Solved Suspected Trojan - wauclt.exe

plmtraveller · 2010/04/09

More problems raised I'm sorry.

HJT had an error when running fixes in each profile. Message was:-

An unexpected error ocurred at proceedure:
modMain_FixOther1item(sItem=01 - HOSTS: yB127.0.0.1 localhost)
Error #75 - Path/File access error
Windows Version: Windows NT 5.01.2609
MSIE Version: 8.0.6001.18702
HijackThis Version: 2.0.2

-------------------------

Latest Report (after attempting fixes on all profiles)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:04, on 09/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
O1 - Hosts: Ã¿Ã¾127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe "
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Paul')
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Paul')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Program Files\hotsync.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\UmxSbxExw.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11675 bytes

Looking forward to your valued assistance.

broni · 2010/04/09

That's fine. Those two entries are harmless.
HJT log looks clean to me.

What's the situation about those other profiles?

plmtraveller · 2010/04/09

Two profiles still have 'wauclt' error message on log-in. Ran HJT within each (after closing error message) and have attached both reports below. Two other profiles ('Guest' and mine) both clear of any such error message.

----------------------
'OEM' profile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:31, on 10/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
O1 - Hosts: Ã¿Ã¾127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe "
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Paul')
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Paul')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Program Files\hotsync.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\UmxSbxExw.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11494 bytes

--------------------------
Partner's profile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:54 AM, on 10/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: Ã¿Ã¾127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe "
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tssh] C:\DOCUME~1\Robyn\LOCALS~1\Temp\msdtr.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1003\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0 (User 'OEM')
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'OEM')
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'OEM')
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'OEM')
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Paul')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-147445938-2471297846-3660163416-1003 Startup: HotSync Manager.LNK = C:\Program Files\hotsync.exe (User 'OEM')
O4 - S-1-5-21-147445938-2471297846-3660163416-1003 User Startup: HotSync Manager.LNK = C:\Program Files\hotsync.exe (User 'OEM')
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\UmxSbxExw.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 12338 bytes

Thanks again.

broni · 2010/04/09

I don't really see anything here.

The scan listed below may take a while, so be patient...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
wauclt.exe
:regfind
wauclt.exe
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

plmtraveller · 2010/04/10

Reports obtained within my profile and OEM profile for your comment.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:52 on 10/04/2010 by Paul (Administrator - Elevation successful)

========== filefind ==========

Searching for "wauclt.exe "
No files found.

========== regfind ==========

Searching for "wauclt.exe "
No data found.

-=End Of File=-

---------------------

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:10 on 10/04/2010 by OEM (Administrator - Elevation successful)

========== filefind ==========

Searching for "wauclt.exe "
No files found.

========== regfind ==========

Searching for "wauclt.exe "
No data found.

-=End Of File=-

-------------------
Error message still popping up in OEM profile.

broni · 2010/04/10

What is OEM profile?
Please, post exact error.

plmtraveller · 2010/04/10

OEM is the generic name given by Microsoft XP to the administrator profile/account on setup. The Help page desrcibes it as follows:

The built-in user accounts are created automatically when you install Windows XP.
Administrator
The Administrator account (OEM) is the one you use when you first set up a workstation or member server. You use this account before you create an account for yourself. The Administrator account is a member of the Administrators group on the workstation or member server.
The Administrator account can never be deleted, disabled, or removed from the Administrators local group, ensuring that you never lock yourself out of the computer by deleting or disabling all the administrative accounts. This feature sets the Administrator account apart from other members of the Administrators local group. You can rename this account if you wish.
Click to expand...

The exact error message comes up as a small window with the file path across the top and an "OK" button at the bottom. The text says:

Windows cannot find "COCUME~1\Paul\LOCALS~1\Temp\wauclt.exe ". Make sure you typed the name correctly, and then try again. To searcch for a file, click the Start button, them click Search.
Click to expand...

I did find this file once, by following some advice I was given, and deleted it without any ill effect. It came back again soon after so I gave up. I have looked for it from time to time using the standard "Search" button, including again today, but haven't been able to find it.

broni · 2010/04/10

As you can see from the log in your reply #25, the file, or any registry entry regarding that file doesn't exist, so I have no idea why you're getting the above message.

Re-run HJT in OEM profile and checkmark following entries:
O1 - Hosts: Ã¿Ã¾127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
Click "Fix checked" button.
Restart computer.
Let em know.

plmtraveller · 2010/04/11

Well, I'm sorry to say that the error message is still there. HJT Log attached for your advice. Your patience and perseverence are greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:18, on 11/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\hotsync.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
O1 - Hosts: Ã¿Ã¾127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe "
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Paul')
O4 - HKUS\S-1-5-21-147445938-2471297846-3660163416-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Paul')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Program Files\hotsync.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\UmxSbxExw.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11421 bytes

broni · 2010/04/11

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

plmtraveller · 2010/04/12

OTL Extras logfile created on: 12/04/2010 11:22:27 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 606.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.35 Gb Free Space | 61.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1002.05 Mb Total Space | 1002.04 Mb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 3.03 Gb Total Space | 0.13 Gb Free Space | 4.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07E816CA-D110-4D9D-928E-9745893A4930}" = Samsung PC Studio 3
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{313F731E-E2D9-486F-8352-4C59EC57D139}" = KODAK DC4800
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{52842271-922C-4907-8573-9F57A546509A}" = BigPond Wireless Broadband 2.10.6
"{60fa7bf1-3044-4718-9857-21eb48df6789}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Enable S3 for USB Device" = Enable S3 for USB Device
"EOS Utility" = Canon Utilities EOS Utility
"eTrust Suite Personal" = CA Internet Security Suite
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"Legacy 5.0" = Legacy 5.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mini Calculator" = Mini Calculator
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"Paraben's 5 in-a-line 1.0_is1" = Paraben's 5 in-a-line 1.0
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Quicken Personal - Version 7.5" = Quicken Personal - Version 7.5
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"VETWIN32Vp5" = CA Anti-Virus
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.9
"WinGTK-2_is1" = GTK+ 2.6.9 runtime environment
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/03/2010 7:18:14 AM | Computer Name = MAIN | Source = Application Hang | ID = 1001
Description = Fault bucket 266220810.

Error - 3/04/2010 6:57:26 PM | Computer Name = MAIN | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\CA
Personal Firewall\capfsem.exe registration timeout

Error - 3/04/2010 6:57:29 PM | Computer Name = MAIN | Source = UmxAgent | ID = 67
Description = Cannot send event. Process C:\Program Files\CA\CA Internet Security
Suite\CA Personal Firewall\capfsem.exe ended.

Error - 5/04/2010 6:42:56 AM | Computer Name = MAIN | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\CA
Personal Firewall\capfsem.exe registration timeout

Error - 5/04/2010 7:14:57 AM | Computer Name = MAIN | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\CA
Personal Firewall\capfsem.exe registration timeout

Error - 5/04/2010 7:24:34 AM | Computer Name = MAIN | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\CA
Personal Firewall\capfsem.exe registration timeout

Error - 8/04/2010 7:47:31 AM | Computer Name = MAIN | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\CA
Personal Firewall\capfsem.exe registration timeout

Error - 8/04/2010 7:53:37 AM | Computer Name = MAIN | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\CA
Personal Firewall\capfsem.exe registration timeout

Error - 8/04/2010 9:38:44 AM | Computer Name = MAIN | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\CA
Personal Firewall\capfsem.exe registration timeout

Error - 9/04/2010 8:40:31 PM | Computer Name = MAIN | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 7.0.5 -- Setup has detected that you already
have a more functional product installed. Setup will now terminate.

[ System Events ]
Error - 10/04/2010 3:23:17 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%2

Error - 10/04/2010 3:24:49 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 10/04/2010 5:31:39 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%2

Error - 10/04/2010 5:33:08 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 11/04/2010 4:21:10 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%2

Error - 11/04/2010 4:22:37 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 11/04/2010 7:06:54 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%2

Error - 11/04/2010 7:08:34 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 12/04/2010 5:13:31 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%2

Error - 12/04/2010 5:15:02 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

< End of report >

plmtraveller · 2010/04/12

OTL logfile created on: 12/04/2010 11:22:27 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 606.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.35 Gb Free Space | 61.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1002.05 Mb Total Space | 1002.04 Mb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 3.03 Gb Total Space | 0.13 Gb Free Space | 4.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/12 23:20:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2009/11/28 13:11:42 | 000,292,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2009/11/28 13:11:42 | 000,271,600 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2009/11/11 09:38:38 | 000,374,000 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2009/11/11 09:38:38 | 000,259,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/11/11 09:38:37 | 000,333,040 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2009/11/11 09:38:37 | 000,222,448 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2009/11/11 09:38:37 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2009/08/12 14:30:21 | 000,021,744 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOEApp.exe
PRC - [2009/08/12 14:30:21 | 000,014,064 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
PRC - [2009/08/12 14:30:17 | 000,636,144 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2009/08/12 14:30:17 | 000,435,440 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2009/06/26 08:26:20 | 000,085,504 | R--- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2009/06/25 14:10:10 | 000,875,000 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/06/25 14:10:10 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/06/25 14:10:10 | 000,207,352 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/06/23 18:54:11 | 000,443,832 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
PRC - [2009/04/04 09:38:35 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/18 14:14:48 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2008/12/12 11:37:28 | 000,154,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2008/09/29 18:48:58 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 10:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/06/03 19:51:54 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
PRC - [2003/08/28 10:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE
PRC - [2001/12/13 10:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [1999/05/12 15:01:00 | 000,262,656 | ---- | M] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\hotsync.exe

========== Modules (SafeList) ==========

MOD - [2010/04/12 23:20:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2009/08/12 14:30:21 | 000,087,280 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOEHook.dll
MOD - [2009/06/25 14:10:10 | 000,272,888 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxw.dll
MOD - [2009/06/25 14:10:10 | 000,113,144 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxExw.dll
MOD - [2009/06/23 18:54:31 | 001,422,776 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll
MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/14 10:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/02/13 19:10:40 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.805_x-ww_6b8a950a\msvcr80.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (KodakCCS)
SRV - [2009/11/28 13:11:42 | 000,292,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2009/11/11 09:38:38 | 000,259,312 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/11/11 09:38:37 | 000,222,448 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2009/11/11 09:38:37 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2009/06/26 08:26:20 | 000,085,504 | R--- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/25 14:10:10 | 000,875,000 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/06/25 14:10:10 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/06/25 14:10:10 | 000,207,352 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2008/12/18 14:14:48 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2008/12/12 11:37:28 | 000,154,104 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2008/09/29 18:48:58 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/08/28 10:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2009/08/12 14:33:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/08/12 14:33:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/08/12 14:33:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/04/05 21:09:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll (Telstra)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe (Telstra)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAPPActiveProtection] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe (CA)
O4 - HKLM..\Run: [VetStart] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\hotsync.exe (Palm Computing, Inc., a 3Com Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab (DacomDownload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 61.9.134.49
O20 - AppInit_DLLs: (C:\WINDOWS\system32\UmxSbxExw.dll) - C:\WINDOWS\system32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/26 16:35:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2015/01/01 17:29:05 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 14 Days ==========

[2015/01/01 17:51:19 | 000,000,000 | ---D | C] -- C:\SP2SysPrep
[2015/01/01 17:41:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2015/01/01 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NVIDIA Shared
[2015/01/01 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2015/01/01 17:39:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2015/01/01 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2015/01/01 17:36:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2015/01/01 17:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2015/01/01 17:34:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2015/01/01 17:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2015/01/01 17:32:33 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2015/01/01 17:32:33 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2015/01/01 17:31:11 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2015/01/01 17:31:11 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2015/01/01 17:31:11 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2015/01/01 17:30:54 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2015/01/01 17:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2015/01/01 17:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2015/01/01 17:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2015/01/01 17:28:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2015/01/01 17:28:17 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2015/01/01 17:28:17 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2015/01/01 17:28:05 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2015/01/01 17:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2015/01/01 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2015/01/01 17:27:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2015/01/01 17:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2015/01/01 17:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2015/01/01 17:27:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2015/01/01 17:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2015/01/01 17:26:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2015/01/01 17:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2015/01/01 17:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2015/01/01 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2015/01/01 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2015/01/01 17:26:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2015/01/01 17:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2015/01/01 17:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2015/01/01 17:25:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2015/01/01 17:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2015/01/01 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2015/01/01 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2015/01/01 17:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2015/01/01 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2015/01/01 17:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2015/01/01 17:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2015/01/01 17:24:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2015/01/01 17:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/12 23:20:46 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/04/09 20:35:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThisInstaller.exe
[2010/04/09 20:28:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/09 19:55:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/08 23:46:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/08 23:46:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/08 23:46:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/08 23:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/08 23:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\.SunDownloadManager
[2010/04/08 23:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/08 23:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/08 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/08 23:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Sun
[2010/04/08 22:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\JavaRa
[2010/04/03 17:06:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/03 16:38:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/03 16:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/02 16:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2010/04/02 16:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 16:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/03 21:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/03 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/29 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/09/24 12:34:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/03/16 20:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2006/03/16 20:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2005/09/05 09:07:26 | 003,600,599 | ---- | C] (Macromedia, Inc.) -- C:\Program Files\PALMTUT.EXE
[2005/09/05 09:07:25 | 000,729,600 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\MEW800.DLL
[2005/09/05 09:07:25 | 000,458,752 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\EMailWiz.exe
[2005/09/05 09:07:25 | 000,350,720 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\MEDB632.DLL
[2005/09/05 09:07:25 | 000,150,528 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\VIM32.DLL
[2005/09/05 09:07:25 | 000,099,328 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\MAIL20.DLL
[2005/09/05 09:07:25 | 000,082,944 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\EXPCN20.DLL
[2005/09/05 09:07:25 | 000,064,000 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\VMEFNW32.DLL
[2005/09/05 09:07:25 | 000,038,400 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\EXPREPRT.EXE
[2005/09/05 09:07:25 | 000,017,408 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\CHRSET32.DLL
[2005/09/05 09:07:24 | 002,499,072 | ---- | C] (Leader Technologies/3Com) -- C:\Program Files\PPLTReg.exe
[2005/09/05 09:07:24 | 000,308,224 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\pdcmn20.dll
[2005/09/05 09:07:24 | 000,291,328 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\pdcmn21.dll
[2005/09/05 09:07:24 | 000,202,240 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\table20.dll
[2005/09/05 09:07:24 | 000,171,008 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\sync20.dll
[2005/09/05 09:07:24 | 000,166,912 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\table21.dll
[2005/09/05 09:07:24 | 000,148,992 | ---- | C] (Palm Computing, Inc., a 3Com company) -- C:\Program Files\palmuni.dll
[2005/09/05 09:07:24 | 000,076,288 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\Subs30.dll
[2005/09/05 09:07:24 | 000,065,536 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\memcn30.dll
[2005/09/05 09:07:24 | 000,058,368 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\todcn20.dll
[2005/09/05 09:07:24 | 000,029,184 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\NETCOND.DLL
[2005/09/05 09:07:24 | 000,012,288 | ---- | C] (Palm Computing Inc., a 3Com Company) -- C:\Program Files\Palm41.dll
[2005/09/05 09:07:24 | 000,007,168 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\PalmCmn.dll
[2005/09/05 09:07:24 | 000,005,632 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\pdn20.dll
[2005/09/05 09:07:23 | 000,380,928 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\date20.dll
[2005/09/05 09:07:23 | 000,291,840 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\palm.exe
[2005/09/05 09:07:23 | 000,262,656 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\hotsync.exe
[2005/09/05 09:07:23 | 000,195,584 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\Instaide.dll
[2005/09/05 09:07:23 | 000,187,392 | ---- | C] (Palm Computing Inc., a 3Com Company) -- C:\Program Files\CondMgr.dll
[2005/09/05 09:07:23 | 000,169,984 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\todo20.dll
[2005/09/05 09:07:23 | 000,124,416 | ---- | C] (Palm Computing, Inc.) -- C:\Program Files\PILOT.exe
[2005/09/05 09:07:23 | 000,117,760 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\memo20.dll
[2005/09/05 09:07:23 | 000,114,688 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\cmds21.dll
[2005/09/05 09:07:23 | 000,083,968 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\imex20.dll
[2005/09/05 09:07:23 | 000,076,288 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\addcn30.dll
[2005/09/05 09:07:23 | 000,062,464 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\datcn20.dll
[2005/09/05 09:07:23 | 000,059,904 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\inscn20.dll
[2005/09/05 09:07:23 | 000,058,368 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\bakcn20.dll
[2005/09/05 09:07:23 | 000,035,328 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\Instapp.exe
[2005/09/05 09:07:23 | 000,010,240 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\hslog20.dll
[2005/09/05 09:07:21 | 000,211,968 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\addr20.dll
[2005/08/16 15:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2015/01/01 17:34:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2015/01/01 17:29:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2015/01/01 17:28:17 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2015/01/01 17:28:17 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2015/01/01 17:26:08 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/01/01 17:25:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2015/01/01 17:25:54 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/04/12 23:28:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 23:20:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/04/12 19:31:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/12 19:28:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/12 19:17:45 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{336EF71F-43F2-46E0-9AED-8A1D6A73F602}.job
[2010/04/12 19:13:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/12 19:13:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/12 19:13:03 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/11 21:23:23 | 000,837,958 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/04/11 21:23:23 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/04/11 21:23:23 | 000,000,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/04/11 21:23:23 | 000,000,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/04/11 21:23:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/04/11 21:23:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/04/11 21:23:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/04/11 21:23:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/04/11 21:23:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/04/11 21:23:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/04/11 21:23:23 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/04/11 21:23:23 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/04/11 21:23:23 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/04/11 21:23:23 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/04/11 21:23:23 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/04/11 21:23:23 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/04/11 21:22:46 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Paul\ntuser.dat
[2010/04/11 21:22:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/04/11 20:56:31 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/04/10 17:51:08 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\SystemLook.exe
[2010/04/09 20:36:31 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/04/09 20:35:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThisInstaller.exe
[2010/04/08 23:55:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/08 23:19:00 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Sun Download Manager 2.0 (web).lnk
[2010/04/08 22:47:23 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\JavaRa.zip
[2010/04/08 21:45:04 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/05 21:09:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/04 08:57:31 | 000,362,026 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/04 08:57:31 | 000,316,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 08:57:31 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 16:38:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini

Report too long - cont. in next post

plmtraveller · 2010/04/12

OTL report (cont.)

========== Files Created - No Company Name ==========

[2015/01/01 17:56:05 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2015/01/01 17:40:46 | 000,003,787 | ---- | C] () -- C:\WINDOWS\System32\nvaudio.nvu
[2015/01/01 17:40:42 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2015/01/01 17:40:05 | 000,001,556 | ---- | C] () -- C:\WINDOWS\System32\nvenet.nvu
[2015/01/01 17:40:04 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2015/01/01 17:40:02 | 000,001,217 | ---- | C] () -- C:\WINDOWS\System32\nvmctl.nvu
[2015/01/01 17:39:52 | 000,002,124 | ---- | C] () -- C:\WINDOWS\System32\nvgart.nvu
[2015/01/01 17:34:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2015/01/01 17:33:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/01/01 17:30:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2015/01/01 17:30:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2015/01/01 17:30:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2015/01/01 17:30:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2015/01/01 17:30:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2015/01/01 17:30:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2015/01/01 17:30:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2015/01/01 17:30:48 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2015/01/01 17:30:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2015/01/01 17:30:47 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2015/01/01 17:30:47 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2015/01/01 17:30:47 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2015/01/01 17:30:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2015/01/01 17:30:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2015/01/01 17:29:46 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2015/01/01 17:29:36 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2015/01/01 17:29:36 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2015/01/01 17:29:34 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2015/01/01 17:28:17 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2015/01/01 17:28:17 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2015/01/01 17:27:50 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2015/01/01 17:27:24 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2015/01/01 17:27:24 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2015/01/01 17:27:19 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2015/01/01 17:26:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/01/01 17:25:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2015/01/01 17:25:14 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2015/01/01 17:25:13 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2015/01/01 17:25:08 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/04/10 17:51:08 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\SystemLook.exe
[2010/04/09 20:36:31 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/04/08 23:46:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/08 23:46:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/08 23:46:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/08 23:19:00 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Sun Download Manager 2.0 (web).lnk
[2010/04/08 22:47:22 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\JavaRa.zip
[2010/04/03 16:38:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/03 16:38:37 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/03 16:36:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/03 16:36:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/26 08:12:09 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\setup.log
[2010/01/26 08:12:05 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\setup_ldm.iss
[2009/12/09 18:54:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\AdobeWeb.log
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/27 09:37:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/12/29 11:49:07 | 000,005,632 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2008/02/28 19:49:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/02/28 19:47:17 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/21 21:32:44 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/02/21 21:16:54 | 000,007,425 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2008/02/21 20:04:44 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\Paul\ntuser.dat
[2007/10/01 20:50:54 | 000,010,821 | -H-- | C] () -- C:\Program Files\EXPENSE.GID
[2007/09/08 18:02:07 | 000,000,032 | ---- | C] () -- C:\Program Files\curruser.txt
[2007/06/26 14:57:38 | 000,000,033 | ---- | C] () -- C:\WINDOWS\PERFECT.INI
[2006/09/24 12:28:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5150D.INI
[2006/09/24 12:26:13 | 000,000,448 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/09/24 10:58:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2006/09/24 10:55:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/09/24 10:54:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/09/24 10:26:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLbNL.DLL
[2006/09/23 17:49:54 | 000,000,296 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006/09/23 17:49:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2006/09/23 17:49:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006/09/23 17:49:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/09/23 17:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5150d.ini
[2006/09/23 17:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/09/23 17:49:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006/09/23 17:49:52 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/09/23 17:49:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2006/09/20 16:55:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\PATIENCE.INI
[2006/07/16 17:50:21 | 000,000,252 | ---- | C] () -- C:\WINDOWS\ADDRBOOK.INI
[2006/07/13 21:21:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/07/13 21:21:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2006/07/13 21:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/07/13 21:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2005/11/24 22:01:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\.gtk-bookmarks
[2005/11/24 21:33:57 | 000,315,374 | ---- | C] () -- C:\Documents and Settings\Paul\.fonts.cache-1
[2005/11/15 19:59:34 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Paul\default.pls
[2005/10/05 21:20:11 | 000,000,594 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/10/05 21:18:10 | 000,001,959 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/09/05 09:07:25 | 000,299,008 | ---- | C] () -- C:\Program Files\USRXPENS.XLA
[2005/09/05 09:07:25 | 000,054,784 | ---- | C] () -- C:\Program Files\LOCAL.XLS
[2005/09/05 09:07:25 | 000,049,152 | ---- | C] () -- C:\Program Files\MAPTABLE.XLS
[2005/09/05 09:07:25 | 000,019,228 | ---- | C] () -- C:\Program Files\MAIL20.HLP
[2005/09/05 09:07:25 | 000,015,115 | ---- | C] () -- C:\Program Files\EXPENSE.HLP
[2005/09/05 09:07:25 | 000,001,316 | ---- | C] () -- C:\Program Files\MAIL.INF
[2005/09/05 09:07:25 | 000,000,217 | ---- | C] () -- C:\Program Files\MAIL20.CNT
[2005/09/05 09:07:25 | 000,000,167 | ---- | C] () -- C:\Program Files\EXPENSE.CNT
[2005/09/05 09:07:24 | 000,002,737 | ---- | C] () -- C:\Program Files\hotsync.CNT
[2005/09/05 09:07:23 | 000,380,607 | ---- | C] () -- C:\Program Files\PALM.HLP
[2005/09/05 09:07:23 | 000,065,464 | ---- | C] () -- C:\Program Files\HOTSYNC.HLP
[2005/09/05 09:07:23 | 000,011,751 | ---- | C] () -- C:\Program Files\INSTAPP.HLP
[2005/09/05 09:07:23 | 000,005,867 | ---- | C] () -- C:\Program Files\PALM.CNT
[2005/09/05 09:07:23 | 000,000,481 | ---- | C] () -- C:\Program Files\LOTUS20.TPA
[2005/09/05 09:07:23 | 000,000,254 | ---- | C] () -- C:\Program Files\INSTAPP.CNT
[2005/09/05 09:07:21 | 000,017,022 | ---- | C] () -- C:\Program Files\Palm.isu
[2005/07/31 21:09:41 | 000,000,339 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/07/21 20:29:01 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/21 20:46:05 | 000,024,177 | -H-- | C] () -- C:\Program Files\hotsync.GID
[2005/06/09 23:32:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/08 21:03:38 | 000,042,692 | -H-- | C] () -- C:\Program Files\palm.GID
[2005/06/08 20:57:28 | 000,000,114 | ---- | C] () -- C:\Program Files\users.dat
[2005/06/07 21:00:49 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/05 02:19:27 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Paul\ntuser.ini
[2000/01/05 02:19:26 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Paul\NtUser.dat.LOG
[2000/01/05 02:18:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2000/01/05 02:18:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2000/01/01 03:07:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2005/07/31 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/02/17 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/05/02 22:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2006/09/24 10:58:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/12 19:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/06/03 21:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/12 23:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CallingID
[2010/03/01 20:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Canon
[2007/12/16 17:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CD-LabelPrint
[2009/01/26 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/20 20:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GetRightToGo
[2005/08/04 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2006/10/28 15:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\NewSoft
[2010/01/22 21:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Uniblue
[2010/04/12 19:17:45 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{336EF71F-43F2-46E0-9AED-8A1D6A73F602}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/29 11:08:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/29 11:08:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/29 11:08:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/29 11:08:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 22:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 22:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/06/03 09:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 22:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >

broni · 2010/04/12

Is your computer date correct?
I can see a whole bunch of dates listed as 2015.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
[2010/04/11 20:56:31 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

plmtraveller · 2010/04/12

Yes. My computer date is being displayed correctly. New log attached.

All processes killed
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.new moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Girls
->Temp folder emptied: 10293621 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: OEM
->Temp folder emptied: 31715205 bytes
->Temporary Internet Files folder emptied: 1929511 bytes
->Flash cache emptied: 434 bytes

User: Paul
->Temp folder emptied: 36042838 bytes
->Temporary Internet Files folder emptied: 25398977 bytes
->Java cache emptied: 272398 bytes
->Flash cache emptied: 649 bytes

User: Robyn
->Temp folder emptied: 16442532 bytes
->Temporary Internet Files folder emptied: 5410024 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1347 bytes
RecycleBin emptied: 396288 bytes

Total Files Cleaned = 122.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_064004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/04/12

Please, re-run OTL with little bit different script (my typo)

Code:

:OTL
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

plmtraveller · 2010/04/12

I logged in again to post new log but will redo as advised. Will contact again after work in 12 hours.

broni · 2010/04/12

No problem

plmtraveller · 2010/04/13

How's this?

All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Girls
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: OEM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Paul
->Temp folder emptied: 7197662 bytes
->Temporary Internet Files folder emptied: 1786869 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Robyn
->Temp folder emptied: 3840374 bytes
->Temporary Internet Files folder emptied: 5656007 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 697 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_205536

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

plmtraveller · 2010/04/13

Follow up log. I hope this is making pogress. Thank you again.

OTL logfile created on: 13/04/2010 9:05:16 PM - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 540.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.45 Gb Free Space | 62.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1002.05 Mb Total Space | 1002.04 Mb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 3.03 Gb Total Space | 0.13 Gb Free Space | 4.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/12 23:20:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2009/11/28 13:11:42 | 000,292,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2009/11/28 13:11:42 | 000,271,600 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2009/11/11 09:38:38 | 000,374,000 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2009/11/11 09:38:38 | 000,259,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/11/11 09:38:37 | 000,333,040 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2009/11/11 09:38:37 | 000,222,448 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2009/11/11 09:38:37 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2009/11/10 18:01:58 | 000,406,768 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
PRC - [2009/08/12 14:30:21 | 000,014,064 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
PRC - [2009/08/12 14:30:17 | 000,636,144 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2009/08/12 14:30:17 | 000,435,440 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2009/06/26 08:26:20 | 000,085,504 | R--- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2009/06/25 14:10:10 | 000,875,000 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/06/25 14:10:10 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/06/25 14:10:10 | 000,207,352 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/04/04 09:38:35 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/18 14:14:48 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2008/12/12 11:37:28 | 000,154,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2008/09/29 18:48:58 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/06/03 19:51:54 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
PRC - [2003/08/28 10:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE
PRC - [2001/12/13 10:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [1999/05/12 15:01:00 | 000,262,656 | ---- | M] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\hotsync.exe

========== Modules (SafeList) ==========

MOD - [2010/04/12 23:20:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2009/08/12 14:30:21 | 000,087,280 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOEHook.dll
MOD - [2009/06/25 14:10:10 | 000,272,888 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxw.dll
MOD - [2009/06/25 14:10:10 | 000,113,144 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxExw.dll
MOD - [2009/06/23 18:54:31 | 001,422,776 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll
MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/14 10:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/02/13 19:10:40 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.805_x-ww_6b8a950a\msvcr80.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (KodakCCS)
SRV - [2009/11/28 13:11:42 | 000,292,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2009/11/11 09:38:38 | 000,259,312 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/11/11 09:38:37 | 000,222,448 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2009/11/11 09:38:37 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2009/06/26 08:26:20 | 000,085,504 | R--- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/25 14:10:10 | 000,875,000 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/06/25 14:10:10 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/06/25 14:10:10 | 000,207,352 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2008/12/18 14:14:48 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2008/12/12 11:37:28 | 000,154,104 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2008/09/29 18:48:58 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/08/28 10:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2009/08/12 14:33:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/08/12 14:33:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/08/12 14:33:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/04/13 20:55:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll (Telstra)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe (Telstra)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAPPActiveProtection] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe (CA)
O4 - HKLM..\Run: [VetStart] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\hotsync.exe (Palm Computing, Inc., a 3Com Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab (DacomDownload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 61.9.134.49
O20 - AppInit_DLLs: (C:\WINDOWS\system32\UmxSbxExw.dll) - C:\WINDOWS\system32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/26 16:35:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2015/01/01 17:51:19 | 000,000,000 | ---D | C] -- C:\SP2SysPrep
[2015/01/01 17:41:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2015/01/01 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NVIDIA Shared
[2015/01/01 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2015/01/01 17:39:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2015/01/01 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2015/01/01 17:36:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2015/01/01 17:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2015/01/01 17:34:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2015/01/01 17:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2015/01/01 17:32:33 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2015/01/01 17:32:33 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2015/01/01 17:31:11 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2015/01/01 17:31:11 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2015/01/01 17:31:11 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2015/01/01 17:30:54 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2015/01/01 17:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2015/01/01 17:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2015/01/01 17:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2015/01/01 17:28:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2015/01/01 17:28:17 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2015/01/01 17:28:17 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2015/01/01 17:28:05 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2015/01/01 17:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2015/01/01 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2015/01/01 17:27:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2015/01/01 17:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2015/01/01 17:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2015/01/01 17:27:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2015/01/01 17:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2015/01/01 17:26:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2015/01/01 17:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2015/01/01 17:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2015/01/01 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2015/01/01 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2015/01/01 17:26:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2015/01/01 17:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2015/01/01 17:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2015/01/01 17:25:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2015/01/01 17:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2015/01/01 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2015/01/01 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2015/01/01 17:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2015/01/01 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2015/01/01 17:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2015/01/01 17:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2015/01/01 17:24:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2015/01/01 17:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/13 06:40:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/12 23:20:46 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/04/09 20:35:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThisInstaller.exe
[2010/04/09 20:28:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/09 19:55:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/08 23:46:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/08 23:46:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/08 23:46:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/08 23:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/08 23:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\.SunDownloadManager
[2010/04/08 23:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/08 23:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/08 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/08 23:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Sun
[2010/04/08 22:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\JavaRa
[2010/04/03 17:06:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/03 16:38:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/03 16:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/02 16:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2010/04/02 16:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 16:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/03 21:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/03 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/29 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/09/24 12:34:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/03/16 20:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2006/03/16 20:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2005/09/05 09:07:26 | 003,600,599 | ---- | C] (Macromedia, Inc.) -- C:\Program Files\PALMTUT.EXE
[2005/09/05 09:07:25 | 000,729,600 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\MEW800.DLL
[2005/09/05 09:07:25 | 000,458,752 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\EMailWiz.exe
[2005/09/05 09:07:25 | 000,350,720 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\MEDB632.DLL
[2005/09/05 09:07:25 | 000,150,528 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\VIM32.DLL
[2005/09/05 09:07:25 | 000,099,328 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\MAIL20.DLL
[2005/09/05 09:07:25 | 000,082,944 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\EXPCN20.DLL
[2005/09/05 09:07:25 | 000,064,000 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\VMEFNW32.DLL
[2005/09/05 09:07:25 | 000,038,400 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\EXPREPRT.EXE
[2005/09/05 09:07:25 | 000,017,408 | ---- | C] (cc:Mail, Inc., a division of Lotus Development Corporation) -- C:\Program Files\CHRSET32.DLL
[2005/09/05 09:07:24 | 002,499,072 | ---- | C] (Leader Technologies/3Com) -- C:\Program Files\PPLTReg.exe
[2005/09/05 09:07:24 | 000,308,224 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\pdcmn20.dll
[2005/09/05 09:07:24 | 000,291,328 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\pdcmn21.dll
[2005/09/05 09:07:24 | 000,202,240 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\table20.dll
[2005/09/05 09:07:24 | 000,171,008 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\sync20.dll
[2005/09/05 09:07:24 | 000,166,912 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\table21.dll
[2005/09/05 09:07:24 | 000,148,992 | ---- | C] (Palm Computing, Inc., a 3Com company) -- C:\Program Files\palmuni.dll
[2005/09/05 09:07:24 | 000,076,288 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\Subs30.dll
[2005/09/05 09:07:24 | 000,065,536 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\memcn30.dll
[2005/09/05 09:07:24 | 000,058,368 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\todcn20.dll
[2005/09/05 09:07:24 | 000,029,184 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\NETCOND.DLL
[2005/09/05 09:07:24 | 000,012,288 | ---- | C] (Palm Computing Inc., a 3Com Company) -- C:\Program Files\Palm41.dll
[2005/09/05 09:07:24 | 000,007,168 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\PalmCmn.dll
[2005/09/05 09:07:24 | 000,005,632 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\pdn20.dll
[2005/09/05 09:07:23 | 000,380,928 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\date20.dll
[2005/09/05 09:07:23 | 000,291,840 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\palm.exe
[2005/09/05 09:07:23 | 000,262,656 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\hotsync.exe
[2005/09/05 09:07:23 | 000,195,584 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\Instaide.dll
[2005/09/05 09:07:23 | 000,187,392 | ---- | C] (Palm Computing Inc., a 3Com Company) -- C:\Program Files\CondMgr.dll
[2005/09/05 09:07:23 | 000,169,984 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\todo20.dll
[2005/09/05 09:07:23 | 000,124,416 | ---- | C] (Palm Computing, Inc.) -- C:\Program Files\PILOT.exe
[2005/09/05 09:07:23 | 000,117,760 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\memo20.dll
[2005/09/05 09:07:23 | 000,114,688 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\cmds21.dll
[2005/09/05 09:07:23 | 000,083,968 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\imex20.dll
[2005/09/05 09:07:23 | 000,076,288 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\addcn30.dll
[2005/09/05 09:07:23 | 000,062,464 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\datcn20.dll
[2005/09/05 09:07:23 | 000,059,904 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\inscn20.dll
[2005/09/05 09:07:23 | 000,058,368 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\bakcn20.dll
[2005/09/05 09:07:23 | 000,035,328 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\Instapp.exe
[2005/09/05 09:07:23 | 000,010,240 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\hslog20.dll
[2005/09/05 09:07:21 | 000,211,968 | ---- | C] (Palm Computing, Inc., a 3Com Company) -- C:\Program Files\addr20.dll
[2005/08/16 15:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2015/01/01 17:34:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2015/01/01 17:29:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2015/01/01 17:28:17 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2015/01/01 17:28:17 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2015/01/01 17:26:08 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/01/01 17:25:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2015/01/01 17:25:54 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/04/13 20:59:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/13 20:57:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 20:57:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 20:57:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 20:57:03 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 20:56:24 | 001,313,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/04/13 20:56:24 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/04/13 20:56:24 | 000,000,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/04/13 20:56:24 | 000,000,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/04/13 20:56:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/04/13 20:56:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/04/13 20:56:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/04/13 20:56:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/04/13 20:56:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/04/13 20:56:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/04/13 20:56:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/04/13 20:56:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/04/13 20:56:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/04/13 20:56:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/04/13 20:56:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/04/13 20:56:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/04/13 20:56:18 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Paul\ntuser.dat
[2010/04/13 20:56:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/04/13 20:55:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/13 20:28:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/13 20:07:20 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{336EF71F-43F2-46E0-9AED-8A1D6A73F602}.job
[2010/04/13 17:11:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 23:20:46 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/04/10 17:51:08 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\SystemLook.exe
[2010/04/09 20:36:31 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/04/09 20:35:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThisInstaller.exe
[2010/04/08 23:55:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/08 23:19:00 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Sun Download Manager 2.0 (web).lnk
[2010/04/08 22:47:23 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\JavaRa.zip
[2010/04/08 21:45:04 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/04 08:57:31 | 000,362,026 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/04 08:57:31 | 000,316,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 08:57:31 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 16:38:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2015/01/01 17:56:05 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2015/01/01 17:40:46 | 000,003,787 | ---- | C] () -- C:\WINDOWS\System32\nvaudio.nvu
[2015/01/01 17:40:42 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2015/01/01 17:40:05 | 000,001,556 | ---- | C] () -- C:\WINDOWS\System32\nvenet.nvu
[2015/01/01 17:40:04 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2015/01/01 17:40:02 | 000,001,217 | ---- | C] () -- C:\WINDOWS\System32\nvmctl.nvu
[2015/01/01 17:39:52 | 000,002,124 | ---- | C] () -- C:\WINDOWS\System32\nvgart.nvu
[2015/01/01 17:34:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2015/01/01 17:33:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015/01/01 17:30:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2015/01/01 17:30:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2015/01/01 17:30:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2015/01/01 17:30:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2015/01/01 17:30:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2015/01/01 17:30:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2015/01/01 17:30:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2015/01/01 17:30:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2015/01/01 17:30:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2015/01/01 17:30:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2015/01/01 17:30:48 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2015/01/01 17:30:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2015/01/01 17:30:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2015/01/01 17:30:47 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2015/01/01 17:30:47 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2015/01/01 17:30:47 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2015/01/01 17:30:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2015/01/01 17:30:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2015/01/01 17:30:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2015/01/01 17:30:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2015/01/01 17:29:46 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2015/01/01 17:29:36 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2015/01/01 17:29:36 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2015/01/01 17:29:34 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2015/01/01 17:28:17 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2015/01/01 17:28:17 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2015/01/01 17:28:11 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2015/01/01 17:27:50 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2015/01/01 17:27:24 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2015/01/01 17:27:24 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2015/01/01 17:27:19 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2015/01/01 17:26:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2015/01/01 17:25:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2015/01/01 17:25:14 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2015/01/01 17:25:13 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2015/01/01 17:25:08 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/04/10 17:51:08 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\SystemLook.exe
[2010/04/09 20:36:31 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/04/08 23:46:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/08 23:46:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/08 23:46:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/08 23:19:00 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Sun Download Manager 2.0 (web).lnk
[2010/04/08 22:47:22 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\JavaRa.zip
[2010/04/03 16:38:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/03 16:38:37 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/03 16:36:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/03 16:36:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/26 08:12:09 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\setup.log
[2010/01/26 08:12:05 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\setup_ldm.iss
[2009/12/09 18:54:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\AdobeWeb.log
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/27 09:37:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/12/29 11:49:07 | 000,005,632 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2008/02/28 19:49:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/02/28 19:47:17 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/21 21:32:44 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/02/21 21:16:54 | 000,007,425 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2008/02/21 20:04:44 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\Paul\ntuser.dat
[2007/10/01 20:50:54 | 000,010,821 | -H-- | C] () -- C:\Program Files\EXPENSE.GID
[2007/09/08 18:02:07 | 000,000,032 | ---- | C] () -- C:\Program Files\curruser.txt
[2007/06/26 14:57:38 | 000,000,033 | ---- | C] () -- C:\WINDOWS\PERFECT.INI
[2006/09/24 12:28:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5150D.INI
[2006/09/24 12:26:13 | 000,000,448 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/09/24 10:58:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2006/09/24 10:55:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/09/24 10:54:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/09/24 10:26:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLbNL.DLL
[2006/09/23 17:49:54 | 000,000,296 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006/09/23 17:49:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2006/09/23 17:49:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006/09/23 17:49:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/09/23 17:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5150d.ini
[2006/09/23 17:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/09/23 17:49:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006/09/23 17:49:52 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/09/23 17:49:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2006/09/20 16:55:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\PATIENCE.INI
[2006/07/16 17:50:21 | 000,000,252 | ---- | C] () -- C:\WINDOWS\ADDRBOOK.INI
[2006/07/13 21:21:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/07/13 21:21:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2006/07/13 21:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/07/13 21:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2005/11/24 22:01:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\.gtk-bookmarks
[2005/11/24 21:33:57 | 000,315,374 | ---- | C] () -- C:\Documents and Settings\Paul\.fonts.cache-1
[2005/11/15 19:59:34 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Paul\default.pls
[2005/10/05 21:20:11 | 000,000,594 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/10/05 21:18:10 | 000,001,959 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/09/05 09:07:25 | 000,299,008 | ---- | C] () -- C:\Program Files\USRXPENS.XLA
[2005/09/05 09:07:25 | 000,054,784 | ---- | C] () -- C:\Program Files\LOCAL.XLS
[2005/09/05 09:07:25 | 000,049,152 | ---- | C] () -- C:\Program Files\MAPTABLE.XLS
[2005/09/05 09:07:25 | 000,019,228 | ---- | C] () -- C:\Program Files\MAIL20.HLP
[2005/09/05 09:07:25 | 000,015,115 | ---- | C] () -- C:\Program Files\EXPENSE.HLP
[2005/09/05 09:07:25 | 000,001,316 | ---- | C] () -- C:\Program Files\MAIL.INF
[2005/09/05 09:07:25 | 000,000,217 | ---- | C] () -- C:\Program Files\MAIL20.CNT
[2005/09/05 09:07:25 | 000,000,167 | ---- | C] () -- C:\Program Files\EXPENSE.CNT
[2005/09/05 09:07:24 | 000,002,737 | ---- | C] () -- C:\Program Files\hotsync.CNT
[2005/09/05 09:07:23 | 000,380,607 | ---- | C] () -- C:\Program Files\PALM.HLP
[2005/09/05 09:07:23 | 000,065,464 | ---- | C] () -- C:\Program Files\HOTSYNC.HLP
[2005/09/05 09:07:23 | 000,011,751 | ---- | C] () -- C:\Program Files\INSTAPP.HLP
[2005/09/05 09:07:23 | 000,005,867 | ---- | C] () -- C:\Program Files\PALM.CNT
[2005/09/05 09:07:23 | 000,000,481 | ---- | C] () -- C:\Program Files\LOTUS20.TPA
[2005/09/05 09:07:23 | 000,000,254 | ---- | C] () -- C:\Program Files\INSTAPP.CNT
[2005/09/05 09:07:21 | 000,017,022 | ---- | C] () -- C:\Program Files\Palm.isu
[2005/07/31 21:09:41 | 000,000,339 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/07/21 20:29:01 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/21 20:46:05 | 000,024,177 | -H-- | C] () -- C:\Program Files\hotsync.GID
[2005/06/09 23:32:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/08 21:03:38 | 000,042,692 | -H-- | C] () -- C:\Program Files\palm.GID
[2005/06/08 20:57:28 | 000,000,114 | ---- | C] () -- C:\Program Files\users.dat
[2005/06/07 21:00:49 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/05 02:19:27 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Paul\ntuser.ini
[2000/01/05 02:19:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Paul\NtUser.dat.LOG
[2000/01/05 02:18:55 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2000/01/05 02:18:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2000/01/01 03:07:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2005/07/31 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/02/17 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/05/02 22:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2006/09/24 10:58:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/13 06:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/06/03 21:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/13 21:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CallingID
[2010/03/01 20:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Canon
[2007/12/16 17:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CD-LabelPrint
[2009/01/26 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/20 20:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GetRightToGo
[2005/08/04 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2006/10/28 15:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\NewSoft
[2010/01/22 21:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Uniblue
[2010/04/13 20:07:20 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{336EF71F-43F2-46E0-9AED-8A1D6A73F602}.job

========== Purity Check ==========

< End of report >

Log in or Sign up

Solved Suspected Trojan - wauclt.exe

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

plmtraveller Inactive Thread Starter

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

plmtraveller Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Suspected Trojan - wauclt.exe

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

plmtraveller Inactive Thread Starter

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

broni Moderator Malware Analyst

plmtraveller Inactive Thread Starter

plmtraveller Inactive Thread Starter

Share This Page

Useful Searches