Author Topic: unregistered files (Read 26280 times)

bandalex · « **Reply #30 on:** August 05, 2011, 04:00:58 AM »

Hi there
Yes I used the removal tool and I've just finished doing the other housekeeping you suggested in an earlier message (28 July). Take your point about programs re-installing though I did wonder if I buy McAfee online and it recognises that the program's been removed (which it did) and I still have 240 days of my subscription left it wilol try to re-install - I guess I should ask McAfee that question huh?

Anyway, after a clean cold start yesterday and today, once I got into cleaning and so on the first reboot (after running TFC) I did brought up the same old messages. I've still to do the OTL so we'll see what that pushes out.

Thanks

Alex

bandalex · « **Reply #31 on:** August 07, 2011, 08:32:01 AM »

okay, done the OTL scan and the reports as follows - OTL.Txt first:

OTL logfile created on: 07/08/2011 14:53:35 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (RTPP2K) -- C:\WINDOWS\system32\drivers\rtpp2k.sys (Shuttle Technology.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginen ame: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enable d: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73e1e35c-27c2-44c5-90fa-cf9da6cbfec3}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9452a5b-916c-404f-8479-850185ae13bc}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/12 09:55:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/04 14:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 10:35:12 | 000,000,000 | ---D | M]

[2009/10/31 14:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/03/06 00:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/08/05 10:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions
[2011/08/05 10:49:36 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/22 17:28:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\askcom.xml
[2010/10/01 22:31:36 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\bing.xml
[2010/10/01 22:12:25 | 000,005,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jvo1qb88.default\searchplugins\googlecom-in-english.xml
[2011/07/21 22:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 15:54:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/02 14:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:03:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 11:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/27 10:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/21 22:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JVO1QB88.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/21 22:50:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/27 10:51:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/22 15:57:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/07/21 22:50:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/08/24 11:08:35 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/26 12:53:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110803101551.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Download Energy Toolbar) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - C:\Program Files\Download_Energy\prxtbDow0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EPSON PX820FWD Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGXE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/16 10:31:49 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199112852312 (MUWebControl Class)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/securelogin-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://uk.games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/06 00:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/02/25 18:24:46 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 14:49:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/08/07 11:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/07 11:17:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/05 10:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/05 10:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/05 10:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/05 10:22:26 | 081,496,432 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2011/08/05 10:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/05 10:17:20 | 037,806,960 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2011/08/05 10:12:57 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/08/05 10:11:42 | 003,124,384 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011/08/05 09:13:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2011/08/04 20:01:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/04 09:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 10:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2011/08/03 10:17:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
[2011/08/03 10:17:38 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2011/08/03 10:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2011/08/03 10:15:50 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/08/03 10:15:46 | 000,089,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/08/03 10:00:22 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/08/03 10:00:22 | 000,083,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/08/03 10:00:21 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/08/03 10:00:21 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/08/03 10:00:21 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/08/03 10:00:21 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/08/03 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/08/03 10:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/08/03 09:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/08/03 09:58:24 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/08/02 11:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/07/26 23:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 23:50:11 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/07/26 14:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\SysProt
[2011/07/26 14:23:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/26 12:50:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/25 14:47:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\PrivacIE
[2011/07/25 13:53:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\IETldCache
[2011/07/25 13:49:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/07/25 13:44:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/25 13:38:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/07/25 09:51:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/25 09:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/22 00:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dial-a-fix-v0.60.0.24
[2011/07/21 22:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\HiJackThis
[2011/07/21 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 22:50:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 22:50:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 22:50:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 15:53:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2011/07/12 15:52:05 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2011/07/12 15:51:58 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBGXE.DLL
[2011/07/12 15:51:58 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BGXE.DLL
[2011/07/12 15:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/07/12 15:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Epson
[2011/07/12 15:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
[2011/07/12 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2011/07/12 15:38:15 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppmon.dll
[2011/07/12 15:38:15 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppui.dll
[2011/07/12 15:38:15 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enspres.dll
[2011/07/12 15:38:14 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppmon.dll
[2011/07/12 15:38:14 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppui.dll
[2011/07/12 15:38:14 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enpres.dll
[2011/07/12 15:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\InstallShield
[2011/07/12 15:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/07/12 15:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2011/07/12 15:34:11 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
[2011/07/12 15:34:11 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\esdevapp.exe
[2011/07/12 15:34:11 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escdev.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/08/11 10:14:24 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
[2010/02/20 23:05:43 | 000,559,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[2009/11/24 14:22:22 | 018,665,720 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2009/07/07 13:05:47 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrtd.dll
[2009/03/12 16:43:33 | 001,971,378 | ---- | C] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
[2009/02/22 22:35:19 | 003,171,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup216.exe
[2009/02/21 14:50:17 | 018,638,688 | ---- | C] (PC Tools ) -- C:\Program Files\sdsetup.exe
[2009/01/03 21:33:47 | 006,832,928 | ---- | C] (ESTsoft Corp. ) -- C:\Program Files\alzip.exe
[2009/01/03 18:33:23 | 008,973,608 | ---- | C] (M.Dev Software ) -- C:\Program Files\zg603sui.exe
[2008/12/09 16:01:50 | 004,399,029 | ---- | C] (Joseph Leung ) -- C:\Program Files\quickzip.exe
[2008/07/09 12:27:25 | 000,820,380 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 14:49:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/08/07 14:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 12:19:48 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
[2011/08/07 12:19:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1157552183-2752306718-432289623-1008.job
[2011/08/07 11:47:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/08/07 11:29:06 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/08/07 11:12:43 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/07 11:12:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 11:12:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 11:12:31 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 11:12:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/06 10:23:48 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/05 10:47:11 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/05 10:33:09 | 000,092,776 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 10:29:01 | 081,496,432 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/05 10:28:24 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/05 10:21:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/05 10:20:11 | 037,806,960 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2011/08/05 10:12:58 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/08/05 10:12:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/05 10:11:43 | 003,124,384 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011/08/05 09:13:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2011/07/27 03:03:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/26 23:50:12 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/07/26 12:53:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/25 14:47:12 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
[2011/07/25 09:51:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/22 17:21:08 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\PagePlus 11 (2).lnk
[2011/07/22 01:00:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/22 01:00:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/22 00:53:42 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
[2011/07/21 23:01:00 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/07/21 22:59:30 | 000,000,544 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2011/07/21 22:50:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 22:50:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 22:50:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 22:50:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 22:50:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/21 15:44:39 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/14 10:02:10 | 000,405,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 19:30:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2011/07/12 15:46:56 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/07/12 15:44:14 | 000,000,306 | ---- | M] () -- C:\WINDOWS\setup.iss
[2011/07/12 15:40:04 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2011/07/12 15:36:09 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
[2011/07/12 15:35:50 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
[2011/07/12 15:34:13 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[1 C:\Documents and Settings\HP_Owner\Desktop\*.tmp files -> C:\Documents and Settings\HP_Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\*.tmp files -> C:\Documents and Settings\HP_Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 10:47:11 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/05 10:33:09 | 000,092,776 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 10:28:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/08/05 10:28:24 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/05 10:21:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/03 10:18:43 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/07/30 10:17:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 10:17:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 14:47:12 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to iexplore.lnk
[2011/07/25 13:47:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/22 00:53:42 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Dial-a-fix-v0.60.0.24.lnk
[2011/07/21 23:00:59 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/07/13 19:30:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/07/12 15:46:56 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/07/12 15:44:05 | 000,000,306 | ---- | C] () -- C:\WINDOWS\setup.iss
[2011/07/12 15:40:04 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2011/07/12 15:36:09 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Network Guide.lnk
[2011/07/12 15:35:50 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON PX820FWD Series Manual.lnk
[2011/07/12 15:34:13 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/06/30 12:45:50 | 000,223,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/25 10:01:22 | 000,333,018 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/04/25 16:17:14 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/10/19 16:51:50 | 014,709,760 | ---- | C] () -- C:\Program Files\ClassActionKillers.msi
[2010/10/01 17:16:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uzagefu.dat
[2010/10/01 17:16:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jdebecusuramu.bin
[2010/08/11 10:14:24 | 000,072,268 | ---- | C] () -- C:\Program Files\procexp.chm
[2010/05/14 22:56:06 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 22:55:58 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2009/10/01 11:07:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\setup_ldm.iss
[2009/09/30 12:27:14 | 005,486,113 | ---- | C] () -- C:\Program Files\DarkWave-Studio-2.4.exe
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/08/25 15:22:36 | 015,436,399 | ---- | C] () -- C:\Program Files\F1_v1.3.zip
[2009/08/25 15:16:29 | 091,959,937 | ---- | C] () -- C:\Program Files\Avert Fate.zip
[2009/07/10 01:19:49 | 347,928,562 | ---- | C] () -- C:\Program Files\sauerbraten_2009_05_04_trooper_edition_win32_setup.exe
[2009/07/07 13:05:47 | 000,172,032 | ---- | C] () -- C:\Program Files\libpng13.dll
[2009/07/07 13:05:46 | 000,045,056 | ---- | C] () -- C:\Program Files\Launcher.exe
[2009/05/13 12:13:24 | 001,271,001 | ---- | C] () -- C:\Program Files\Lame-Front-End.zip
[2009/04/12 20:22:29 | 006,237,728 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/03/20 13:20:38 | 000,000,573 | ---- | C] () -- C:\Program Files\xp_system32opens.vbs
[2009/02/10 20:20:54 | 000,748,688 | ---- | C] () -- C:\Program Files\cpukil305.zip
[2009/01/30 19:13:44 | 001,053,744 | ---- | C] () -- C:\Program Files\revosetup.exe
[2009/01/23 20:51:09 | 000,189,810 | ---- | C] () -- C:\Program Files\libmp3lame-win-3.98.2.zip
[2009/01/03 18:40:29 | 000,939,698 | ---- | C] () -- C:\Program Files\7z464.exe
[2008/12/14 20:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/12/12 18:31:59 | 000,000,471 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ
[2008/12/09 20:25:45 | 000,007,804 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/09 19:52:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/12/09 16:03:51 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\QuickZip45.ini
[2008/12/03 18:45:24 | 020,768,389 | ---- | C] () -- C:\Program Files\DN3DInst.zip
[2008/07/06 16:17:05 | 000,000,591 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/07/02 12:04:10 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/17 01:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/17 01:31:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/17 01:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/17 01:31:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/17 01:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/17 01:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/17 01:31:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/17 01:31:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/17 01:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/14 17:17:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2008/04/01 17:34:30 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/03/21 21:01:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/21 19:31:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/03/21 18:56:14 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2008/03/21 17:54:34 | 000,116,736 | ---- | C] () -- C:\WINDOWS\Uninstall_Livebox.EXE
[2008/01/30 22:39:58 | 000,005,495 | ---- | C] () -- C:\Program Files\0x0409.ini
[2007/12/31 15:45:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/11 16:12:54 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/06/05 20:14:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/05 19:53:15 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/05 19:49:40 | 000,013,561 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/05 19:49:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/05 19:45:45 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/06/05 19:42:54 | 000,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/05 19:38:07 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/06/05 19:38:07 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/06/05 19:36:57 | 000,090,686 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/06/05 19:36:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/06/05 19:27:20 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/05 19:26:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/05 19:23:26 | 000,121,994 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/05 19:08:43 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/05 19:05:18 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/05 19:05:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/05 19:04:54 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/18 01:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/06 00:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/06 00:36:34 | 000,506,376 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/06 00:36:34 | 000,088,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/06 00:34:46 | 000,405,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/06 00:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/06 00:30:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 20:10:06 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/14 03:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/08/11 07:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\EPIPPJ50.DLL
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/04 09:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/12 15:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/10/24 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2011/05/16 00:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/04/01 18:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/03/21 02:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/25 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2008/11/12 20:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/07/20 11:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2008/02/02 17:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/05/24 13:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/12 15:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/05/15 01:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2011/08/05 10:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/13 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/12 15:22:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/06/19 00:02:16 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/03/21 02:21:27 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3DFE6FE
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

bandalex · « **Reply #32 on:** August 07, 2011, 08:33:32 AM »

And the Extras.Txt as follows:

OTL Extras logfile created on: 07/08/2011 14:53:35 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 409.29 Mb Available Physical Memory | 39.99% Memory free
2.31 Gb Paging File | 1.64 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.71 Gb Total Space | 89.63 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.55 Gb Free Space | 9.84% Space Free | Partition Type: FAT32
Drive E: | 3.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-C94F920E24 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B884C9B-5D85-4461-88EE-826E1BB33008}" = Serif PagePlus 11
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{492E1D84-D7BF-4FA2-A26A-30AFC89EF547}" = Tiger Woods PGA TOUR 2003
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5EAF2-E5D8-4A2B-864B-D72B37A9DD51}" = PCmover
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABBA0799-F982-414C-9A8B-17EB03D39677}" = trakAxPC
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1067C8-1AA1-4503-BCAD-EA1EE5427DC7}" = MAGIX Video easy SE
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.64
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"CleanMem1.3.0" = CleanMem
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"Cube" = Cube
"Download_Energy Toolbar" = Download_Energy Toolbar
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON PX820FWD Series" = EPSON PX820FWD Series Printer Uninstall
"EPSON PX820FWD Series Manual" = EPSON PX820FWD Series Manual
"EPSON PX820FWD Series Network Guide" = EPSON PX820FWD Series Network Guide
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow_is1" = ffdshow [rev 1900] [2008-03-15]
"Google Chrome" = Google Chrome
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photo Printing Software" = HP Photo Printing Software
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Jardinains 2!_is1" = Jardinains 2!
"LMMS 0.4.5" = Linux MultiMedia Studio (LMMS)
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Revo Uninstaller" = Revo Uninstaller 1.92
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Ziepod_is1" = Ziepod version 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 05/08/2011 04:44:16 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 05/08/2011 12:51:15 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007041f.

Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 06/08/2011 04:56:47 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/08/2011 20:18:07 | Computer Name = YOUR-C94F920E24 | Source = Application Error | ID = 1000
Description = Faulting application gta_sa.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x6567696c.

Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 07/08/2011 06:12:57 | Computer Name = YOUR-C94F920E24 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 07:02:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/06/2011 07:02:43 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 30/06/2011 07:04:57 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 07:17:06 | Computer Name = YOUR-C94F920E24 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 12/07/2011 05:18:02 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 17/07/2011 03:31:08 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 03/08/2011 11:38:06 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 05/08/2011 12:51:54 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service VSS with arguments
"" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

< End of report >

SuperDave · « **Reply #33 on:** August 07, 2011, 04:32:03 PM »

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

bandalex · « **Reply #34 on:** August 08, 2011, 01:05:59 PM »

This doesn't look very dramatic:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

SuperDave · « **Reply #35 on:** August 08, 2011, 04:38:43 PM »

Please do this in the following order. Please download, install and activate MicroSoft Security Essentials from the link below. Then remove McAfee using the tool below and see if you're still getting the error message.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Download the McAfee Consumer Product Removal Tool to your Desktop.

Using McAfee Consumer Product Removal tool:

* Double click the MCPR.exe
* A Command Line window will be displayed, and then close automatically.
* Wait for a second Command Line window to be displayed.

Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

* After the second window appears, the program will begin the cleanup.
* Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
* Press Y on the keyboard.
* Wait for the computer to restart.
* All McAfee products are now removed from your computer.

bandalex · « **Reply #36 on:** August 10, 2011, 04:20:02 AM »

Done and the reboot produced no repeat of the FP message.
Too much to do today to stop and start but expect a cold start to have the same result. As I think you have too, I've come to the conclusion the problem has resided somewhere in McAfee. We shall see!

Thanks again.

Alex

bandalex · « **Reply #37 on:** August 10, 2011, 10:17:45 AM »

Since last job I've been getting explorer.exe using up between 40-50% of CPU all the time - I'm sure this isn't normal. Any thoughts and suggestions to fix?

SuperDave · « **Reply #38 on:** August 10, 2011, 05:34:01 PM »

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

bandalex · « **Reply #39 on:** August 10, 2011, 06:29:17 PM »

I already run process explorer - it's more user friendly and detailed than Task Manager. However, as with many diagnostic type tools, I never get round to fully utilising the features available. So I'm glad to have this passed on - thanks.

Here's the data:

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
System Idle Process   0   47.69   0 K   28 K
Interrupts   n/a      0 K   0 K   Hardware Interrupts
DPCs   n/a      0 K   0 K   Deferred Procedure Calls
System   4      0 K   140 K
smss.exe   444      204 K   116 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
csrss.exe   508      1,860 K   2,756 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe   532      6,656 K   2,604 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
services.exe   576   0.77   1,932 K   2,244 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
a2service.exe   748      15,736 K   440 K   Emsisoft Anti-Malware Service   Emsi Software GmbH   "C:\Program Files\Emsisoft Anti-Malware\a2service.exe"
svchost.exe   836      3,228 K   1,828 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k DcomLaunch
hpgs2wnf.exe   1912      964 K   440 K   hpgs2wnf Module      C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe -Embedding
svchost.exe   932      2,000 K   2,284 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k rpcss
MsMpEng.exe   972      170,924 K   48,428 K   Antimalware Service Executable   Microsoft Corporation   "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
svchost.exe   1008      19,816 K   25,812 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   1080      2,100 K   2,168 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe   1164      3,400 K   1,212 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe   1276      4,508 K   1,960 K   Spooler SubSystem App   Microsoft Corporation   C:\WINDOWS\system32\spoolsv.exe
UMVPFSrv.exe   1308      1,616 K   140 K   Logitech User mode UMVPF service   Logitech Inc.   "C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
svchost.exe   512      1,400 K   784 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
SASCORE.EXE   868      732 K   212 K   Core Service   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
mDNSResponder.exe   1436      984 K   1,064 K   Bonjour Service   Apple Inc.   "C:\Program Files\Bonjour\mDNSResponder.exe"
CLCapSvc.exe   1448      5,944 K   848 K   CLCapSvc Module      "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"
CLMLServer.exe   1508      8,664 K   1,080 K   NT CLMLServer   Cyberlink   "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
SAgent2.exe   1580      1,764 K   484 K   EPSON Printer Status Agent   SEIKO EPSON CORPORATION   "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
jqs.exe   1768      8,816 K   1,380 K   Java(TM) Quick Starter Service   Sun Microsystems, Inc.   "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LSSrvc.exe   1596      632 K   140 K      Hewlett-Packard Company   "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
McciCMService.exe   2264      2,036 K   1,432 K   mcci+McciCMService   Alcatel-Lucent   "C:\Program Files\Common Files\Motive\McciCMService.exe"
MDM.EXE   2284      964 K   476 K   Machine Debug Manager   Microsoft Corporation   "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
nvsvc32.exe   2336      2,680 K   2,472 K   NVIDIA Driver Helper Service, Version 175.19   NVIDIA Corporation   C:\WINDOWS\system32\nvsvc32.exe
HPZIPM12.EXE   2352      556 K   276 K   PML Driver   HP   C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe   2416      2,756 K   2,644 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k imgsvc
CLSched.exe   2504      1,460 K   880 K   CLSched Module      "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"
dialdictate.exe   2540      27,956 K   404 K   Dial Dictate   NCH Software   "C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -service
iPodService.exe   3080      2,472 K   1,504 K   iPodService Module (32-bit)   Apple Inc.   "C:\Program Files\iPod\bin\iPodService.exe"
alg.exe   3352      1,188 K   240 K   Application Layer Gateway Service   Microsoft Corporation   C:\WINDOWS\System32\alg.exe
lsass.exe   588      4,080 K   1,416 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
explorer.exe   1628   50.00   53,632 K   32,584 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\Explorer.EXE
hpgs2wnd.exe   1800      936 K   444 K   hpgs2wnd   Hewlett-Packard   "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
BTHelpNotifier.exe   1812   1.54   2,240 K   2,584 K   mcci+McciTrayApp   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
BTHelpBrowser.exe   6760      10,112 K   18,904 K   mcci+McciBrowser   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" /APPKEY=btbb /URL=file:///C:/Program Files/BT Broadband Desktop Help/btbb/OCB/d153fd8a-965a-4485-845b-effd12a9f06f/Tasks.html
BTHelpBrowser.exe   6852      8,840 K   16,004 K   mcci+McciBrowser   Alcatel-Lucent   "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" -AppKey=btbb -url=https://pbttbc.bt.motive.com/portal/smptasks.jsp?taskid=1
FUFAXSTM.exe   1836      7,792 K   1,188 K   FAX Status Monitor   SEIKO EPSON CORPORATION   "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
EEventManager.exe   1844      3,416 K   1,004 K   EEventManager Application   SEIKO EPSON CORPORATION   "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
jusched.exe   1864      856 K   200 K   Java(TM) 2 Platform Standard Edition binary   Sun Microsystems, Inc.   "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
realsched.exe   1900      1,540 K   232 K   RealNetworks Scheduler   RealNetworks, Inc.   "C:\program files\real\realplayer\update\realsched.exe" -osboot
dialdictate.exe   2004      29,028 K   1,520 K   Dial Dictate   NCH Software   "C:\Program Files\NCH Swift Sound\DialDictate\dialdictate.exe" -logon
msseces.exe   152      4,880 K   2,976 K   Microsoft Security Client User Interface   Microsoft Corporation   "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
SUPERANTISPYWARE.EXE   384      31,668 K   796 K   SUPERAntiSpyware Application   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
ctfmon.exe   400      1,188 K   2,172 K   CTF Loader   Microsoft Corporation   "C:\WINDOWS\system32\ctfmon.exe"
procexp.exe   1484      11,660 K   13,144 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Program Files\procexp.exe"
firefox.exe   6648      89,488 K   102,004 K   Firefox   Mozilla Corporation   "C:\Program Files\Mozilla Firefox\firefox.exe"
kbd.exe   4016      3,704 K   1,784 K   KBD EXE   Hewlett-Packard Company   C:\HP\KBD\KBD.EXE
hpsysdrv.exe   992      880 K   760 K   hpsysdrv   Hewlett-Packard Company   c:\windows\system\hpsysdrv.exe

bandalex · « **Reply #40 on:** August 11, 2011, 12:55:59 PM »

No messages today on cold start and CPU usage has regularised to average 93% free so, subject to repetitions, looking like a fix. I presume you'd recommend I don't re-install McAfee then? Also, should I get a separate firewall or will MSE manage that too?

Alex

SuperDave · « **Reply #41 on:** August 12, 2011, 05:17:25 PM »

Quote

I presume you'd recommend I don't re-install McAfee then? Also, should I get a separate firewall or will MSE manage that too?

I'm not a big fan of McAfee. The Windows Firewall in XP is not much good because it only blocks incoming. Outgoing is the most harmful. I really depends on how much security you want on your pc. If you're doing financial dealings then I would recomment a third-party firewall.See suggestions below.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Good luck!

bandalex · « **Reply #42 on:** August 12, 2011, 05:31:03 PM »

Thanks for your help Dave - hope it's been as intriguing for you as it has been frustrating for me. I'll get on with finding a firewall and doing the cleanup.

Regards

Alex

SuperDave · « **Reply #43 on:** August 13, 2011, 05:06:59 PM »

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: unregistered files (Read 26280 times)

bandalex

Re: unregistered files

bandalex

Re: unregistered files

bandalex

Re: unregistered files

SuperDave

Re: unregistered files

bandalex

Re: unregistered files

SuperDave

Re: unregistered files

bandalex

Re: unregistered files

bandalex

Re: unregistered files

SuperDave

Re: unregistered files

bandalex

Re: unregistered files

bandalex

Re: unregistered files

SuperDave

Re: unregistered files

bandalex

Re: unregistered files

SuperDave

Re: unregistered files