Author Topic: unregistered files (Read 26251 times)

bandalex · « **on:** July 21, 2011, 04:09:10 PM »

Hi

I posted a query in windows xp and was directed (by Allan, moderator) to run all the virus/malware etc checks I do out of habit. Finally ran hijackthis(sniper) and now post the log for your observations. I'm not a genius but since I'm not experiencing any operating problems other than the twic-appearing windows file protection message at startup I have to query that I have a virus. Still, perhaps the log will reveal something. Surely though it should be possible to find a simpler way to identify the unregistered files?

Anyway, here's the log and I hope you can help.

Thanks
Alex

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:01:59, on 21/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON PX820FWD Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGXE.EXE /FU "C:\WINDOWS\TEMP\E_S92.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1157552183-2752306718-432289623-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User '?')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199112852312
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://uk.games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate1ca3dc146c6f28a) (gupdate1ca3dc146c6f28a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 13253 bytes

SuperDave · « **Reply #1 on:** July 21, 2011, 04:53:41 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************
At what point do you receive that message?

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://*.mcafee.com

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*****************************************************
Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

•Open the folder and run Dial-a-fix.exe
•2 windows will open. Close the one in the background labeled Restrictive Policies
•Check the box in section 1, Empty temp folders.

•Check the box in section 2, Fix Windows Installer.

•Check the box in section 3, Fix Windows Update.

•Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked

•Check all boxes in section 5, labeled Registration Center.

•Click Go

•OK any error messages if received, but write them down and post them here.

•Restart the computer when done.

bandalex · « **Reply #2 on:** July 21, 2011, 06:13:03 PM »

Hi guys

First of all, thanks for the help so far but I'm sorry to report that on restart I'm still getting the Windows File Protection box - once early on in the startup and once more near the end.

Have you any other suggestions or do I have to go through the whole time-consuming business again?

And, is it possible to simply identify the unregistered files or not? - please try to answer my questions - I'd appreciate it very much.

Alex

bandalex · « **Reply #3 on:** July 22, 2011, 04:14:09 AM »

Just an additional observation. I noticed the message appeared both times on startup this morning (UK time) when it was reading (or attempting to read) the e: drive (CDRom). Don't know if that's helpful or not.

Alex

SuperDave · « **Reply #4 on:** July 22, 2011, 01:31:18 PM »

Quote

I noticed the message appeared both times on startup this morning (UK time) when it was reading (or attempting to read) the e: drive (CDRom).

Is there any disk in that drive?
I don't know too much about this Windows File Protection problem.
Here's is one site that may help.
Another site here.

bandalex · « **Reply #5 on:** July 22, 2011, 03:04:34 PM »

Yes, there is usually a games disk (GTA or EA Sports Golf for example). I'll startup without the disk and see if I still get the message and let you know.
You don't seem to be alone in not knowing much about this problem. All I really want to know is how to identify the faulty .dll or .osx file(s) so I can either replace or register them and I've found nothing to be of much help so far. I really don't think I have a virus - I run all the malware/antivirus/cleaners etc on a regular basis as well as having McAfee on top (no sour comments on that please!) and apart from a couple of medium risk alerts most of the problems are minor cookie trackers and the like.

If you find anything more I'd be grateful. I'm not able to understand Microsoft speak too well, partly because I'm a skilled user but not a techie and partly because they require a level of knowledge somewhat higher than I have!

Thanks for your efforts so far.

Alex

SuperDave · « **Reply #6 on:** July 22, 2011, 06:15:21 PM »

Please try this even if you don't have the OS disk

Place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

bandalex · « **Reply #7 on:** July 23, 2011, 07:08:11 AM »

Thanks Super Dave

This last looks like it might have worked - at least when restarting there were no nasty little boxes. Before I mark it solved I'll wait until a cold start to confirm the fix.

BTW, presuming by your avatar you're in Canada just a byline to say my big sis has been over there for the last 45 years - first in Vancouver then Calgary for last 15 years or so.

Alex

SuperDave · « **Reply #8 on:** July 23, 2011, 01:13:43 PM »

Quote

BTW, presuming by your avatar you're in Canada just a byline to say my big sis has been over there for the last 45 years - first in Vancouver then Calgary for last 15 years or so.

That's on the other side of the country from where I live on the east coast.

bandalex · « **Reply #9 on:** July 24, 2011, 04:09:04 AM »

Such a big country - like I'm in Yorkshire and a similar distance would take me to Morocco!

Anyhoo, switched on half n hour ago and, guess what, the *censored* boxes appeared again?

What next Dave? (or should I just put up with the message as a minor irritation?)

Alex

SuperDave · « **Reply #10 on:** July 24, 2011, 04:25:55 PM »

When you tried SFC the first time, did it request that you insert the OS disk?

bandalex · « **Reply #11 on:** July 24, 2011, 04:45:45 PM »

No, it ran but stopped a couple of times with the same File Protection Message appearing. Once cleared it seemed to run quite happily.

SuperDave · « **Reply #12 on:** July 24, 2011, 07:09:33 PM »

Ok. Let's run a few more scans just to make sure that your computer is clean.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

bandalex · « **Reply #13 on:** July 25, 2011, 03:44:16 AM »

Okay, done - here's the log:

ComboFix 11-07-24.03 - HP_Owner 25/07/2011 9:59.1.2 - x86
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\chrome\xulcache.jar
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\defaults\preferences\xulcache.js
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\install.rdf
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\chrome\xulcache.jar
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\defaults\preferences\xulcache.js
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\install.rdf
c:\documents and settings\HP_Owner\Application Data\PriceGong
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\HP_Owner\WINDOWS
c:\documents and settings\Sauerbraten\uninstall.exe
c:\program files\INSTALL.PIF
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-21 23:53 . 2011-07-21 23:53   --------   d-----w-   c:\program files\Dial-a-fix-v0.60.0.24
2011-07-21 21:58 . 2011-07-21 21:58   388096   ----a-r-   c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-21 21:58 . 2011-07-21 21:58   --------   d-----w-   c:\program files\Trend Micro
2011-07-21 21:50 . 2011-07-21 21:50   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-12 14:52 . 2007-04-10 02:06   8192   ----a-w-   c:\windows\system32\E_DCINST.DLL
2011-07-12 14:51 . 2009-10-01 04:01   63488   ----a-w-   c:\windows\system32\E_FD4BGXE.DLL
2011-07-12 14:51 . 2008-11-12 03:00   93696   ----a-w-   c:\windows\system32\E_FLBGXE.DLL
2011-07-12 14:46 . 2011-07-12 14:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\UDL
2011-07-12 14:39 . 2011-07-13 08:25   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\Epson
2011-07-12 14:38 . 2011-07-12 14:44   --------   d-----w-   c:\program files\Epson Software
2011-07-12 14:38 . 2010-09-13 14:01   458129   ----a-w-   c:\windows\system32\ensppui.dll
2011-07-12 14:38 . 2010-09-13 14:00   475410   ----a-w-   c:\windows\system32\ensppmon.dll
2011-07-12 14:38 . 2008-06-18 10:49   249344   ----a-w-   c:\windows\system32\enspres.dll
2011-07-12 14:38 . 2010-09-13 14:01   458129   ----a-w-   c:\windows\system32\enppui.dll
2011-07-12 14:38 . 2010-09-13 14:00   475410   ----a-w-   c:\windows\system32\enppmon.dll
2011-07-12 14:38 . 2008-06-18 10:49   249344   ----a-w-   c:\windows\system32\enpres.dll
2011-07-12 14:38 . 2011-07-12 14:38   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\InstallShield
2011-07-12 14:36 . 2011-07-12 14:38   --------   d-----w-   c:\program files\EpsonNet
2011-07-12 14:34 . 2011-07-12 14:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\EPSON
2011-07-12 14:34 . 2009-10-15 23:00   132560   ----a-w-   c:\windows\system32\esdevapp.exe
2011-07-12 14:34 . 2009-10-15 23:00   12800   ----a-w-   c:\windows\system32\escdev.dll
2011-07-12 14:34 . 2009-09-16 23:00   342016   ----a-w-   c:\windows\system32\eswiaud.dll
2011-07-07 14:35 . 2011-07-06 18:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 14:34 . 2011-07-06 18:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-07 14:34 . 2011-07-17 08:19   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-07-03 13:50 . 2011-07-03 15:19   --------   d-----w-   C:\Games
2011-06-30 11:04 . 2011-02-11 13:25   229888   ----a-w-   c:\windows\system32\fxscover.exe
2011-06-30 10:49 . 2011-07-01 20:16   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\Audacity
2011-06-29 09:24 . 2008-04-13 17:36   10240   ----a-w-   c:\windows\system32\dllcache\compbatt.sys
2011-06-29 09:15 . 2001-08-17 12:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
2011-06-29 09:14 . 2008-04-13 17:46   13696   ----a-w-   c:\windows\system32\dllcache\avcstrm.sys
2011-06-29 09:13 . 2001-08-17 21:36   462848   ----a-w-   c:\windows\system32\dllcache\a3dapi.dll
2011-06-29 09:13 . 2001-08-17 12:52   23552   ----a-w-   c:\windows\system32\dllcache\abp480n5.sys
2011-06-29 09:13 . 2001-08-17 21:36   98304   ----a-w-   c:\windows\system32\dllcache\a3d.dll
2011-06-29 09:13 . 2001-08-17 13:55   38400   ----a-w-   c:\windows\system32\dllcache\8514a.dll
2011-06-29 09:13 . 2008-04-13 17:46   48128   ----a-w-   c:\windows\system32\dllcache\61883.sys
2011-06-29 09:13 . 2008-04-13 17:40   12288   ----a-w-   c:\windows\system32\dllcache\4mmdat.sys
2011-06-29 09:13 . 2001-08-17 13:55   689216   ----a-w-   c:\windows\system32\dllcache\3dfxvs.dll
2011-06-29 09:13 . 2001-08-17 12:28   762780   ----a-w-   c:\windows\system32\dllcache\3cwmcru.sys
2011-06-29 09:13 . 2001-08-17 11:48   148352   ----a-w-   c:\windows\system32\dllcache\3dfxvsm.sys
2011-06-29 09:13 . 2001-08-17 13:06   11264   ----a-w-   c:\windows\system32\dllcache\1394vdbg.sys
2011-06-28 17:52 . 2011-06-28 17:52   --------   d-----w-   c:\documents and settings\HP_Owner\Application Data\Unity
2011-06-28 17:43 . 2011-06-28 17:43   --------   d-----w-   c:\documents and settings\HP_Owner\Local Settings\Application Data\Unity
2011-06-27 16:09 . 2011-06-30 10:49   --------   d-----w-   c:\program files\Audacity 1.3 Beta (Unicode)
2011-06-25 18:10 . 2011-06-25 18:10   --------   d-----w-   C:\Nexon
2011-06-25 18:10 . 2011-06-25 18:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\NexonEU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-21 21:50 . 2010-04-27 14:54   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-06-22 17:10 . 2011-06-22 17:10   25992   ----a-w-   c:\windows\system32\pgdfgsvc.exe
2011-06-19 10:32 . 2011-05-15 08:29   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-04 11:00   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-05-17 14:55 . 2010-12-07 01:31   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp
2011-05-14 18:22 . 2011-05-14 18:22   53248   ----a-r-   c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-02 15:31 . 2004-08-04 11:00   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 11:00   151552   ----a-w-   c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 11:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 11:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 11:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2010-06-07 15:16 . 2010-08-11 09:14   3887480   ----a-w-   c:\program files\procexp.exe
2009-12-01 10:53 . 2010-02-20 22:05   559992   ----a-w-   c:\program files\autorunsc.exe
2009-11-24 13:15 . 2009-11-24 13:22   18665720   ----a-w-   c:\program files\LimeWireWin.exe
2009-07-10 00:20 . 2009-07-10 00:19   347928562   ----a-w-   c:\program files\sauerbraten_2009_05_04_trooper_edition_win32_setup.exe
2009-06-11 22:46 . 2009-07-07 12:05   172032   ----a-w-   c:\program files\libpng13.dll
2009-04-12 19:22 . 2009-04-12 19:22   6237728   ----a-w-   c:\program files\SUPERAntiSpyware.exe
2009-03-20 12:20 . 2009-03-20 12:20   573   ----a-w-   c:\program files\xp_system32opens.vbs
2009-03-12 19:17 . 2009-09-30 11:27   5486113   ----a-w-   c:\program files\DarkWave-Studio-2.4.exe
2009-03-12 15:43 . 2009-03-12 15:43   1971378   ----a-w-   c:\program files\SetupImgBurn_2.4.2.0.exe
2009-02-22 21:35 . 2009-02-22 21:35   3171208   ----a-w-   c:\program files\ccsetup216.exe
2009-02-21 13:50 . 2009-02-21 13:50   18638688   ----a-w-   c:\program files\sdsetup.exe
2009-02-01 15:28 . 2009-07-07 12:05   45056   ----a-w-   c:\program files\Launcher.exe
2009-01-30 18:13 . 2009-01-30 18:13   1053744   ----a-w-   c:\program files\revosetup.exe
2009-01-03 20:33 . 2009-01-03 20:33   6832928   ----a-w-   c:\program files\alzip.exe
2009-01-03 17:40 . 2009-01-03 17:40   939698   ----a-w-   c:\program files\7z464.exe
2009-01-03 17:33 . 2009-01-03 17:33   8973608   ----a-w-   c:\program files\zg603sui.exe
2008-12-09 15:01 . 2008-12-09 15:01   4399029   ----a-w-   c:\program files\quickzip.exe
2008-11-19 17:48 . 2010-10-19 15:51   14709760   ----a-w-   c:\program files\ClassActionKillers.msi
2008-11-19 17:48 . 2010-10-19 15:51   370176   ----a-w-   c:\program files\setup.exe
2008-07-09 11:27 . 2008-07-09 11:27   820380   ----a-w-   c:\program files\audacity-win-1.2.6.exe
2004-03-18 18:36 . 2009-07-07 12:05   401484   ----a-w-   c:\program files\msvcrtd.dll
2011-06-22 14:57 . 2011-04-28 10:58   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 13:01 . 2010-04-22 18:23   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
2004-08-04 11:00   94784   --sha-w-   c:\windows\twain.dll
2008-04-14 00:12   50688   --sha-w-   c:\windows\twain_32.dll
2004-07-30 06:04   1216   --sha-w-   c:\windows\Twunk_16.dll
2004-07-30 06:04   1216   --sha-w-   c:\windows\Twunk_32.dll
2008-04-14 00:12   57344   --sha-w-   c:\windows\system32\msvcirt.dll
2008-04-14 00:12   413696   --sha-w-   c:\windows\system32\msvcp60.dll
2008-04-14 00:12   343040   --sha-w-   c:\windows\system32\msvcrt.dll
2011-02-08 13:33   978944   --sha-w-   c:\windows\system32\OLDCC.tmp
2010-12-20 17:32   551936   --sh--w-   c:\windows\system32\oleaut32.dll
2008-04-14 00:12   84992   --sh--w-   c:\windows\system32\olepro32.dll
2008-04-14 00:12   11776   --sh--w-   c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\prxtbDow0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\prxtbDow0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\prxtbDow0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-25 1306216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-12 273544]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-5 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 09:58   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11   342312   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca3dc146c6f28a;Google Update Service (gupdate1ca3dc146c6f28a);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-06-08 73728]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-03-13 83688]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 RTPP2K;RTPP2K;c:\windows\system32\DRIVERS\rtpp2k.sys [2001-04-30 87374]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-03-13 89368]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-07-22 3029208]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 148520]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-03-13 83688]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2009-06-18 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
.
2011-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-03-21 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-03-18 13:53]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&source=hp&btnG=Google+Search
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-PCDrProfiler - (no file)
SafeBoot-Wdf01000.sys
AddRemove-Sauerbraten - c:\documents and settings\Sauerbraten\uninstall.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\rundll32.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
.
**************************************************************************
.
Completion time: 2011-07-25 10:36:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 09:36
.
Pre-Run: 93,165,621,248 bytes free
Post-Run: 92,944,678,912 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0415A439B65A3AE295F4D2ABBF72BDDC

Will now reboot clean and see what happens.

SuperDave · « **Reply #14 on:** July 25, 2011, 06:00:43 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
Trusted Zone: internet
Trusted Zone: mcafee.com
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

***************************************************
P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
FrostWire
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

bandalex · « **Reply #15 on:** July 26, 2011, 07:45:12 AM »

Hi Dave

Log is pasted after this - have used P2P from Emule thru Limewire then Frostwire. Latterly had noticed and read about growing number of issues and have not used at all in last 6 months but never got round to deleting it. Small point though, have had to delete manually as it didn't appear in Control Panel - is that odd or not?

Anyhow as promised and hope it all amkes sense to you!

Alex

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F757C000
Module End: F758B000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F34B7000
Module End: F34CF000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7AB0000
Module End: F7AB2000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F7914000
Module End: F791C000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7AD6000
Module End: F7AD8000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: F3A38620
Driver Base: F3A2E000
Driver End: F3A50000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 80504B08
Jump To: F726FDF4
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 805B2E48
Jump To: F726FE20
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwTerminateProcess
At Address: 805D29E2
Jump To: F726FE34
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetValueKey
At Address: 80622662
Jump To: F726FDCA
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetSecurityObject
At Address: 805C062E
Jump To: F726FDE0
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRenameKey
At Address: 80623B12
Jump To: F726FD9E
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenThread
At Address: 805CB6CC
Jump To: F726FD4C
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenProcess
At Address: 805CB440
Jump To: F726FD38
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenKey
At Address: 806254CE
Jump To: F726FD60
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 805B203A
Jump To: F726FE0A
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteValueKey
At Address: 8062475C
Jump To: F726FDB4
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteKey
At Address: 8062458C
Jump To: F726FD88
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateKey
At Address: 806240F0
Jump To: F726FD74
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\HP_Owner\Cookies\

???L?

??
Status: Hidden

Object: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{EE1C98D5-5C6E-7C57-C992-EC9B935BBB83}\01\12-{EE1C98D5-5C6E-7C57-C992-EC9B935
Status: Hidden

Object: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{BAFAFF34-6546-1C02-5C98-D03178B14D18}\01\10-{BAFAFF34-6546-1C02-5C98-D03178B14D1
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #16 on:** July 26, 2011, 04:32:29 PM »

Quote

have had to delete manually as it didn't appear in Control Panel - is that odd or not?

Some of them have their own uninstaller. Just look at All Programs and see if there an uninstaller for that program. Or, you can see if HJT will find it.

Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove.
•Click Delete this entry
************************************************

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

bandalex · « **Reply #17 on:** July 27, 2011, 03:43:20 AM »

Wow, that took a long time (almost 6 hours!) - slept thru most of it.

Here's the results

C:\Bens Stuff\MsgPlusLive-460.exe   a variant of Win32/Adware.CiDHelp application   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\11\7ed88b0b-6574cc5b   multiple threats   deleted - quarantined
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\hfnfjpohnpggkhfgolfffpcljnllfojl\contentscript.js   Win32/TrojanDownloader.Tracur.F trojan   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}\chrome\xulcache.jar.vir   JS/Agent.NCP trojan   deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{b9452a5b-916c-404f-8479-850185ae13bc}\chrome\xulcache.jar.vir   JS/Agent.NCP trojan   deleted - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP1209\A0310536.exe   a variant of Win32/Adware.CiDHelp application   cleaned by deleting - quarantined

Have just re-started and (so far) no d**mned messages!

Also, why did you appear a little critical of Firefox v Explorer - are there serious security problems with it?

Cheers
Alex

SuperDave · « **Reply #18 on:** July 27, 2011, 05:39:51 PM »

Quote

Also, why did you appear a little critical of Firefox v Explorer - are there serious security problems with it?

Firefox is reported to be a safer browser than IE but I'm not critical about Firefox. In fact, I use both.
Let's give it a few days to see what happens and then come back and we'll do some cleanup.

bandalex · « **Reply #19 on:** July 28, 2011, 02:58:52 AM »

Thanks for that. Just a small note to say I did first cold start this a.m. and again no repetition of the problem. If I may ask a slightly unrelated question - McAfee Security Centre is pretty resource hungry and vibes I'm getting from around the Net are that it's not as efficient as some of the free systems like AVG. What's your take?

Alex

SuperDave · « **Reply #20 on:** July 28, 2011, 04:11:23 PM »

Quote

McAfee Security Centre is pretty resource hungry and vibes I'm getting from around the Net are that it's not as efficient as some of the free systems like AVG. What's your take?

In my opinion, the best of the free AV's is MSE. It's lightweight and updates all the time and no need to register; install it and forget about it. AVG is also very resource hungry.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

We may just as well do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

If this doesn't remove ComboFix, please let me know.
*************************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

bandalex · « **Reply #21 on:** July 29, 2011, 02:47:05 AM »

Hi Dave

Oh dear - switched on this a.m. and the messages are back. I thought they might be as I was updating my GTA user radio file and as I was copying across the message flashed up again. That might mean that there's a nasty in my music files or there's a meanie in the games disk (unlikely I guess). Before I follow your last lot of instructions, how should I proceed next?

Alex

bandalex · « **Reply #22 on:** July 29, 2011, 06:11:18 AM »

Also should mention there was an update of McAfee during the day - again it seems unlikely but is it possible there's a glitch in my files that might be causing this?

Alex

SuperDave · « **Reply #23 on:** July 29, 2011, 04:38:07 PM »

Quote

again it seems unlikely but is it possible there's a glitch in my files that might be causing this?

I'm sorry but I'm at a loss as to what to do next.
Are you just getting the WFP message?
Have you ever received messages like this?

Quote

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your product CD-ROM now.

or this?[/COLOR]

Quote

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. The network location from which these files should be copied, \\server\share, is not available. Contact your system administrator or insert product CD-ROM now.

Note: You must be logged in as Administrator to receive these messages.

bandalex · « **Reply #24 on:** July 29, 2011, 05:01:14 PM »

Yes, the first of the 2 messages you quote has been the one appearing regularly for the past couple of weeks. You may recall that I bought the machine 3 years ago without a system disk (Its a hewlett packard by the way) but with Windows XP duly loaded up and full I386 backup. Until this started I'd never had this message before.

It seems odd to me that there is no software that seems able to monitorregistry files and identify which ones are specifically unregistered so that I/we can pinpoint the area that's causing problems. Maybe it's just something I'll have to live with.

Should I continue with the instructions from your previous post or go back over some of the prior routines - if the latter, advice please.

If there's nothing else you can suggest then many thanks for your efforts and my apologies for being a nuisance!

Alex

SuperDave · « **Reply #25 on:** July 30, 2011, 05:50:18 PM »

I'm going to check with my colleague about this problem.

SuperDave · « **Reply #26 on:** July 31, 2011, 01:29:41 PM »

Ok. Let's try this. Please remove McAfee using this tool below and then re-install McAfee and see what happens.

Download the McAfee Consumer Product Removal Tool to your Desktop.

Using McAfee Consumer Product Removal tool:

* Double click the MCPR.exe
* A Command Line window will be displayed, and then close automatically.
* Wait for a second Command Line window to be displayed.

Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

* After the second window appears, the program will begin the cleanup.
* Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
* Press Y on the keyboard.
* Wait for the computer to restart.
* All McAfee products are now removed from your computer.

bandalex · « **Reply #27 on:** August 02, 2011, 04:31:55 AM »

Okay, that's done. 2 warm starts and no re-occurence so I'll wait for the next cold start before I get too excited! Apparently McAfee doesn't get along with Malwarebytes or Spybot. I've let it delete the first but it couldn't scupper the second.

Alex

bandalex · « **Reply #28 on:** August 03, 2011, 09:49:27 AM »

Cold start resulted in 2 things - first a re-occurrence of the File Protection message - just once though, not twice) and then a re-installation of McAfee which I can only assume was automatically generated from the host after I deleted and didn't noticed that I'd manually re-instated it!

Just warm-started again and again got a single repetition of the problem - maybe we're making some progress. I want to remind you that this is not having any apparent negative effects on speed or performance.

Alex

SuperDave · « **Reply #29 on:** August 04, 2011, 01:23:36 PM »

Did you use the Removal tool I provided? Programs do not re-install by themselves unless it's malware.
Please run this scan for me.

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

bandalex · « **Reply #30 on:** August 05, 2011, 04:00:58 AM »

Hi there
Yes I used the removal tool and I've just finished doing the other housekeeping you suggested in an earlier message (28 July). Take your point about programs re-installing though I did wonder if I buy McAfee online and it recognises that the program's been removed (which it did) and I still have 240 days of my subscription left it wilol try to re-install - I guess I should ask McAfee that question huh?

Anyway, after a clean cold start yesterday and today, once I got into cleaning and so on the first reboot (after running TFC) I did brought up the same old messages. I've still to do the OTL so we'll see what that pushes out.

Thanks

Alex

bandalex · « **Reply #31 on:** August 07, 2011, 08:32:01 AM »

okay, done the OTL scan and the reports as follows - OTL.Txt first:

OTL logfile created on: 07/08/2011 14:53:35 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (RTPP2K) -- C:\WINDOWS\system32\drivers\rtpp2k.sys (Shuttle Technology.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginen ame: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enable d: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9452a5b-916c-404f-8479-850185ae13bc}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/12 09:55:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/04 14:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 10:35:12 | 000,000,000 | ---D | M]

[2009/10/31 14:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/03/06 00:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/08/05 10:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions
[2011/08/05 10:49:36 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/22 17:28:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\askcom.xml
[2010/10/01 22:31:36 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\bing.xml
[2010/10/01 22:12:25 | 000,005,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\googlecom-in-english.xml
[2011/07/21 22:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 15:54:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/02 14:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:03:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 11:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/27 10:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/21 22:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JVO1QB88.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/21 22:50:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/27 10:51:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/22 15:57:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/07/21 22:50:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/08/24 11:08:35 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/26 12:53:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110803101551.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Download Energy Toolbar) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EPSON PX820FWD Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGXE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/16 10:31:49 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199112852312 (MUWebControl Class)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/securelogin-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://uk.games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/06 00:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/02/25 18:24:46 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 14:49:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/08/07 11:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/07 11:17:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/05 10:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/05 10:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/05 10:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/05 10:22:26 | 081,496,432 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2011/08/05 10:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/05 10:17:20 | 037,806,960 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2011/08/05 10:12:57 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/08/05 10:11:42 | 003,124,384 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011/08/05 09:13:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2011/08/04 20:01:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/04 09:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 10:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2011/08/03 10:17:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
[2011/08/03 10:17:38 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2011/08/03 10:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2011/08/03 10:15:50 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/08/03 10:15:46 | 000,089,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/08/03 10:00:22 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/08/03 10:00:22 | 000,083,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/08/03 10:00:21 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/08/03 10:00:21 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/08/03 10:00:21 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/08/03 10:00:21 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/08/03 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/08/03 10:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/08/03 09:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/08/03 09:58:24 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/08/02 11:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/07/26 23:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 23:50:11 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/07/26 14:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\SysProt
[2011/07/26 14:23:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/26 12:50:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/25 14:47:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\PrivacIE
[2011/07/25 13:53:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\IETldCache
[2011/07/25 13:49:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/07/25 13:44:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/25 13:38:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/07/25 09:51:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/25 09:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/22 00:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dial-a-fix-v0.60.0.24
[2011/07/21 22:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\HiJackThis
[2011/07/21 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 22:50:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 22:50:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 15:53:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2011/07/12 15:52:05 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2011/07/12 15:51:58 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBGXE.DLL
[2011/07/12 15:51:58 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BGXE.DLL
[2011/07/12 15:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/07/12 15:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Epson
[2011/07/12 15:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
[2011/07/12 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2011/07/12 15:38:15 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppmon.dll
[2011/07/12 15:38:15 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppui.dll
[2011/07/12 15:38:15 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enspres.dll
[2011/07/12 15:38:14 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppmon.dll
[2011/07/12 15:38:14 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppui.dll
[2011/07/12 15:38:14 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enpres.dll
[2011/07/12 15:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\InstallShield
[2011/07/12 15:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/07/12 15:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2011/07/12 15:34:11 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
[2011/07/12 15:34:11 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\esdevapp.exe
[2011/07/12 15:34:11 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escdev.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/08/11 10:14:24 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
[2010/02/20 23:05:43 | 000,559,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[2009/11/24 14:22:22 | 018,665,720 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2009/07/07 13:05:47 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrtd.dll
[2009/03/12 16:43:33 | 001,971,378 | ---- | C] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
[2009/02/22 22:35:19 | 003,171,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup216.exe
[2009/02/21 14:50:17 | 018,638,688 | ---- | C] (PC Tools ) -- C:\Program Files\sdsetup.exe
[2009/01/03 21:33:47 | 006,832,928 | ---- | C] (ESTsoft Corp. ) -- C:\Program Files\alzip.exe
[2009/01/03 18:33:23 | 008,973,608 | ---- | C] (M.Dev Software ) -- C:\Program Files\zg603sui.exe
[2008/12/09 16:01:50 | 004,399,029 | ---- | C] (Joseph Leung ) -- C:\Program Files\quickzip.exe
[2008/07/09 12:27:25 | 000,820,380 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 14:49:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/08/07 14:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 12:19:48 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
[2011/08/07 12:19:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
[2011/08/07 11:47:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/08/07 11:29:06 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/08/07 11:12:43 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/07 11:12:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 11:12:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 11:12:31 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 11:12:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/06 10:23:48 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/05 10:47:11 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/05 10:33:09 | 000,092,776 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 10:29:01 | 081,496,432 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/05 10:21:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/05 10:20:11 | 037,806,960 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2011/08/05 10:12:58 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/08/05 10:12:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/05 10:11:43 | 003,124,384 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011/08/05 09:13:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2011/07/27 03:03:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/26 23:50:12 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/07/26 12:53:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/25 14:47:12 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
[2011/07/25 09:51:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/22 17:21:08 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\PagePlus 11 (2).lnk
[2011/07/22 01:00:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/22 01:00:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/22 00:53:42 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
[2011/07/21 23:01:00 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/07/21 22:59:30 | 000,000,544 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2011/07/21 22:50:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 22:50:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 22:50:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 22:50:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 22:50:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/21 15:44:39 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/14 10:02:10 | 000,405,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 19:30:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2011/07/12 15:46:56 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/07/12 15:44:14 | 000,000,306 | ---- | M] () -- C:\WINDOWS\setup.iss
[2011/07/12 15:40:04 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2011/07/12 15:36:09 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
[2011/07/12 15:35:50 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
[2011/07/12 15:34:13 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 10:47:11 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/05 10:33:09 | 000,092,776 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 10:28:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/08/05 10:28:24 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/05 10:21:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/03 10:18:43 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/07/30 10:17:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 10:17:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 14:47:12 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
[2011/07/25 13:47:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/22 00:53:42 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
[2011/07/21 23:00:59 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/07/13 19:30:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/07/12 15:46:56 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/07/12 15:44:05 | 000,000,306 | ---- | C] () -- C:\WINDOWS\setup.iss
[2011/07/12 15:40:04 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2011/07/12 15:36:09 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
[2011/07/12 15:35:50 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
[2011/07/12 15:34:13 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/06/30 12:45:50 | 000,223,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/25 10:01:22 | 000,333,018 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/04/25 16:17:14 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/10/19 16:51:50 | 014,709,760 | ---- | C] () -- C:\Program Files\ClassActionKillers.msi
[2010/10/01 17:16:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uzagefu.dat
[2010/10/01 17:16:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jdebecusuramu.bin
[2010/08/11 10:14:24 | 000,072,268 | ---- | C] () -- C:\Program Files\procexp.chm
[2010/05/14 22:56:06 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 22:55:58 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2009/10/01 11:07:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\setup_ldm.iss
[2009/09/30 12:27:14 | 005,486,113 | ---- | C] () -- C:\Program Files\DarkWave-Studio-2.4.exe
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/08/25 15:22:36 | 015,436,399 | ---- | C] () -- C:\Program Files\F1_v1.3.zip
[2009/08/25 15:16:29 | 091,959,937 | ---- | C] () -- C:\Program Files\Avert Fate.zip
[2009/07/10 01:19:49 | 347,928,562 | ---- | C] () -- C:\Program Files\sauerbraten_2009_05_04_trooper_edition_win32_setup.exe
[2009/07/07 13:05:47 | 000,172,032 | ---- | C] () -- C:\Program Files\libpng13.dll
[2009/07/07 13:05:46 | 000,045,056 | ---- | C] () -- C:\Program Files\Launcher.exe
[2009/05/13 12:13:24 | 001,271,001 | ---- | C] () -- C:\Program Files\Lame-Front-End.zip
[2009/04/12 20:22:29 | 006,237,728 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/03/20 13:20:38 | 000,000,573 | ---- | C] () -- C:\Program Files\xp_system32opens.vbs
[2009/02/10 20:20:54 | 000,748,688 | ---- | C] () -- C:\Program Files\cpukil305.zip
[2009/01/30 19:13:44 | 001,053,744 | ---- | C] () -- C:\Program Files\revosetup.exe
[2009/01/23 20:51:09 | 000,189,810 | ---- | C] () -- C:\Program Files\libmp3lame-win-3.98.2.zip
[2009/01/03 18:40:29 | 000,939,698 | ---- | C] () -- C:\Program Files\7z464.exe
[2008/12/14 20:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/12/12 18:31:59 | 000,000,471 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ
[2008/12/09 20:25:45 | 000,007,804 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/09 19:52:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/12/09 16:03:51 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\QuickZip45.ini
[2008/12/03 18:45:24 | 020,768,389 | ---- | C] () -- C:\Program Files\DN3DInst.zip
[2008/07/06 16:17:05 | 000,000,591 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/07/02 12:04:10 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/17 01:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/17 01:31:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/17 01:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/17 01:31:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/17 01:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/17 01:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/17 01:31:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/17 01:31:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/17 01:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/14 17:17:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2008/04/01 17:34:30 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/03/21 21:01:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/21 19:31:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/03/21 18:56:14 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2008/03/21 17:54:34 | 000,116,736 | ---- | C] () -- C:\WINDOWS\Uninstall_Livebox.EXE
[2008/01/30 22:39:58 | 000,005,495 | ---- | C] () -- C:\Program Files\0x0409.ini
[2007/12/31 15:45:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/11 16:12:54 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/06/05 20:14:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/05 19:53:15 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/05 19:49:40 | 000,013,561 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/05 19:49:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/05 19:45:45 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/06/05 19:42:54 | 000,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/05 19:38:07 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/06/05 19:38:07 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/06/05 19:36:57 | 000,090,686 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/06/05 19:36:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/06/05 19:27:20 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/05 19:26:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/05 19:23:26 | 000,121,994 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/05 19:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/05 19:05:18 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/05 19:05:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/05 19:04:54 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/18 01:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/06 00:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/06 00:36:34 | 000,506,376 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/06 00:36:34 | 000,088,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/06 00:34:46 | 000,405,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/06 00:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/06 00:30:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 20:10:06 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/14 03:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/08/11 07:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\EPIPPJ50.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/04 09:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/12 15:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/10/24 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2011/05/16 00:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/04/01 18:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/03/21 02:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/25 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2008/11/12 20:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/07/20 11:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2008/02/02 17:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/05/24 13:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/12 15:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/05/15 01:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2011/08/05 10:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/13 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/12 15:22:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/06/19 00:02:16 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/03/21 02:21:27 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3DFE6FE
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

bandalex · « **Reply #32 on:** August 07, 2011, 08:33:32 AM »

And the Extras.Txt as follows:

OTL Extras logfile created on: 07/08/2011 14:53:35 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B884C9B-5D85-4461-88EE-826E1BB33008}" = Serif PagePlus 11
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{492E1D84-D7BF-4FA2-A26A-30AFC89EF547}" = Tiger Woods PGA TOUR 2003
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5EAF2-E5D8-4A2B-864B-D72B37A9DD51}" = PCmover
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABBA0799-F982-414C-9A8B-17EB03D39677}" = trakAxPC
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1067C8-1AA1-4503-BCAD-EA1EE5427DC7}" = MAGIX Video easy SE
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.64
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"CleanMem1.3.0" = CleanMem
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"Cube" = Cube
"Download_Energy Toolbar" = Download_Energy Toolbar
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON PX820FWD Series" = EPSON PX820FWD Series Printer Uninstall
"EPSON PX820FWD Series Manual" = EPSON PX820FWD Series Manual
"EPSON PX820FWD Series Network Guide" = EPSON PX820FWD Series Network Guide
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow_is1" = ffdshow [rev 1900] [2008-03-15]
"Google Chrome" = Google Chrome
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photo Printing Software" = HP Photo Printing Software
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Jardinains 2!_is1" = Jardinains 2!
"LMMS 0.4.5" = Linux MultiMedia Studio (LMMS)
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Revo Uninstaller" = Revo Uninstaller 1.92
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Ziepod_is1" = Ziepod version 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007041f.

Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/08/2011 20:18:07 | Computer Name = YOUR-C94F920E24 | Source = Application Error | ID = 1000
Description = Faulting application gta_sa.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x6567696c.

Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/06/2011 07:02:43 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 30/06/2011 07:04:57 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 12/07/2011 05:18:02 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 17/07/2011 03:31:08 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 03/08/2011 11:38:06 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service VSS with arguments
"" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

< End of report >

SuperDave · « **Reply #33 on:** August 07, 2011, 04:32:03 PM »

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

bandalex · « **Reply #34 on:** August 08, 2011, 01:05:59 PM »

This doesn't look very dramatic:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

SuperDave · « **Reply #35 on:** August 08, 2011, 04:38:43 PM »

Please do this in the following order. Please download, install and activate MicroSoft Security Essentials from the link below. Then remove McAfee using the tool below and see if you're still getting the error message.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Download the McAfee Consumer Product Removal Tool to your Desktop.

Using McAfee Consumer Product Removal tool:

* Double click the MCPR.exe
* A Command Line window will be displayed, and then close automatically.
* Wait for a second Command Line window to be displayed.

Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

* After the second window appears, the program will begin the cleanup.
* Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
* Press Y on the keyboard.
* Wait for the computer to restart.
* All McAfee products are now removed from your computer.

bandalex · « **Reply #36 on:** August 10, 2011, 04:20:02 AM »

Done and the reboot produced no repeat of the FP message.
Too much to do today to stop and start but expect a cold start to have the same result. As I think you have too, I've come to the conclusion the problem has resided somewhere in McAfee. We shall see!

Thanks again.

Alex

bandalex · « **Reply #37 on:** August 10, 2011, 10:17:45 AM »

Since last job I've been getting explorer.exe using up between 40-50% of CPU all the time - I'm sure this isn't normal. Any thoughts and suggestions to fix?

SuperDave · « **Reply #38 on:** August 10, 2011, 05:34:01 PM »

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

bandalex · « **Reply #39 on:** August 10, 2011, 06:29:17 PM »

I already run process explorer - it's more user friendly and detailed than Task Manager. However, as with many diagnostic type tools, I never get round to fully utilising the features available. So I'm glad to have this passed on - thanks.

Here's the data:

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
System Idle Process   0   47.69   0 K   28 K
Interrupts   n/a      0 K   0 K   Hardware Interrupts
DPCs   n/a      0 K   0 K   Deferred Procedure Calls
System   4      0 K   140 K
smss.exe   444      204 K   116 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
csrss.exe   508      1,860 K   2,756 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe   532      6,656 K   2,604 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
services.exe   576   0.77   1,932 K   2,244 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
a2service.exe   748      15,736 K   440 K   Emsisoft Anti-Malware Service   Emsi Software GmbH   "C:\Program Files\Emsisoft Anti-Malware\a2service.exe"
svchost.exe   836      3,228 K   1,828 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k DcomLaunch
hpgs2wnf.exe   1912      964 K   440 K   hpgs2wnf Module      C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe -Embedding
svchost.exe   932      2,000 K   2,284 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k rpcss
MsMpEng.exe   972      170,924 K   48,428 K   Antimalware Service Executable   Microsoft Corporation   "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
svchost.exe   1008      19,816 K   25,812 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   1080      2,100 K   2,168 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe   1164      3,400 K   1,212 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe   1276      4,508 K   1,960 K   Spooler SubSystem App   Microsoft Corporation   C:\WINDOWS\system32\spoolsv.exe
UMVPFSrv.exe   1308      1,616 K   140 K   Logitech User mode UMVPF service   Logitech Inc.   "C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
svchost.exe   512      1,400 K   784 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
SASCORE.EXE   868      732 K   212 K   Core Service   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
mDNSResponder.exe   1436      984 K   1,064 K   Bonjour Service   Apple Inc.   "C:\Program Files\Bonjour\mDNSResponder.exe"
CLCapSvc.exe   1448      5,944 K   848 K   CLCapSvc Module      "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"
CLMLServer.exe   1508      8,664 K   1,080 K   NT CLMLServer   Cyberlink   "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
SAgent2.exe   1580      1,764 K   484 K   EPSON Printer Status Agent   SEIKO EPSON CORPORATION   "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
jqs.exe   1768      8,816 K   1,380 K   Java(TM) Quick Starter Service   Sun Microsystems, Inc.   "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LSSrvc.exe   1596      632 K   140 K      Hewlett-Packard Company   "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
McciCMService.exe   2264      2,036 K   1,432 K   mcci+McciCMService   Alcatel-Lucent   "C:\Program Files\Common Files\Motive\McciCMService.exe"
MDM.EXE   2284      964 K   476 K   Machine Debug Manager   Microsoft Corporation   "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
nvsvc32.exe   2336      2,680 K   2,472 K   NVIDIA Driver Helper Service, Version 175.19   NVIDIA Corporation   C:\WINDOWS\system32\nvsvc32.exe
HPZIPM12.EXE   2352      556 K   276 K   PML Driver   HP   C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe   2416      2,756 K   2,644 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k imgsvc
CLSched.exe   2504      1,460 K   880 K   CLSched Module      "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"
dialdictate.exe   2540      27,956 K   404 K   Dial Dictate   NCH Software   "C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -service
iPodService.exe   3080      2,472 K   1,504 K   iPodService Module (32-bit)   Apple Inc.   "C:\Program Files\iPod\bin\iPodService.exe"
alg.exe   3352      1,188 K   240 K   Application Layer Gateway Service   Microsoft Corporation   C:\WINDOWS\System32\alg.exe
lsass.exe   588      4,080 K   1,416 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
explorer.exe   1628   50.00   53,632 K   32,584 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\Explorer.EXE
hpgs2wnd.exe   1800      936 K   444 K   hpgs2wnd   Hewlett-Packard   "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
BTHelpNotifier.exe   1812   1.54   2,240 K   2,584 K   mcci+McciTrayApp   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
BTHelpBrowser.exe   6760      10,112 K   18,904 K   mcci+McciBrowser   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" /APPKEY=btbb /URL=file:///C:/Program Files/BT Broadband Desktop Help/btbb/OCB/d153fd8a-965a-4485-845b-effd12a9f06f/Tasks.html
BTHelpBrowser.exe   6852      8,840 K   16,004 K   mcci+McciBrowser   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" -AppKey=btbb -url=https://pbttbc.bt.motive.com/portal/smptasks.jsp?taskid=1
FUFAXSTM.exe   1836      7,792 K   1,188 K   FAX Status Monitor   SEIKO EPSON CORPORATION   "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
EEventManager.exe   1844      3,416 K   1,004 K   EEventManager Application   SEIKO EPSON CORPORATION   "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
jusched.exe   1864      856 K   200 K   Java(TM) 2 Platform Standard Edition binary   Sun Microsystems, Inc.   "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
realsched.exe   1900      1,540 K   232 K   RealNetworks Scheduler   RealNetworks, Inc.   "C:\program files\real\realplayer\update\realsched.exe" -osboot
dialdictate.exe   2004      29,028 K   1,520 K   Dial Dictate   NCH Software   "C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -logon
msseces.exe   152      4,880 K   2,976 K   Microsoft Security Client User Interface   Microsoft Corporation   "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
SUPERANTISPYWARE.EXE   384      31,668 K   796 K   SUPERAntiSpyware Application   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
ctfmon.exe   400      1,188 K   2,172 K   CTF Loader   Microsoft Corporation   "C:\WINDOWS\system32\ctfmon.exe"
procexp.exe   1484      11,660 K   13,144 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Program Files\procexp.exe"
firefox.exe   6648      89,488 K   102,004 K   Firefox   Mozilla Corporation   "C:\Program Files\Mozilla Firefox\firefox.exe"
kbd.exe   4016      3,704 K   1,784 K   KBD EXE   Hewlett-Packard Company   C:\HP\KBD\KBD.EXE
hpsysdrv.exe   992      880 K   760 K   hpsysdrv   Hewlett-Packard Company   c:\windows\system\hpsysdrv.exe

bandalex · « **Reply #40 on:** August 11, 2011, 12:55:59 PM »

No messages today on cold start and CPU usage has regularised to average 93% free so, subject to repetitions, looking like a fix. I presume you'd recommend I don't re-install McAfee then? Also, should I get a separate firewall or will MSE manage that too?

Alex

SuperDave · « **Reply #41 on:** August 12, 2011, 05:17:25 PM »

Quote

I presume you'd recommend I don't re-install McAfee then? Also, should I get a separate firewall or will MSE manage that too?

I'm not a big fan of McAfee. The Windows Firewall in XP is not much good because it only blocks incoming. Outgoing is the most harmful. I really depends on how much security you want on your pc. If you're doing financial dealings then I would recomment a third-party firewall.See suggestions below.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Good luck!

bandalex · « **Reply #42 on:** August 12, 2011, 05:31:03 PM »

Thanks for your help Dave - hope it's been as intriguing for you as it has been frustrating for me. I'll get on with finding a firewall and doing the cleanup.

Regards

Alex

SuperDave · « **Reply #43 on:** August 13, 2011, 05:06:59 PM »

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: unregistered files (Read 26251 times)

bandalex

SuperDave

bandalex

bandalex

SuperDave

bandalex

SuperDave

bandalex

SuperDave

bandalex

SuperDave

bandalex

SuperDave

bandalex

SuperDave

bandalex

SuperDave

bandalex

SuperDave

bandalex

SuperDave

bandalex

bandalex

SuperDave

bandalex

SuperDave

SuperDave

bandalex

bandalex

SuperDave

bandalex

bandalex

bandalex

SuperDave

bandalex

SuperDave

bandalex

bandalex

SuperDave

bandalex

bandalex

SuperDave

bandalex

SuperDave