OK not able to boot regularly only in safe mode here are the logs. not able to post extras log in the reply. let me know if you want it.
mbam log
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.orgDatabase version: 4799
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
10/12/2010 6:32:09 AM
mbam-log-2010-10-12 (06-32-09).txt
Scan type: Quick scan
Objects scanned: 177400
Time elapsed: 6 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL log
OTL logfile created on: 10/12/2010 6:38:35 AM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Hope\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.23 Gb Total Space | 150.99 Gb Free Space | 67.34% Space Free | Partition Type: NTFS
Drive D: | 8.63 Gb Total Space | 0.39 Gb Free Space | 4.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RICHOPE88
Current User Name: Hope
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Hope\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Hope\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (VETMSGNT) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
SRV - (PPCtlPriv) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (XoftSpyService) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe (Computer Associates International, Inc.)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (ITMRTSVC) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ELService) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
========== Driver Services (SafeList) ========== DRV - (Klpid) -- C:\WINDOWS\System32\Drivers\klpid.sys File not found
DRV - (Klpf) -- C:\WINDOWS\System32\Drivers\Klpf.sys File not found
DRV - (Klif) -- C:\WINDOWS\System32\Drivers\klif.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Hope\LOCALS~1\Temp\catchme.sys File not found
DRV - (VETEFILE) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETMONNT) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VET-FILT) -- C:\WINDOWS\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT) -- C:\WINDOWS\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
DRV - (VET-REC) -- C:\WINDOWS\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (WsAudioDevice_383) -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (KmxCF) -- C:\WINDOWS\system32\drivers\KmxCF.sys (CA)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (KmxSbx) -- C:\WINDOWS\system32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\WINDOWS\system32\drivers\KmxFile.sys (CA)
DRV - (KmxFw) -- C:\WINDOWS\system32\drivers\KmxFw.sys (CA)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (PhotoFrame) -- C:\WINDOWS\system32\drivers\PhotoFrame.sys (ETC)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iastor.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\Elmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\Elkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\Elmou.sys (Intel Corporation)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\Elhid.sys (Intel Corporation)
DRV - (PLUsbbc2) -- C:\WINDOWS\system32\drivers\usbbc2.sys (Prolific Technology Inc.)
DRV - (LLUSBFLT) -- C:\WINDOWS\system32\drivers\llusbflt.sys (Laplink Software, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsx) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.comIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/14 05:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [2010/03/21 17:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/12 03:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2010/10/07 07:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/10/07 07:07:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/30 17:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/09/22 17:14:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/10/07 07:07:29 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/10/10 15:36:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (DeskshopBrowserHelper Class) - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XoftSpySE] C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Hope\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ca.com ([homeofficeforum] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mbamupdates.com ([data-cdn] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF}
http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}
http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}
http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB (PogoWebLauncher Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71}
http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}
http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336}
http://picasaweb.google.com/s/v/e/37.09 ... oader2.cab (UploadListView Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC}
http://upload.facebook.com/controls/Fac ... loader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}
https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 3880203671 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}
http://games.pogo.com/online2/pogo/chai ... uncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739}
http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6}
http://hoylegames.sierra.com/cab/WONWeb ... ontrol.cab (WONWebLauncher Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://cdn2.zone.msn.com/binFramework/v ... b34246.cab (ZoneIntro Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}
http://upload.facebook.com/controls/Fac ... der4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: PackageCab
http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Hope\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hope\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 11:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ========== [2010/10/12 06:00:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/11 22:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/11 22:09:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/11 22:07:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/10 15:02:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/10 15:02:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/10 15:02:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/10 15:02:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/10 15:02:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/08 03:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/10/07 23:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/10/07 07:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\Application Data\CallingID
[2010/10/07 07:07:08 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\WINDOWS\System32\KeyHelp.ocx
[2010/10/07 07:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/10/07 07:07:03 | 000,739,696 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010/10/07 07:07:03 | 000,161,008 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2010/10/07 07:07:03 | 000,133,520 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2010/10/07 07:07:03 | 000,099,568 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2010/10/07 07:07:03 | 000,091,472 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2010/10/07 07:07:03 | 000,083,256 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2010/10/07 07:07:03 | 000,026,352 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2010/10/07 07:07:03 | 000,021,488 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2010/10/07 07:07:03 | 000,021,104 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2010/10/06 15:41:21 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 20:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/10/03 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2010/10/03 20:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2010/10/03 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/10/03 20:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2010/10/03 19:32:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/03 19:32:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/03 17:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/03 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/01 16:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/01 16:32:56 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 19:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/09/30 17:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\Application Data\Netscape
[2010/09/29 22:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/26 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/26 08:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/22 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/22 17:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/17 23:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[8 C:\Documents and Settings\Hope\My Documents\*.tmp files -> C:\Documents and Settings\Hope\My Documents\*.tmp -> ]
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/10/12 06:25:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/12 06:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 06:19:38 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Hope\ntuser.dat
[2010/10/12 06:19:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Hope\ntuser.ini
[2010/10/11 22:14:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/11 22:09:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/10/11 22:06:45 | 003,876,948 | R--- | M] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/11 13:39:42 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 18:40:21 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010/10/10 18:40:21 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2010/10/10 18:40:21 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2010/10/10 18:40:21 | 000,091,472 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2010/10/10 18:40:21 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2010/10/10 18:40:21 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2010/10/10 18:40:21 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2010/10/10 16:59:15 | 000,003,064 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/10 16:59:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/10 15:36:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/10 15:10:14 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2010/10/08 21:38:39 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/07 16:30:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/07 07:10:22 | 000,986,092 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/10/07 07:10:22 | 000,000,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/10/07 07:10:22 | 000,000,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/10/07 07:09:42 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/07 07:07:28 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Hope at 7 07 AM.job
[2010/10/07 07:01:38 | 110,436,864 | ---- | M] (CA) -- C:\Documents and Settings\Hope\My Documents\issdm_en_32.exe
[2010/10/07 06:56:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 06:26:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/06 10:38:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/06 10:38:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 23:26:44 | 002,110,520 | -H-- | M] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\IconCache.db
[2010/10/03 21:58:09 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:20:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 18:34:26 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 18:33:08 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 18:32:48 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 17:21:13 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/10/01 15:45:24 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 23:12:23 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/29 16:13:43 | 000,006,244 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\17674.js
[2010/09/29 16:09:14 | 1183,966,208 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Outlook.pst
[2010/09/29 16:04:40 | 000,168,686 | ---- | M] () -- C:\Incoming Mails.csv
[2010/09/27 21:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/27 19:03:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/22 17:13:51 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/22 17:10:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/20 01:27:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 13:30:07 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Mom Prescription List.doc
[2010/09/15 07:04:05 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create & Print Home.url
[2010/09/15 06:34:43 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/09/15 03:15:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 03:13:42 | 000,000,609 | ---- | M] () -- C:\WINDOWS\win.ini
[8 C:\Documents and Settings\Hope\My Documents\*.tmp files -> C:\Documents and Settings\Hope\My Documents\*.tmp -> ]
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/10/11 13:43:42 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 15:02:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/10 15:02:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/10 15:02:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/10 15:02:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/10 15:02:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/10 15:00:50 | 003,876,948 | R--- | C] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/07 07:07:28 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Hope at 7 07 AM.job
[2010/10/06 15:41:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/03 22:10:57 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/03 22:10:41 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:28:15 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/03 20:20:56 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 19:08:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 19:08:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 19:08:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 17:21:13 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/09/30 23:12:23 | 000,000,526 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/29 16:13:43 | 000,006,244 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\17674.js
[2010/09/26 09:00:00 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/22 23:40:13 | 000,986,092 | ---- | C] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/09/22 17:13:51 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/20 01:27:58 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 08:41:14 | 000,000,345 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/09/18 08:41:14 | 000,000,209 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2009/07/10 18:09:26 | 000,027,209 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\Personal Address Book.ADR
[2009/04/10 16:28:36 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2009/04/10 15:42:22 | 000,009,179 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/10 18:16:50 | 000,000,226 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/09/17 19:20:01 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\wklnhst.dat
[2007/09/12 03:01:07 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/21 17:39:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\fusioncache.dat
[2007/01/17 19:20:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/12/30 16:39:36 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/12/28 12:23:50 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/01 12:02:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 11:37:55 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/01 11:32:23 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/01 11:32:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/01 11:29:03 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 11:19:13 | 000,000,352 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 11:18:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 11:14:28 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/01 11:13:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 11:09:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll
[2006/09/01 11:06:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/01 10:48:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/01 10:48:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/01 10:48:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/27 00:06:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/05/27 00:04:21 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/05/27 00:04:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/03/06 21:06:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PrintWiz.INI
[2005/12/01 20:13:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/11 16:13:49 | 000,000,185 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/05 21:29:28 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2004/11/16 22:42:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\ExportModeller.dll
[2004/11/16 22:42:03 | 000,049,223 | ---- | C] () -- C:\WINDOWS\crtslv.dll
[2004/11/16 22:42:02 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2004/11/16 22:42:02 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2004/11/16 22:41:59 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 07:00:00 | 000,528,816 | ---- | C] () -- C:\WINDOWS\System32\msmevili.dll
[2004/08/10 00:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ONETW.DRV
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/23 18:01:23 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\ir32.dll
[2004/07/15 23:27:28 | 000,000,914 | ---- | C] () -- C:\WINDOWS\System32\automatic_scoring.ini
[2004/06/06 22:13:13 | 000,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2004/05/31 15:00:18 | 000,000,005 | ---- | C] () -- C:\WINDOWS\Modemx.dll
[2004/05/16 18:30:35 | 000,000,251 | ---- | C] () -- C:\WINDOWS\PicEdit.INI
[2004/03/16 18:41:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/03/11 20:05:54 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/03/06 16:58:43 | 000,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/02/17 21:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/02/17 20:44:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/17 01:29:49 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/02/16 13:35:26 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2004/02/16 13:35:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/02/16 13:35:23 | 000,000,807 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2004/01/31 13:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/01/31 13:33:50 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\macrovsn.dll
[2004/01/31 13:33:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MMDVDROM.dll
[2001/09/08 14:06:47 | 000,000,051 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2001/09/08 14:03:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/09/08 14:03:27 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2001/09/08 13:58:38 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/09/08 13:58:38 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2001/09/08 13:58:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2001/09/08 13:53:08 | 000,000,989 | ---- | C] () -- C:\WINDOWS\photoprn.ini
< End of report >
[2010/10/11 22:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/11 22:06:45 | 003,876,948 | R--- | M] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/11 13:39:42 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 16:59:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/08 21:38:39 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/07 07:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Scanner
[2010/10/06 16:01:14 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/06 10:38:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/06 10:38:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 21:58:09 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:20:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 20:20:56 | 000,000,000 | ---D | M] -- C:\Program Files\XoftSpySE6
[2010/10/03 20:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\XoftSpySE
[2010/10/03 20:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\ParetoLogic
[2010/10/03 20:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/03 18:34:26 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 18:33:08 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 18:32:48 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 18:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2010/10/03 17:21:13 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/10/01 15:45:24 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 23:12:23 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/30 18:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/09/29 17:56:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/27 19:13:57 | 000,000,000 | ---D | M] -- C:\Program Files\BLS2011
[2010/09/27 19:03:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/26 08:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/26 08:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/26 08:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Apple
[2010/09/26 08:55:23 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/09/22 17:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/09/22 17:13:51 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/22 17:10:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/22 17:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/09/20 01:27:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/20 01:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/09/17 23:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2010/09/17 23:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\ISSThirdParty
[2010/09/17 23:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Kaspersky Lab
[2010/09/15 07:04:05 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create & Print Home.url
[2010/09/15 06:34:43 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
========== Files - Modified Within 30 Days ========== [2010/10/12 06:25:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/12 06:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 06:19:38 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Hope\ntuser.dat
[2010/10/12 06:19:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Hope\ntuser.ini
[2010/10/11 22:14:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/11 22:09:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/10/11 22:06:45 | 003,876,948 | R--- | M] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/11 13:39:42 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 18:40:21 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010/10/10 18:40:21 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2010/10/10 18:40:21 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2010/10/10 18:40:21 | 000,091,472 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2010/10/10 18:40:21 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2010/10/10 18:40:21 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2010/10/10 18:40:21 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2010/10/10 16:59:15 | 000,003,064 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/10 16:59:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/10 15:36:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/10 15:10:14 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2010/10/08 21:38:39 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/07 16:30:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/07 07:10:22 | 000,986,092 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/10/07 07:10:22 | 000,000,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/10/07 07:10:22 | 000,000,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/10/07 07:09:42 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/07 07:07:28 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Hope at 7 07 AM.job
[2010/10/07 07:01:38 | 110,436,864 | ---- | M] (CA) -- C:\Documents and Settings\Hope\My Documents\issdm_en_32.exe
[2010/10/07 06:56:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 06:26:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/06 10:38:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/06 10:38:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 23:26:44 | 002,110,520 | -H-- | M] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\IconCache.db
[2010/10/03 21:58:09 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:20:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 18:34:26 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 18:33:08 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 18:32:48 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 17:21:13 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/10/01 15:45:24 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 23:12:23 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/29 16:13:43 | 000,006,244 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\17674.js
[2010/09/29 16:09:14 | 1183,966,208 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Outlook.pst
[2010/09/29 16:04:40 | 000,168,686 | ---- | M] () -- C:\Incoming Mails.csv
[2010/09/27 21:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/27 19:03:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/22 17:13:51 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/22 17:10:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/20 01:27:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 13:30:07 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Mom Prescription List.doc
[2010/09/15 07:04:05 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create & Print Home.url
[2010/09/15 06:34:43 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/09/15 03:15:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 03:13:42 | 000,000,609 | ---- | M] () -- C:\WINDOWS\win.ini
[8 C:\Documents and Settings\Hope\My Documents\*.tmp files -> C:\Documents and Settings\Hope\My Documents\*.tmp -> ]
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
< End of report >