      [2011/07/25 14:47:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\PrivacIE
                                      [2011/07/25 13:53:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\IETldCache
                                      [2011/07/25 13:49:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
                                      [2011/07/25 13:44:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
                                      [2011/07/25 13:38:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
                                      [2011/07/25 09:51:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
                                      [2011/07/25 09:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
                                      [2011/07/22 00:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dial-a-fix-v0.60.0.24
                                      [2011/07/21 22:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\HiJackThis
                                      [2011/07/21 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
                                      [2011/07/21 22:50:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
                                      [2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
                                      [2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
                                      [2011/07/21 22:50:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
                                      [2011/07/21 15:53:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
                                      [2011/07/12 15:52:05 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
                                      [2011/07/12 15:51:58 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBGXE.DLL
                                      [2011/07/12 15:51:58 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BGXE.DLL
                                      [2011/07/12 15:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
                                      [2011/07/12 15:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Epson
                                      [2011/07/12 15:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
                                      [2011/07/12 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
                                      [2011/07/12 15:38:15 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppmon.dll
                                      [2011/07/12 15:38:15 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppui.dll
                                      [2011/07/12 15:38:15 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enspres.dll
                                      [2011/07/12 15:38:14 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppmon.dll
                                      [2011/07/12 15:38:14 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppui.dll
                                      [2011/07/12 15:38:14 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enpres.dll
                                      [2011/07/12 15:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\InstallShield
                                      [2011/07/12 15:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
                                      [2011/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
                                      [2011/07/12 15:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
                                      [2011/07/12 15:34:11 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
                                      [2011/07/12 15:34:11 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\esdevapp.exe
                                      [2011/07/12 15:34:11 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escdev.dll
                                      [2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
                                      [2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
                                      [2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
                                      [2010/08/11 10:14:24 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
                                      [2010/02/20 23:05:43 | 000,559,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
                                      [2009/11/24 14:22:22 | 018,665,720 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
                                      [2009/07/07 13:05:47 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrtd.dll
                                      [2009/03/12 16:43:33 | 001,971,378 | ---- | C] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
                                      [2009/02/22 22:35:19 | 003,171,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup216.exe
                                      [2009/02/21 14:50:17 | 018,638,688 | ---- | C] (PC Tools                                                    ) -- C:\Program Files\sdsetup.exe
                                      [2009/01/03 21:33:47 | 006,832,928 | ---- | C] (ESTsoft Corp.                                               ) -- C:\Program Files\alzip.exe
                                      [2009/01/03 18:33:23 | 008,973,608 | ---- | C] (M.Dev Software                                              ) -- C:\Program Files\zg603sui.exe
                                      [2008/12/09 16:01:50 | 004,399,029 | ---- | C] (Joseph Leung                                                ) -- C:\Program Files\quickzip.exe
                                      [2008/07/09 12:27:25 | 000,820,380 | ---- | C] (                                                            ) -- C:\Program Files\audacity-win-1.2.6.exe
                                      [1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
                                      [1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]
                                       
                                      ========== Files - Modified Within 30 Days ==========
                                       
                                      [2011/08/07 14:49:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
                                      [2011/08/07 14:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
                                      [2011/08/07 12:19:48 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
                                      [2011/08/07 12:19:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
                                      [2011/08/07 11:47:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
                                      [2011/08/07 11:29:06 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
                                      [2011/08/07 11:12:43 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
                                      [2011/08/07 11:12:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
                                      [2011/08/07 11:12:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
                                      [2011/08/07 11:12:31 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
                                      [2011/08/07 11:12:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
                                      [2011/08/06 10:23:48 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
                                      [2011/08/05 10:47:11 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
                                      [2011/08/05 10:33:09 | 000,092,776 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
                                      [2011/08/05 10:29:01 | 081,496,432 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
                                      [2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
                                      [2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
                                      [2011/08/05 10:21:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
                                      [2011/08/05 10:20:11 | 037,806,960 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
                                      [2011/08/05 10:12:58 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
                                      [2011/08/05 10:12:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
                                      [2011/08/05 10:11:43 | 003,124,384 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
                                      [2011/08/05 09:13:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Program Files\TFC.exe
                                      [2011/07/27 03:03:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
                                      [2011/07/26 23:50:12 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
                                      [2011/07/26 12:53:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
                                      [2011/07/25 14:47:12 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
                                      [2011/07/25 09:51:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
                                      [2011/07/22 17:21:08 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\PagePlus 11 (2).lnk
                                      [2011/07/22 01:00:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
                                      [2011/07/22 01:00:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
                                      [2011/07/22 00:53:42 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
                                      [2011/07/21 23:01:00 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
                                      [2011/07/21 22:59:30 | 000,000,544 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
                                      [2011/07/21 22:50:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
                                      [2011/07/21 22:50:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
                                      [2011/07/21 22:50:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
                                      [2011/07/21 22:50:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
                                      [2011/07/21 22:50:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
                                      [2011/07/21 15:44:39 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
                                      [2011/07/14 10:02:10 | 000,405,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
                                      [2011/07/13 19:30:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
                                      [2011/07/12 15:46:56 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
                                      [2011/07/12 15:44:14 | 000,000,306 | ---- | M] () -- C:\WINDOWS\setup.iss
                                      [2011/07/12 15:40:04 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
                                      [2011/07/12 15:36:09 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
                                      [2011/07/12 15:35:50 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
                                      [2011/07/12 15:34:13 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
                                      [2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
                                      [2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
                                      [2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
                                      [1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
                                      [1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]
                                       
                                      ========== Files Created - No Company Name ==========
                                       
                                      [2011/08/05 10:47:11 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
                                      [2011/08/05 10:33:09 | 000,092,776 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
                                      [2011/08/05 10:28:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
                                      [2011/08/05 10:28:24 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
                                      [2011/08/05 10:21:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
                                      [2011/08/03 10:18:43 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
                                      [2011/07/30 10:17:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
                                      [2011/07/30 10:17:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
                                      [2011/07/25 14:47:12 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
                                      [2011/07/25 13:47:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
                                      [2011/07/22 00:53:42 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
                                      [2011/07/21 23:00:59 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
                                      [2011/07/13 19:30:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
                                      [2011/07/12 15:46:56 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
                                      [2011/07/12 15:44:05 | 000,000,306 | ---- | C] () -- C:\WINDOWS\setup.iss
                                      [2011/07/12 15:40:04 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
                                      [2011/07/12 15:36:09 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
                                      [2011/07/12 15:35:50 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
                                      [2011/07/12 15:34:13 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
                                      [2011/06/30 12:45:50 | 000,223,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
                                      [2011/06/25 10:01:22 | 000,333,018 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
                                      [2011/04/25 16:17:14 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
                                      [2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
                                      [2010/10/19 16:51:50 | 014,709,760 | ---- | C] () -- C:\Program Files\ClassActionKillers.msi
                                      [2010/10/01 17:16:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uzagefu.dat
                                      [2010/10/01 17:16:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jdebecusuramu.bin
                                      [2010/08/11 10:14:24 | 000,072,268 | ---- | C] () -- C:\Program Files\procexp.chm
                                      [2010/05/14 22:56:06 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
                                      [2010/05/14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
                                      [2010/05/14 22:55:58 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
                                      [2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
                                      [2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
                                      [2009/10/01 11:07:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\setup_ldm.iss
                                      [2009/09/30 12:27:14 | 005,486,113 | ---- | C] () -- C:\Program Files\DarkWave-Studio-2.4.exe
                                      [2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
                                      [2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
                                      [2009/08/25 15:22:36 | 015,436,399 | ---- | C] () -- C:\Program Files\F1_v1.3.zip
                                      [2009/08/25 15:16:29 | 091,959,937 | ---- | C] () -- C:\Program Files\Avert Fate.zip
                                      [2009/07/10 01:19:49 | 347,928,562 | ---- | C] () -- C:\Program Files\sauerbraten_2009_05_04_trooper_edition_win32_setup.exe
                                      [2009/07/07 13:05:47 | 000,172,032 | ---- | C] () -- C:\Program Files\libpng13.dll
                                      [2009/07/07 13:05:46 | 000,045,056 | ---- | C] () -- C:\Program Files\Launcher.exe
                                      [2009/05/13 12:13:24 | 001,271,001 | ---- | C] () -- C:\Program Files\Lame-Front-End.zip
                                      [2009/04/12 20:22:29 | 006,237,728 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
                                      [2009/03/20 13:20:38 | 000,000,573 | ---- | C] () -- C:\Program Files\xp_system32opens.vbs
                                      [2009/02/10 20:20:54 | 000,748,688 | ---- | C] () -- C:\Program Files\cpukil305.zip
                                      [2009/01/30 19:13:44 | 001,053,744 | ---- | C] () -- C:\Program Files\revosetup.exe
                                      [2009/01/23 20:51:09 | 000,189,810 | ---- | C] () -- C:\Program Files\libmp3lame-win-3.98.2.zip
                                      [2009/01/03 18:40:29 | 000,939,698 | ---- | C] () -- C:\Program Files\7z464.exe
                                      [2008/12/14 20:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini
                                      [2008/12/12 18:31:59 | 000,000,471 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ
                                      [2008/12/09 20:25:45 | 000,007,804 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
                                      [2008/12/09 19:52:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
                                      [2008/12/09 16:03:51 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\QuickZip45.ini
                                      [2008/12/03 18:45:24 | 020,768,389 | ---- | C] () -- C:\Program Files\DN3DInst.zip
                                      [2008/07/06 16:17:05 | 000,000,591 | ---- | C] () -- C:\WINDOWS\eReg.dat
                                      [2008/07/02 12:04:10 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
                                      [2008/05/17 01:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
                                      [2008/05/17 01:31:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
                                      [2008/05/17 01:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
                                      [2008/05/17 01:31:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
                                      [2008/05/17 01:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
                                      [2008/05/17 01:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
                                      [2008/05/17 01:31:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
                                      [2008/05/17 01:31:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
                                      [2008/05/17 01:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
                                      [2008/05/14 17:17:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
                                      [2008/04/01 17:34:30 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
                                      [2008/03/21 21:01:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
                                      [2008/03/21 19:31:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
                                      [2008/03/21 18:56:14 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
                                      [2008/03/21 17:54:34 | 000,116,736 | ---- | C] () -- C:\WINDOWS\Uninstall_Livebox.EXE
                                      [2008/01/30 22:39:58 | 000,005,495 | ---- | C] () -- C:\Program Files\0x0409.ini
                                      [2007/12/31 15:45:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
                                      [2007/05/11 16:12:54 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
                                      [2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
                                      [2006/06/05 20:14:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
                                      [2006/06/05 19:53:15 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
                                      [2006/06/05 19:49:40 | 000,013,561 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
                                      [2006/06/05 19:49:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
                                      [2006/06/05 19:45:45 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
                                      [2006/06/05 19:42:54 | 000,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
                                      [2006/06/05 19:38:07 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
                                      [2006/06/05 19:38:07 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
                                      [2006/06/05 19:36:57 | 000,090,686 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
                                      [2006/06/05 19:36:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
                                      [2006/06/05 19:27:20 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
                                      [2006/06/05 19:26:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
                                      [2006/06/05 19:23:26 | 000,121,994 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
                                      [2006/06/05 19:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
                                      [2006/06/05 19:05:18 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
                                      [2006/06/05 19:05:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
                                      [2006/06/05 19:04:54 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
                                      [2006/03/18 01:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
                                      [2005/12/06 00:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
                                      [2005/12/06 00:36:34 | 000,506,376 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
                                      [2005/12/06 00:36:34 | 000,088,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
                                      [2005/12/06 00:34:46 | 000,405,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
                                      [2005/12/06 00:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
                                      [2005/12/06 00:30:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
                                      [2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
                                      [2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
                                      [2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
                                      [2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
                                      [2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
                                      [2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
                                      [2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
                                      [2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
                                      [2004/06/24 20:10:06 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
                                      [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
                                      [2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
                                      [2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
                                      [2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
                                      [2000/09/14 03:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
                                      [2000/08/11 07:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\EPIPPJ50.DLL
                                      [2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
                                      [1998/06/11 13:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
                                      [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
                                       
                                      ========== LOP Check ==========
                                       
                                      [2011/08/04 09:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
                                      [2011/07/12 15:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
                                      [2009/10/24 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
                                      [2011/05/16 00:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
                                      [2008/04/01 18:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
                                      [2011/03/21 02:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
                                      [2011/06/25 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
                                      [2008/11/12 20:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
                                      [2008/07/20 11:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
                                      [2008/02/02 17:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
                                      [2011/05/24 13:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
                                      [2011/07/12 15:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
                                      [2008/05/15 01:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
                                      [2011/08/05 10:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
                                      [2009/04/13 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
                                      [2009/05/12 15:22:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
                                      [2009/06/19 00:02:16 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
                                      [2011/03/21 02:21:27 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
                                       
                                      ========== Purity Check ==========
                                       
                                       
                                       
                                      ========== Alternate Data Streams ==========
                                       
                                      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
                                      @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3DFE6FE
                                      @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
                                      @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
                                      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
                                      @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

                                      < End of report >
                                      You can never have too much of what you don't need.

                                      bandalex

                                        Topic Starter


                                        Rookie

                                        • Experience: Experienced
                                        • OS: Windows XP
                                        Re: unregistered files
                                        « Reply #32 on: August 07, 2011, 08:33:32 AM »
                                        And the Extras.Txt as follows:

                                        OTL Extras logfile created on: 07/08/2011 14:53:35 - Run 1
                                        OTL by OldTimer - Version 3.2.26.1     Folder = C:\Documents and Settings\HP_Owner\Desktop
                                        Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
                                        Internet Explorer (Version = 8.0.6001.18702)
                                        Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
                                         
                                        1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
                                        2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
                                        Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
                                         
                                        %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
                                        Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
                                        Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
                                        Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
                                         
                                        Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
                                        Boot Mode: Normal | Scan Mode: Current user
                                        Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
                                         
                                        ========== Extra Registry (SafeList) ==========
                                         
                                         
                                        ========== File Associations ==========
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
                                        .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
                                        .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
                                        .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
                                         
                                        [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
                                        .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
                                         
                                        ========== Shell Spawning ==========
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
                                        batfile [open] -- "%1" %*
                                        cmdfile [open] -- "%1" %*
                                        comfile [open] -- "%1" %*
                                        cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
                                        exefile [open] -- "%1" %*
                                        https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
                                        InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
                                        piffile [open] -- "%1" %*
                                        regfile [merge] -- Reg Error: Key error.
                                        scrfile [config] -- "%1"
                                        scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
                                        scrfile [open] -- "%1" /S
                                        txtfile [edit] -- Reg Error: Key error.
                                        Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
                                        Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
                                        Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
                                        Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
                                        Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
                                        Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
                                        Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
                                         
                                        ========== Security Center Settings ==========
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
                                        "FirstRunDisabled" = 1
                                        "AntiVirusDisableNotify" = 1
                                        "FirewallDisableNotify" = 1
                                        "UpdatesDisableNotify" = 0
                                        "AntiVirusOverride" = 1
                                        "FirewallOverride" = 0
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
                                         
                                        ========== System Restore Settings ==========
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
                                        "DisableSR" = 0
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
                                        "Start" = 0
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
                                        "Start" = 2
                                         
                                        ========== Firewall Settings ==========
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
                                        "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
                                        "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
                                        "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
                                        "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
                                        "EnableFirewall" = 0
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
                                        "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
                                        "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
                                        "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
                                        "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
                                         
                                        ========== Authorized Applications List ==========
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
                                        "C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
                                        "C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
                                         
                                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
                                        "C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
                                        "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
                                        "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
                                        "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
                                        "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
                                         
                                         
                                        ========== HKEY_LOCAL_MACHINE Uninstall List ==========
                                         
                                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
                                        "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
                                        "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
                                        "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
                                        "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
                                        "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
                                        "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
                                        "{0B884C9B-5D85-4461-88EE-826E1BB33008}" = Serif PagePlus 11
                                        "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
                                        "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
                                        "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
                                        "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
                                        "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
                                        "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
                                        "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
                                        "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
                                        "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
                                        "{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
                                        "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
                                        "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
                                        "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
                                        "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
                                        "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
                                        "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
                                        "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
                                        "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
                                        "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
                                        "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
                                        "{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
                                        "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
                                        "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
                                        "{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
                                        "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
                                        "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
                                        "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
                                        "{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
                                        "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
                                        "{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe  1.4.84.1
                                        "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
                                        "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
                                        "{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
                                        "{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
                                        "{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
                                        "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
                                        "{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
                                        "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
                                        "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
                                        "{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
                                        "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
                                        "{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
                                        "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
                                        "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
                                        "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
                                        "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
                                        "{492E1D84-D7BF-4FA2-A26A-30AFC89EF547}" = Tiger Woods PGA TOUR 2003
                                        "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
                                        "{4AB5EAF2-E5D8-4A2B-864B-D72B37A9DD51}" = PCmover
                                        "{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
                                        "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
                                        "{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
                                        "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
                                        "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
                                        "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
                                        "{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
                                        "{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
                                        "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
                                        "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
                                        "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
                                        "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
                                        "{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
                                        "{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
                                        "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
                                        "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
                                        "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
                                        "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
                                        "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
                                        "{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
                                        "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
                                        "{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
                                        "{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
                                        "{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
                                        "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
                                        "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
                                        "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
                                        "{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
                                        "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
                                        "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
                                        "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
                                        "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
                                        "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
                                        "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
                                        "{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
                                        "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
                                        "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
                                        "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
                                        "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
                                        "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
                                        "{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
                                        "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
                                        "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
                                        "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
                                        "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
                                        "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
                                        "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
                                        "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
                                        "{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
                                        "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
                                        "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
                                        "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
                                        "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
                                        "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
                                        "{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
                                        "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
                                        "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
                                        "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
                                        "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
                                        "{ABBA0799-F982-414C-9A8B-17EB03D39677}" = trakAxPC
                                        "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
                                        "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
                                        "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
                                        "{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
                                        "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
                                        "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
                                        "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
                                        "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
                                        "{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
                                        "{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
                                        "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
                                        "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
                                        "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
                                        "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
                                        "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
                                        "{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
                                        "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
                                        "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
                                        "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
                                        "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
                                        "{CD1067C8-1AA1-4503-BCAD-EA1EE5427DC7}" = MAGIX Video easy SE
                                        "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
                                        "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
                                        "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
                                        "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
                                        "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
                                        "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
                                        "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
                                        "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
                                        "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
                                        "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
                                        "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
                                        "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
                                        "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
                                        "{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
                                        "{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
                                        "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
                                        "{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
                                        "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
                                        "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
                                        "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
                                        "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
                                        "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
                                        "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
                                        "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
                                        "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
                                        "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
                                        "7-Zip" = 7-Zip 4.64
                                        "Adobe AIR" = Adobe AIR
                                        "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
                                        "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
                                        "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
                                        "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
                                        "ALUpdate_is1" = ALTools Update
                                        "ALZip_is1" = ALZip
                                        "ATI Display Driver" = ATI Display Driver
                                        "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
                                        "Audacity_is1" = Audacity 1.2.6
                                        "BT Broadband Desktop Help" = BT Broadband Desktop Help
                                        "BT Wireless Connection Manager" = BT Wireless Connection Manager
                                        "BT Yahoo! Applications" = BT Yahoo! Applications
                                        "BTHomeHub" = BTHomeHub
                                        "CCleaner" = CCleaner
                                        "CleanMem1.3.0" = CleanMem
                                        "Combat Arms EU" = Combat Arms EU
                                        "conduitEngine" = Conduit Engine
                                        "Cube" = Cube
                                        "Download_Energy Toolbar" = Download_Energy Toolbar
                                        "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
                                        "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
                                        "EPSON PX820FWD Series" = EPSON PX820FWD Series Printer Uninstall
                                        "EPSON PX820FWD Series Manual" = EPSON PX820FWD Series Manual
                                        "EPSON PX820FWD Series Network Guide" = EPSON PX820FWD Series Network Guide
                                        "EPSON Scanner" = EPSON Scan
                                        "ESET Online Scanner" = ESET Online Scanner v3
                                        "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
                                        "ffdshow_is1" = ffdshow [rev 1900] [2008-03-15]
                                        "Google Chrome" = Google Chrome
                                        "HP Document Viewer" = HP Document Viewer 6.1
                                        "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
                                        "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
                                        "HP Photo Printing Software" = HP Photo Printing Software
                                        "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
                                        "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
                                        "ie7" = Windows Internet Explorer 7
                                        "ie8" = Windows Internet Explorer 8
                                        "ImgBurn" = ImgBurn
                                        "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
                                        "InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
                                        "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
                                        "Jardinains 2!_is1" = Jardinains 2!
                                        "LMMS 0.4.5" = Linux MultiMedia Studio (LMMS)
                                        "MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
                                        "Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
                                        "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
                                        "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
                                        "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
                                        "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
                                        "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
                                        "MSC" = McAfee Internet Security
                                        "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
                                        "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
                                        "NVIDIA Drivers" = NVIDIA Drivers
                                        "OpenAL" = OpenAL
                                        "Python 2.2.3" = Python 2.2.3
                                        "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
                                        "RealPlayer 12.0" = RealPlayer
                                        "Recordpad" = RecordPad Sound Recorder
                                        "Revo Uninstaller" = Revo Uninstaller 1.92
                                        "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
                                        "SpeedFan" = SpeedFan (remove only)
                                        "SpywareBlaster_is1" = SpywareBlaster 4.1
                                        "uTorrent" = µTorrent
                                        "VLC media player" = VLC media player 1.1.10
                                        "WavePad" = WavePad Sound Editor
                                        "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
                                        "Windows Media Format Runtime" = Windows Media Format 11 runtime
                                        "Windows Media Player" = Windows Media Player 11
                                        "Windows XP Service Pack" = Windows XP Service Pack 3
                                        "WMFDist11" = Windows Media Format 11 runtime
                                        "wmp11" = Windows Media Player 11
                                        "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
                                        "Ziepod_is1" = Ziepod version 1.0
                                         
                                        ========== HKEY_CURRENT_USER Uninstall List ==========
                                         
                                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
                                        "UnityWebPlayer" = Unity Web Player
                                         
                                        ========== Last 10 Event Log Errors ==========
                                         
                                        [ Application Events ]
                                        Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
                                        Description = WinMgmt could not open the repository file.  This could be due to
                                        insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
                                         disk space or insufficient memory.
                                         
                                        Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
                                        Description = The Windows Security Center Service was unable to establish event
                                        queries with WMI to monitor third party AntiVirus and Firewall.
                                         
                                        Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
                                        Description = WinMgmt could not open the repository file.  This could be due to
                                        insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
                                         disk space or insufficient memory.
                                         
                                        Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
                                        Description = The Windows Security Center Service was unable to establish event
                                        queries with WMI to monitor third party AntiVirus and Firewall.
                                         
                                        Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = VSS | ID = 8193
                                        Description = Volume Shadow Copy Service error: Unexpected error calling routine
                                         CoCreateInstance.  hr = 0x8007041f.
                                         
                                        Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
                                        Description = WinMgmt could not open the repository file.  This could be due to
                                        insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
                                         disk space or insufficient memory.
                                         
                                        Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
                                        Description = The Windows Security Center Service was unable to establish event
                                        queries with WMI to monitor third party AntiVirus and Firewall.
                                         
                                        Error - 06/08/2011 20:18:07 | Computer Name = YOUR-C94F920E24 | Source = Application Error | ID = 1000
                                        Description = Faulting application gta_sa.exe, version 0.0.0.0, faulting module
                                        unknown, version 0.0.0.0, fault address 0x6567696c.
                                         
                                        Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
                                        Description = WinMgmt could not open the repository file.  This could be due to
                                        insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
                                         disk space or insufficient memory.
                                         
                                        Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
                                        Description = The Windows Security Center Service was unable to establish event
                                        queries with WMI to monitor third party AntiVirus and Firewall.
                                         
                                        [ System Events ]
                                        Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
                                        Description = Time Provider NtpClient: An error occurred during DNS lookup of the
                                         manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
                                         again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
                                         host. (0x80072751)
                                         
                                        Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
                                        Description = The time provider NtpClient is configured to acquire time from one
                                         or more  time sources, however none of the sources are currently accessible.   No attempt
                                         to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
                                         time.
                                         
                                        Error - 30/06/2011 07:02:43 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
                                        Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
                                         with DCOM within the required timeout.
                                         
                                        Error - 30/06/2011 07:04:57 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
                                        Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
                                         with DCOM within the required timeout.
                                         
                                        Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
                                        Description = Time Provider NtpClient: An error occurred during DNS lookup of the
                                         manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
                                         again in 30  minutes.  The error was: A socket operation was attempted to an unreachable
                                         host. (0x80072751)
                                         
                                        Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
                                        Description = The time provider NtpClient is configured to acquire time from one
                                         or more  time sources, however none of the sources are currently accessible.   No attempt
                                         to contact a source will be made for 30 minutes.  NtpClient has no source of accurate
                                         time.
                                         
                                        Error - 12/07/2011 05:18:02 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
                                        Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
                                         with DCOM within the required timeout.
                                         
                                        Error - 17/07/2011 03:31:08 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
                                        Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
                                         with DCOM within the required timeout.
                                         
                                        Error - 03/08/2011 11:38:06 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
                                        Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
                                         with DCOM within the required timeout.
                                         
                                        Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
                                        Description = DCOM got error "%1055" attempting to start the service VSS with arguments
                                         ""  in order to run the server:  {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
                                         
                                         
                                        < End of report >
                                        You can never have too much of what you don't need.

                                        SuperDave

                                        • Malware Removal Specialist


                                        • Genius
                                        • Thanked: 991
                                        • Certifications: List
                                        • Experience: Expert
                                        • OS: Windows 8
                                        Re: unregistered files
                                        « Reply #33 on: August 07, 2011, 04:32:03 PM »
                                        AVENGER

                                        • Download The Avenger by Swandog46 from here.
                                        • Unzip/extract it to a folder on your desktop.
                                        • Double click on avenger.exe to run The Avenger.
                                        • Click OK.
                                        • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
                                        • Click the Execute button.
                                        • You will be asked No script has been entered.  Do you want to execute a rootkit scan only?.
                                        • Click Yes.
                                        • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot.  Reboot now?.
                                        • Click Yes.
                                        • Your PC will now be rebooted.
                                        • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
                                        • Please post this log in your next reply.
                                        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                        bandalex

                                          Topic Starter


                                          Rookie

                                          • Experience: Experienced
                                          • OS: Windows XP
                                          Re: unregistered files
                                          « Reply #34 on: August 08, 2011, 01:05:59 PM »
                                          This doesn't look very dramatic:

                                          Logfile of The Avenger Version 2.0, (c) by Swandog46
                                          http://swandog46.geekstogo.com

                                          Platform:  Windows XP

                                          *******************

                                          Script file opened successfully.
                                          Script file read successfully.

                                          Backups directory opened successfully at C:\Avenger

                                          *******************

                                          Beginning to process script file:

                                          Rootkit scan active.
                                          No rootkits found!


                                          Completed script processing.

                                          *******************
                                          You can never have too much of what you don't need.

                                          SuperDave

                                          • Malware Removal Specialist


                                          • Genius
                                          • Thanked: 991
                                          • Certifications: List
                                          • Experience: Expert
                                          • OS: Windows 8
                                          Re: unregistered files
                                          « Reply #35 on: August 08, 2011, 04:38:43 PM »
                                          Please do this in the following order. Please download, install and activate MicroSoft Security Essentials from the link below. Then remove McAfee using the tool below and see if you're still getting the error message.

                                          Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
                                          Microsoft Security Essentials for Windows XP

                                          Download the McAfee Consumer Product Removal Tool to your Desktop.

                                          Using McAfee Consumer Product Removal tool:

                                          * Double click the MCPR.exe
                                          * A Command Line window will be displayed, and then close automatically.
                                          * Wait for a second Command Line window to be displayed.

                                          Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

                                          * After the second window appears, the program will begin the cleanup.
                                          * Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
                                          * Press Y on the keyboard.
                                          * Wait for the computer to restart.
                                          * All McAfee products are now removed from your computer.
                                          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                          bandalex

                                            Topic Starter


                                            Rookie

                                            • Experience: Experienced
                                            • OS: Windows XP
                                            Re: unregistered files
                                            « Reply #36 on: August 10, 2011, 04:20:02 AM »
                                            Done and the reboot produced no repeat of the FP message.
                                            Too much to do today to stop and start but expect a cold start to have the same result.  As I think you have too, I've come to the conclusion the problem has resided somewhere in McAfee.  We shall see!

                                            Thanks again.

                                            Alex
                                            You can never have too much of what you don't need.

                                            bandalex

                                              Topic Starter


                                              Rookie

                                              • Experience: Experienced
                                              • OS: Windows XP
                                              Re: unregistered files
                                              « Reply #37 on: August 10, 2011, 10:17:45 AM »
                                              Since last job I've been getting explorer.exe using up between 40-50% of CPU all the time - I'm sure this isn't normal.  Any thoughts and suggestions to fix?
                                              You can never have too much of what you don't need.

                                              SuperDave

                                              • Malware Removal Specialist


                                              • Genius
                                              • Thanked: 991
                                              • Certifications: List
                                              • Experience: Expert
                                              • OS: Windows 8
                                              Re: unregistered files
                                              « Reply #38 on: August 10, 2011, 05:34:01 PM »
                                              Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
                                              Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
                                              Click on View > Select Colunms.
                                              In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
                                              Go File>Save As, and save the report as Procexp.txt.
                                              Attach the file to your next reply.
                                              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                              bandalex

                                                Topic Starter


                                                Rookie

                                                • Experience: Experienced
                                                • OS: Windows XP
                                                Re: unregistered files
                                                « Reply #39 on: August 10, 2011, 06:29:17 PM »
                                                I already run process explorer - it's more user friendly and detailed than Task Manager.  However, as with many diagnostic type tools, I never get round to fully utilising the features available.  So I'm glad to have this passed on - thanks.

                                                Here's the data:

                                                Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
                                                System Idle Process   0   47.69   0 K   28 K         
                                                 Interrupts   n/a      0 K   0 K   Hardware Interrupts      
                                                 DPCs   n/a      0 K   0 K   Deferred Procedure Calls      
                                                 System   4      0 K   140 K         
                                                  smss.exe   444      204 K   116 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
                                                   csrss.exe   508      1,860 K   2,756 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
                                                   winlogon.exe   532      6,656 K   2,604 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
                                                    services.exe   576   0.77   1,932 K   2,244 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
                                                     a2service.exe   748      15,736 K   440 K   Emsisoft Anti-Malware Service   Emsi Software GmbH   "C:\Program Files\Emsisoft Anti-Malware\a2service.exe"
                                                     svchost.exe   836      3,228 K   1,828 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k DcomLaunch
                                                      hpgs2wnf.exe   1912      964 K   440 K   hpgs2wnf Module      C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe -Embedding
                                                     svchost.exe   932      2,000 K   2,284 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k rpcss
                                                     MsMpEng.exe   972      170,924 K   48,428 K   Antimalware Service Executable   Microsoft Corporation   "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
                                                     svchost.exe   1008      19,816 K   25,812 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k netsvcs
                                                     svchost.exe   1080      2,100 K   2,168 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k NetworkService
                                                     svchost.exe   1164      3,400 K   1,212 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
                                                     spoolsv.exe   1276      4,508 K   1,960 K   Spooler SubSystem App   Microsoft Corporation   C:\WINDOWS\system32\spoolsv.exe
                                                     UMVPFSrv.exe   1308      1,616 K   140 K   Logitech User mode UMVPF service   Logitech Inc.   "C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
                                                     svchost.exe   512      1,400 K   784 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
                                                     SASCORE.EXE   868      732 K   212 K   Core Service   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
                                                     mDNSResponder.exe   1436      984 K   1,064 K   Bonjour Service   Apple Inc.   "C:\Program Files\Bonjour\mDNSResponder.exe"
                                                     CLCapSvc.exe   1448      5,944 K   848 K   CLCapSvc Module      "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"
                                                     CLMLServer.exe   1508      8,664 K   1,080 K   NT CLMLServer   Cyberlink   "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
                                                     SAgent2.exe   1580      1,764 K   484 K   EPSON Printer Status Agent   SEIKO EPSON CORPORATION   "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
                                                     jqs.exe   1768      8,816 K   1,380 K   Java(TM) Quick Starter Service   Sun Microsystems, Inc.   "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
                                                     LSSrvc.exe   1596      632 K   140 K      Hewlett-Packard Company   "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
                                                     McciCMService.exe   2264      2,036 K   1,432 K   mcci+McciCMService   Alcatel-Lucent   "C:\Program Files\Common Files\Motive\McciCMService.exe"
                                                     MDM.EXE   2284      964 K   476 K   Machine Debug Manager   Microsoft Corporation   "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
                                                     nvsvc32.exe   2336      2,680 K   2,472 K   NVIDIA Driver Helper Service, Version 175.19   NVIDIA Corporation   C:\WINDOWS\system32\nvsvc32.exe
                                                     HPZIPM12.EXE   2352      556 K   276 K   PML Driver   HP   C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
                                                     svchost.exe   2416      2,756 K   2,644 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k imgsvc
                                                     CLSched.exe   2504      1,460 K   880 K   CLSched Module      "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"
                                                     dialdictate.exe   2540      27,956 K   404 K   Dial Dictate   NCH Software   "C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -service
                                                     iPodService.exe   3080      2,472 K   1,504 K   iPodService Module (32-bit)   Apple Inc.   "C:\Program Files\iPod\bin\iPodService.exe"
                                                     alg.exe   3352      1,188 K   240 K   Application Layer Gateway Service   Microsoft Corporation   C:\WINDOWS\System32\alg.exe
                                                    lsass.exe   588      4,080 K   1,416 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
                                                explorer.exe   1628   50.00   53,632 K   32,584 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\Explorer.EXE
                                                 hpgs2wnd.exe   1800      936 K   444 K   hpgs2wnd   Hewlett-Packard   "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
                                                 BTHelpNotifier.exe   1812   1.54   2,240 K   2,584 K   mcci+McciTrayApp   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
                                                  BTHelpBrowser.exe   6760      10,112 K   18,904 K   mcci+McciBrowser   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" /APPKEY=btbb /URL=file:///C:/Program Files/BT Broadband Desktop Help/btbb/OCB/d153fd8a-965a-4485-845b-effd12a9f06f/Tasks.html
                                                   BTHelpBrowser.exe   6852      8,840 K   16,004 K   mcci+McciBrowser   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" -AppKey=btbb -url=https://pbttbc.bt.motive.com/portal/smptasks.jsp?taskid=1
                                                 FUFAXSTM.exe   1836      7,792 K   1,188 K   FAX Status Monitor   SEIKO EPSON CORPORATION   "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
                                                 EEventManager.exe   1844      3,416 K   1,004 K   EEventManager Application   SEIKO EPSON CORPORATION   "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
                                                 jusched.exe   1864      856 K   200 K   Java(TM) 2 Platform Standard Edition binary   Sun Microsystems, Inc.   "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
                                                 realsched.exe   1900      1,540 K   232 K   RealNetworks Scheduler   RealNetworks, Inc.   "C:\program files\real\realplayer\update\realsched.exe"  -osboot
                                                 dialdictate.exe   2004      29,028 K   1,520 K   Dial Dictate   NCH Software   "C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -logon
                                                 msseces.exe   152      4,880 K   2,976 K   Microsoft Security Client User Interface   Microsoft Corporation   "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
                                                 SUPERANTISPYWARE.EXE   384      31,668 K   796 K   SUPERAntiSpyware Application   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
                                                 ctfmon.exe   400      1,188 K   2,172 K   CTF Loader   Microsoft Corporation   "C:\WINDOWS\system32\ctfmon.exe"
                                                 procexp.exe   1484      11,660 K   13,144 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Program Files\procexp.exe"
                                                 firefox.exe   6648      89,488 K   102,004 K   Firefox   Mozilla Corporation   "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                kbd.exe   4016      3,704 K   1,784 K   KBD EXE   Hewlett-Packard Company   C:\HP\KBD\KBD.EXE
                                                hpsysdrv.exe   992      880 K   760 K   hpsysdrv   Hewlett-Packard Company   c:\windows\system\hpsysdrv.exe
                                                You can never have too much of what you don't need.

                                                bandalex

                                                  Topic Starter


                                                  Rookie

                                                  • Experience: Experienced
                                                  • OS: Windows XP
                                                  Re: unregistered files
                                                  « Reply #40 on: August 11, 2011, 12:55:59 PM »
                                                  No messages today on cold start and CPU usage has regularised to average 93% free so, subject to repetitions, looking like a fix.  I presume you'd recommend I don't re-install McAfee then?  Also, should I get a separate firewall or will MSE manage that too?

                                                  Alex
                                                  You can never have too much of what you don't need.

                                                  SuperDave

                                                  • Malware Removal Specialist


                                                  • Genius
                                                  • Thanked: 991
                                                  • Certifications: List
                                                  • Experience: Expert
                                                  • OS: Windows 8
                                                  Re: unregistered files
                                                  « Reply #41 on: August 12, 2011, 05:17:25 PM »
                                                  Quote
                                                  I presume you'd recommend I don't re-install McAfee then?  Also, should I get a separate firewall or will MSE manage that too?
                                                  I'm not a big fan of McAfee. The Windows Firewall in XP is not much good because it only blocks incoming. Outgoing is the most harmful. I really depends on how much security you want on your pc. If you're doing financial dealings then I would recomment a third-party firewall.See suggestions below.

                                                  To remove all of the tools we used and the files and folders they created do the following:
                                                  Double click OTL.exe.
                                                  • Click the CleanUp button.
                                                  • Select Yes when the "Begin cleanup Process?" prompt appears.
                                                  • If you are prompted to Reboot during the cleanup, select Yes.
                                                  • The tool will delete itself once it finishes.
                                                  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
                                                  *********************************************************
                                                  Looking over your log it seems you don't have any evidence of a third party firewall.

                                                  Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

                                                  Remember only install ONE firewall

                                                  1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
                                                  2) Online Armor
                                                  3) Agnitum Outpost
                                                  4) PC Tools Firewall Plus

                                                  If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
                                                  Good luck!
                                                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                                                  bandalex

                                                    Topic Starter


                                                    Rookie

                                                    • Experience: Experienced
                                                    • OS: Windows XP
                                                    Re: unregistered files
                                                    « Reply #42 on: August 12, 2011, 05:31:03 PM »
                                                    Thanks for your help Dave - hope it's been as intriguing for you as it has been frustrating for me.  I'll get on with finding a firewall and doing the cleanup.

                                                    Regards

                                                    Alex
                                                    You can never have too much of what you don't need.

                                                    SuperDave

                                                    • Malware Removal Specialist


                                                    • Genius
                                                    • Thanked: 991
                                                    • Certifications: List
                                                    • Experience: Expert
                                                    • OS: Windows 8
                                                    Re: unregistered files
                                                    « Reply #43 on: August 13, 2011, 05:06:59 PM »
                                                    You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
                                                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender