Solved Infected with ccProxy

[Resolved] Infected with ccProxy

XP Pro Updated - running MS Security Essentials and MalwareBytes Pro

ccProxy pops up at startup. MBam finds, quarantine and deletes it but it reappears. I have added 2 mbam logs - 1 before removal and 1 after.

Ran GMER and aswMBR - logs attached

Ran DDS but the scan would not complete. Tried in regular and safe mode but it would run for 20 minutes without any reports popping up. Could not close the window and the computer froze each time - therefore, no dds logs are attached

Thanks for any help.

 

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8145

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/11/2011 11:41:19 AM
mbam-log-2011-11-12 (11-41-13).txt

Scan type: Quick scan
Objects scanned: 210709
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> No action taken.

 

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8145

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/11/2011 11:42:30 AM
mbam-log-2011-11-12 (11-42-30).txt

Scan type: Quick scan
Objects scanned: 210709
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> Quarantined and deleted successfully.

 

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-12 13:31:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-08LSA0 rev.09.01D09
Running: gamer.exe; Driver: C:\DOCUME~1\Sara\LOCALS~1\Temp\kgtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA88D8640]

---- Kernel code sections - GMER 1.0.15 ----

? opptiyvf.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9BC2A00]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A60F7D20
Device \FileSystem\Fastfat \Fat A6107428

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

 

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-12 13:37:34
-----------------------------
13:37:34.500 OS Version: Windows 5.1.2600 Service Pack 3
13:37:34.500 Number of processors: 2 586 0x403
13:37:34.500 ComputerName: BEAST UserName: Sara
13:37:34.859 Initialize success
13:41:58.687 AVAST engine defs: 11111200
13:43:04.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:43:04.828 Disk 0 Vendor: WDC_WD800JD-08LSA0 09.01D09 Size: 76324MB BusType: 3
13:43:06.828 Disk 0 MBR read successfully
13:43:06.843 Disk 0 MBR scan
13:43:06.875 Disk 0 unknown MBR code
13:43:06.875 Disk 0 scanning sectors +156312450
13:43:06.937 Disk 0 scanning C:\WINDOWS\system32\drivers
13:43:15.671 Service scanning
13:43:16.828 Modules scanning
13:43:20.171 Disk 0 trace - called modules:
13:43:20.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:43:20.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ada3ab8]
13:43:20.187 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8adad510]
13:43:20.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ada9940]
13:43:20.515 AVAST engine scan C:\WINDOWS
13:43:24.031 AVAST engine scan C:\WINDOWS\system32
13:45:08.281 AVAST engine scan C:\WINDOWS\system32\drivers
13:45:19.968 AVAST engine scan C:\Documents and Settings\Sara
13:53:20.906 AVAST engine scan C:\Documents and Settings\All Users
13:53:47.296 Scan finished successfully
13:58:34.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sara\Desktop\Tom\MBR.dat "
13:58:34.875 The log file has been saved successfully to "C:\Documents and Settings\Sara\Desktop\Tom\aswMBR.txt "

 

I appreciate your concern and I strenuously thank you for your reply and assistance however, the computers that you refer to all belong to different friends. I am merely helping them through their problems (without regard to compensation I will add).

My business is web design, not repair. It is a commercial effort and the reason my URL is not listed in my profile. I do have compassion for those close to me who run a muck and am pleased to assist whenever possible.

I shall run TDSSKiller shortly and respond

 

07:01:33.0312 0172 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
07:01:33.0468 0172 ============================================================
07:01:33.0468 0172 Current date / time: 2011/11/13 07:01:33.0468
07:01:33.0468 0172 SystemInfo:
07:01:33.0468 0172
07:01:33.0468 0172 OS Version: 5.1.2600 ServicePack: 3.0
07:01:33.0468 0172 Product type: Workstation
07:01:33.0468 0172 ComputerName: BEAST
07:01:33.0468 0172 UserName: Sara
07:01:33.0468 0172 Windows directory: C:\WINDOWS
07:01:33.0468 0172 System windows directory: C:\WINDOWS
07:01:33.0468 0172 Processor architecture: Intel x86
07:01:33.0468 0172 Number of processors: 2
07:01:33.0468 0172 Page size: 0x1000
07:01:33.0468 0172 Boot type: Normal boot
07:01:33.0468 0172 ============================================================
07:01:34.0484 0172 Initialize success
07:01:44.0093 3664 ============================================================
07:01:44.0093 3664 Scan started
07:01:44.0093 3664 Mode: Manual;
07:01:44.0093 3664 ============================================================
07:01:44.0578 3664 Abiosdsk - ok
07:01:44.0625 3664 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:01:44.0625 3664 abp480n5 - ok
07:01:44.0640 3664 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
07:01:44.0656 3664 ac97intc - ok
07:01:44.0687 3664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:01:44.0687 3664 ACPI - ok
07:01:44.0703 3664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:01:44.0703 3664 ACPIEC - ok
07:01:44.0734 3664 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:01:44.0734 3664 adpu160m - ok
07:01:44.0750 3664 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
07:01:44.0765 3664 aeaudio - ok
07:01:44.0781 3664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:01:44.0781 3664 aec - ok
07:01:44.0812 3664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:01:44.0812 3664 AFD - ok
07:01:44.0843 3664 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:01:44.0843 3664 agp440 - ok
07:01:44.0859 3664 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:01:44.0859 3664 agpCPQ - ok
07:01:44.0890 3664 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:01:44.0890 3664 Aha154x - ok
07:01:44.0906 3664 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:01:44.0921 3664 aic78u2 - ok
07:01:44.0921 3664 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:01:44.0937 3664 aic78xx - ok
07:01:45.0000 3664 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:01:45.0000 3664 AliIde - ok
07:01:45.0015 3664 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:01:45.0015 3664 alim1541 - ok
07:01:45.0031 3664 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:01:45.0031 3664 amdagp - ok
07:01:45.0062 3664 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:01:45.0062 3664 amsint - ok
07:01:45.0078 3664 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:01:45.0093 3664 asc - ok
07:01:45.0156 3664 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:01:45.0156 3664 asc3350p - ok
07:01:45.0187 3664 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:01:45.0187 3664 asc3550 - ok
07:01:45.0250 3664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:01:45.0250 3664 AsyncMac - ok
07:01:45.0265 3664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:01:45.0265 3664 atapi - ok
07:01:45.0281 3664 Atdisk - ok
07:01:45.0328 3664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:01:45.0328 3664 Atmarpc - ok
07:01:45.0343 3664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:01:45.0343 3664 audstub - ok
07:01:45.0375 3664 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
07:01:45.0375 3664 b57w2k - ok
07:01:45.0390 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:01:45.0390 3664 Beep - ok
07:01:45.0437 3664 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:01:45.0437 3664 cbidf - ok
07:01:45.0453 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:01:45.0453 3664 cbidf2k - ok
07:01:45.0484 3664 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:01:45.0484 3664 cd20xrnt - ok
07:01:45.0500 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:01:45.0500 3664 Cdaudio - ok
07:01:45.0515 3664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:01:45.0515 3664 Cdfs - ok
07:01:45.0531 3664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:01:45.0531 3664 Cdrom - ok
07:01:45.0546 3664 Changer - ok
07:01:45.0578 3664 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:01:45.0593 3664 CmdIde - ok
07:01:45.0625 3664 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:01:45.0625 3664 Cpqarray - ok
07:01:45.0656 3664 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:01:45.0671 3664 dac2w2k - ok
07:01:45.0687 3664 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:01:45.0687 3664 dac960nt - ok
07:01:45.0734 3664 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
07:01:45.0734 3664 DefragFS - ok
07:01:45.0796 3664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:01:45.0796 3664 Disk - ok
07:01:45.0843 3664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:01:45.0875 3664 dmboot - ok
07:01:45.0906 3664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:01:45.0906 3664 dmio - ok
07:01:45.0921 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:01:45.0921 3664 dmload - ok
07:01:45.0953 3664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:01:45.0953 3664 DMusic - ok
07:01:46.0000 3664 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:01:46.0000 3664 dpti2o - ok
07:01:46.0031 3664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:01:46.0031 3664 drmkaud - ok
07:01:46.0046 3664 drvmcdb (24646242310499d75c6db4b32768a3b3) C:\WINDOWS\system32\drivers\drvmcdb.sys
07:01:46.0046 3664 drvmcdb - ok
07:01:46.0062 3664 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
07:01:46.0062 3664 drvnddm - ok
07:01:46.0093 3664 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:01:46.0093 3664 E100B - ok
07:01:46.0125 3664 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
07:01:46.0125 3664 EGATHDRV - ok
07:01:46.0171 3664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:01:46.0171 3664 Fastfat - ok
07:01:46.0203 3664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:01:46.0203 3664 Fdc - ok
07:01:46.0218 3664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:01:46.0218 3664 Fips - ok
07:01:46.0250 3664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:01:46.0250 3664 Flpydisk - ok
07:01:46.0265 3664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:01:46.0265 3664 FltMgr - ok
07:01:46.0296 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:01:46.0296 3664 Fs_Rec - ok
07:01:46.0328 3664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:01:46.0328 3664 Ftdisk - ok
07:01:46.0343 3664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:01:46.0343 3664 Gpc - ok
07:01:46.0375 3664 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:01:46.0375 3664 HidUsb - ok
07:01:46.0406 3664 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:01:46.0406 3664 hpn - ok
07:01:46.0500 3664 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:01:46.0500 3664 HPZid412 - ok
07:01:46.0515 3664 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:01:46.0515 3664 HPZipr12 - ok
07:01:46.0546 3664 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:01:46.0546 3664 HPZius12 - ok
07:01:46.0593 3664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:01:46.0593 3664 HTTP - ok
07:01:46.0625 3664 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:01:46.0625 3664 i2omgmt - ok
07:01:46.0656 3664 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:01:46.0656 3664 i2omp - ok
07:01:46.0671 3664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:01:46.0671 3664 i8042prt - ok
07:01:46.0734 3664 ialm (a1d34220b152e73cdbf71a69606a2db1) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:01:46.0750 3664 ialm - ok
07:01:46.0812 3664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:01:46.0812 3664 Imapi - ok
07:01:46.0843 3664 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:01:46.0843 3664 ini910u - ok
07:01:46.0875 3664 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:01:46.0875 3664 IntelIde - ok
07:01:46.0890 3664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:01:46.0890 3664 intelppm - ok
07:01:46.0921 3664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:01:46.0921 3664 Ip6Fw - ok
07:01:46.0953 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:01:46.0953 3664 IpFilterDriver - ok
07:01:46.0968 3664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:01:46.0968 3664 IpInIp - ok
07:01:46.0984 3664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:01:47.0000 3664 IpNat - ok
07:01:47.0015 3664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:01:47.0015 3664 IPSec - ok
07:01:47.0031 3664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:01:47.0031 3664 IRENUM - ok
07:01:47.0062 3664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:01:47.0062 3664 isapnp - ok
07:01:47.0093 3664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:01:47.0093 3664 Kbdclass - ok
07:01:47.0156 3664 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:01:47.0156 3664 kbdhid - ok
07:01:47.0203 3664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:01:47.0203 3664 kmixer - ok
07:01:47.0218 3664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:01:47.0218 3664 KSecDD - ok
07:01:47.0250 3664 lbrtfdc - ok
07:01:47.0328 3664 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
07:01:47.0328 3664 LMIInfo - ok
07:01:47.0359 3664 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
07:01:47.0359 3664 lmimirr - ok
07:01:47.0375 3664 LMIRfsClientNP - ok
07:01:47.0390 3664 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
07:01:47.0390 3664 LMIRfsDriver - ok
07:01:47.0421 3664 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
07:01:47.0421 3664 MBAMProtector - ok
07:01:47.0437 3664 MBAMSwissArmy - ok
07:01:47.0484 3664 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
07:01:47.0484 3664 MidiSyn - ok
07:01:47.0500 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:01:47.0500 3664 mnmdd - ok
07:01:47.0531 3664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:01:47.0531 3664 Modem - ok
07:01:47.0546 3664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:01:47.0546 3664 Mouclass - ok
07:01:47.0593 3664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:01:47.0593 3664 mouhid - ok
07:01:47.0625 3664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:01:47.0625 3664 MountMgr - ok
07:01:47.0656 3664 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:01:47.0656 3664 MpFilter - ok
07:01:47.0703 3664 MpKsl012603cd - ok
07:01:47.0718 3664 MpKsl0ea2ad5c - ok
07:01:47.0734 3664 MpKsl1bae2641 - ok
07:01:47.0734 3664 MpKsl2b165057 - ok
07:01:47.0734 3664 MpKsl2cbe3724 - ok
07:01:47.0750 3664 MpKsl312231af - ok
07:01:47.0750 3664 MpKsl47feeaf5 - ok
07:01:47.0765 3664 MpKsl4ad19f99 - ok
07:01:47.0781 3664 MpKsl608c3c68 - ok
07:01:47.0781 3664 MpKsl6e52037b - ok
07:01:47.0796 3664 MpKsl74d78b5c - ok
07:01:47.0796 3664 MpKsl806d28ea - ok
07:01:47.0812 3664 MpKsla45e8866 - ok
07:01:47.0890 3664 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:01:47.0890 3664 mraid35x - ok
07:01:47.0906 3664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:01:47.0921 3664 MRxDAV - ok
07:01:47.0953 3664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:01:47.0968 3664 MRxSmb - ok
07:01:47.0984 3664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:01:48.0000 3664 Msfs - ok
07:01:48.0015 3664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:01:48.0031 3664 MSKSSRV - ok
07:01:48.0046 3664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:01:48.0046 3664 MSPCLOCK - ok
07:01:48.0062 3664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:01:48.0062 3664 MSPQM - ok
07:01:48.0093 3664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:01:48.0093 3664 mssmbios - ok
07:01:48.0125 3664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:01:48.0125 3664 Mup - ok
07:01:48.0156 3664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:01:48.0156 3664 NDIS - ok
07:01:48.0187 3664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:01:48.0187 3664 NdisTapi - ok
07:01:48.0218 3664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:01:48.0218 3664 Ndisuio - ok
07:01:48.0234 3664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:01:48.0234 3664 NdisWan - ok
07:01:48.0265 3664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:01:48.0265 3664 NDProxy - ok
07:01:48.0296 3664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:01:48.0296 3664 NetBIOS - ok
07:01:48.0328 3664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:01:48.0328 3664 NetBT - ok
07:01:48.0375 3664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:01:48.0375 3664 Npfs - ok
07:01:48.0421 3664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:01:48.0437 3664 Ntfs - ok
07:01:48.0453 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:01:48.0453 3664 Null - ok
07:01:48.0531 3664 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:01:48.0578 3664 nv - ok
07:01:48.0640 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:01:48.0640 3664 NwlnkFlt - ok
07:01:48.0671 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:01:48.0687 3664 NwlnkFwd - ok
07:01:48.0718 3664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:01:48.0718 3664 Parport - ok
07:01:48.0734 3664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:01:48.0734 3664 PartMgr - ok
07:01:48.0765 3664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:01:48.0765 3664 ParVdm - ok
07:01:48.0781 3664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:01:48.0796 3664 PCI - ok
07:01:48.0812 3664 PCIDump - ok
07:01:48.0843 3664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:01:48.0843 3664 PCIIde - ok
07:01:48.0875 3664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:01:48.0875 3664 Pcmcia - ok
07:01:48.0890 3664 PDCOMP - ok
07:01:48.0906 3664 PDFRAME - ok
07:01:48.0921 3664 PDRELI - ok
07:01:48.0937 3664 PDRFRAME - ok
07:01:48.0968 3664 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
07:01:48.0968 3664 pelmouse - ok
07:01:48.0984 3664 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
07:01:48.0984 3664 pelusblf - ok
07:01:49.0015 3664 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:01:49.0015 3664 perc2 - ok
07:01:49.0046 3664 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:01:49.0046 3664 perc2hib - ok
07:01:49.0093 3664 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
07:01:49.0093 3664 PMEM - ok
07:01:49.0125 3664 portio (a15f8012b1bb59f5c5abf1aa1158cd43) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
07:01:49.0125 3664 portio - ok
07:01:49.0140 3664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:01:49.0156 3664 PptpMiniport - ok
07:01:49.0171 3664 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:01:49.0171 3664 Processor - ok
07:01:49.0203 3664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:01:49.0203 3664 PSched - ok
07:01:49.0218 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:01:49.0218 3664 Ptilink - ok
07:01:49.0250 3664 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:01:49.0250 3664 PxHelp20 - ok
07:01:49.0281 3664 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:01:49.0281 3664 ql1080 - ok
07:01:49.0296 3664 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:01:49.0296 3664 Ql10wnt - ok
07:01:49.0328 3664 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:01:49.0328 3664 ql12160 - ok
07:01:49.0343 3664 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:01:49.0343 3664 ql1240 - ok
07:01:49.0359 3664 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:01:49.0359 3664 ql1280 - ok
07:01:49.0390 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:01:49.0390 3664 RasAcd - ok
07:01:49.0453 3664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:01:49.0453 3664 Rasl2tp - ok
07:01:49.0484 3664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:01:49.0484 3664 RasPppoe - ok
07:01:49.0500 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:01:49.0500 3664 Raspti - ok
07:01:49.0546 3664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:01:49.0546 3664 Rdbss - ok
07:01:49.0562 3664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:01:49.0562 3664 RDPCDD - ok
07:01:49.0593 3664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:01:49.0593 3664 rdpdr - ok
07:01:49.0625 3664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:01:49.0640 3664 RDPWD - ok
07:01:49.0671 3664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:01:49.0671 3664 redbook - ok
07:01:49.0734 3664 SABProcEnum - ok
07:01:49.0781 3664 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:01:49.0781 3664 SASDIFSV - ok
07:01:49.0796 3664 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:01:49.0796 3664 SASKUTIL - ok
07:01:49.0875 3664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:01:49.0875 3664 Secdrv - ok
07:01:49.0921 3664 senfilt (e3a8d5ef17b540fc42465051a34a04eb) C:\WINDOWS\system32\drivers\senfilt.sys
07:01:49.0937 3664 senfilt - ok
07:01:49.0968 3664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:01:49.0968 3664 serenum - ok
07:01:49.0984 3664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:01:50.0000 3664 Serial - ok
07:01:50.0031 3664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:01:50.0031 3664 Sfloppy - ok
07:01:50.0078 3664 Simbad - ok
07:01:50.0109 3664 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:01:50.0109 3664 sisagp - ok
07:01:50.0171 3664 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
07:01:50.0171 3664 smwdm - ok
07:01:50.0218 3664 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:01:50.0218 3664 Sparrow - ok
07:01:50.0250 3664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:01:50.0250 3664 splitter - ok
07:01:50.0265 3664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:01:50.0265 3664 sr - ok
07:01:50.0312 3664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:01:50.0312 3664 Srv - ok
07:01:50.0343 3664 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
07:01:50.0343 3664 sscdbhk5 - ok
07:01:50.0375 3664 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
07:01:50.0375 3664 ssrtln - ok
07:01:50.0390 3664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:01:50.0390 3664 swenum - ok
07:01:50.0421 3664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:01:50.0421 3664 swmidi - ok
07:01:50.0468 3664 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:01:50.0468 3664 symc810 - ok
07:01:50.0484 3664 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:01:50.0484 3664 symc8xx - ok
07:01:50.0515 3664 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:01:50.0515 3664 sym_hi - ok
07:01:50.0546 3664 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:01:50.0546 3664 sym_u3 - ok
07:01:50.0562 3664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:01:50.0593 3664 sysaudio - ok
07:01:50.0640 3664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:01:50.0656 3664 Tcpip - ok
07:01:50.0687 3664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:01:50.0687 3664 TDPIPE - ok
07:01:50.0718 3664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:01:50.0718 3664 TDTCP - ok
07:01:50.0750 3664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:01:50.0750 3664 TermDD - ok
07:01:50.0781 3664 tfsnboio (818bc02bffb1370961092c6b5b61effd) C:\WINDOWS\system32\dla\tfsnboio.sys
07:01:50.0796 3664 tfsnboio - ok
07:01:50.0812 3664 tfsncofs (d416d123824bb68bd42337220eabd0f8) C:\WINDOWS\system32\dla\tfsncofs.sys
07:01:50.0812 3664 tfsncofs - ok
07:01:50.0828 3664 tfsndrct (d727ba310c389b8aaf430c6eb43bb6cc) C:\WINDOWS\system32\dla\tfsndrct.sys
07:01:50.0828 3664 tfsndrct - ok
07:01:50.0859 3664 tfsndres (585c7608520d78db044305e8e87e7aaa) C:\WINDOWS\system32\dla\tfsndres.sys
07:01:50.0859 3664 tfsndres - ok
07:01:50.0875 3664 tfsnifs (8cd4967293437d61da143be54c4059f5) C:\WINDOWS\system32\dla\tfsnifs.sys
07:01:50.0875 3664 tfsnifs - ok
07:01:50.0890 3664 tfsnopio (8b99b4d9b8a63e2a4364654dfc371417) C:\WINDOWS\system32\dla\tfsnopio.sys
07:01:50.0890 3664 tfsnopio - ok
07:01:50.0906 3664 tfsnpool (a7608fbe5c71e742cf22c622a4e143b2) C:\WINDOWS\system32\dla\tfsnpool.sys
07:01:50.0921 3664 tfsnpool - ok
07:01:50.0937 3664 tfsnudf (b2f93bba5135535f087808c50877d18d) C:\WINDOWS\system32\dla\tfsnudf.sys
07:01:50.0937 3664 tfsnudf - ok
07:01:50.0953 3664 tfsnudfa (ff0251484aaeae12263538ef877a5f4b) C:\WINDOWS\system32\dla\tfsnudfa.sys
07:01:50.0953 3664 tfsnudfa - ok
07:01:51.0000 3664 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:01:51.0000 3664 TosIde - ok
07:01:51.0031 3664 TPM (317b746b6069a10d635fdbdf48723845) C:\WINDOWS\system32\DRIVERS\tpm.sys
07:01:51.0031 3664 TPM - ok
07:01:51.0078 3664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:01:51.0078 3664 Udfs - ok
07:01:51.0109 3664 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:01:51.0109 3664 ultra - ok
07:01:51.0140 3664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:01:51.0156 3664 Update - ok
07:01:51.0234 3664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:01:51.0250 3664 usbccgp - ok
07:01:51.0265 3664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:01:51.0265 3664 usbehci - ok
07:01:51.0296 3664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:01:51.0296 3664 usbhub - ok
07:01:51.0328 3664 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:01:51.0328 3664 usbprint - ok
07:01:51.0359 3664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:01:51.0359 3664 usbscan - ok
07:01:51.0375 3664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:01:51.0375 3664 USBSTOR - ok
07:01:51.0406 3664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:01:51.0406 3664 usbuhci - ok
07:01:51.0421 3664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:01:51.0421 3664 VgaSave - ok
07:01:51.0453 3664 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:01:51.0453 3664 viaagp - ok
07:01:51.0484 3664 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:01:51.0484 3664 ViaIde - ok
07:01:51.0515 3664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:01:51.0515 3664 VolSnap - ok
07:01:51.0546 3664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:01:51.0546 3664 Wanarp - ok
07:01:51.0562 3664 WDICA - ok
07:01:51.0609 3664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:01:51.0609 3664 wdmaud - ok
07:01:51.0640 3664 wimmount (05fb36a51e04a6c6b3a5f125fa692e6b) C:\WINDOWS\system32\DRIVERS\wimmount.sys
07:01:51.0640 3664 wimmount - ok
07:01:51.0781 3664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:01:51.0781 3664 WudfPf - ok
07:01:51.0812 3664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:01:51.0812 3664 WudfRd - ok
07:01:51.0843 3664 MBR (0x1B8) (cb6a2ea65a079f075d2406defcb72ff2) \Device\Harddisk0\DR0
07:01:51.0859 3664 \Device\Harddisk0\DR0 - ok
07:01:51.0859 3664 Boot (0x1200) (f4fe0bfd308fc65001ec546f45c5d07f) \Device\Harddisk0\DR0\Partition0
07:01:51.0859 3664 \Device\Harddisk0\DR0\Partition0 - ok
07:01:51.0859 3664 ============================================================
07:01:51.0859 3664 Scan finished
07:01:51.0859 3664 ============================================================
07:01:51.0890 1828 Detected object count: 0
07:01:51.0890 1828 Actual detected object count: 0

 

Thanks for looking out though. I wish they were as diligent as I am but, there you go, eh?

Combo fix would only freeze the computer in normal mode. Ran Rkills and attached 3 log files - new copy of Combofix only froze the computer again.

Ran everything in safe mode. Combofix ran for almost 3 hours without producing any results so I restarted and am hoping you have a next step.

Thanks


rkill.scr
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 13/11/2011 at 15:23:46.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 13/11/2011 at 15:23:50.




rkill.exe
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 13/11/2011 at 15:26:00.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch3.exe
C:\WINDOWS\system32\MpSigStub.exe
Rkill completed on 13/11/2011 at 15:26:05.


Rkill.com
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 13/11/2011 at 15:21:50.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 13/11/2011 at 15:21:55.

 

MBAM called for a restart - didn't restart - ran Bootkit Remover - log posted in next post

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8156

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/11/2011 9:15:27 PM
mbam-log-2011-11-13 (21-15-27).txt

Scan type: Quick scan
Objects scanned: 209204
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> Quarantined and deleted successfully.

 

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: bb7a3fbbf3bf15b1bcda6d944b087f34

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

OK will do. Unfortunately it will have to be in the morning. The computer shall remain on all night so restarting as you instruct wont be a problem

Thanks, will post tomorrow

 

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-12 13:37:34
-----------------------------
13:37:34.500 OS Version: Windows 5.1.2600 Service Pack 3
13:37:34.500 Number of processors: 2 586 0x403
13:37:34.500 ComputerName: BEAST UserName: Sara
13:37:34.859 Initialize success
13:41:58.687 AVAST engine defs: 11111200
13:43:04.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:43:04.828 Disk 0 Vendor: WDC_WD800JD-08LSA0 09.01D09 Size: 76324MB BusType: 3
13:43:06.828 Disk 0 MBR read successfully
13:43:06.843 Disk 0 MBR scan
13:43:06.875 Disk 0 unknown MBR code
13:43:06.875 Disk 0 scanning sectors +156312450
13:43:06.937 Disk 0 scanning C:\WINDOWS\system32\drivers
13:43:15.671 Service scanning
13:43:16.828 Modules scanning
13:43:20.171 Disk 0 trace - called modules:
13:43:20.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:43:20.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ada3ab8]
13:43:20.187 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8adad510]
13:43:20.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ada9940]
13:43:20.515 AVAST engine scan C:\WINDOWS
13:43:24.031 AVAST engine scan C:\WINDOWS\system32
13:45:08.281 AVAST engine scan C:\WINDOWS\system32\drivers
13:45:19.968 AVAST engine scan C:\Documents and Settings\Sara
13:53:20.906 AVAST engine scan C:\Documents and Settings\All Users
13:53:47.296 Scan finished successfully
13:58:34.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sara\Desktop\Tom\MBR.dat "
13:58:34.875 The log file has been saved successfully to "C:\Documents and Settings\Sara\Desktop\Tom\aswMBR.txt "

 

Broni:
The question has arisen - could this have taken up residence in the backup drive that the user has? She uses Genie Timeline to automate the backup process.

The backup drive has not been connected to the computer since we started working on it

Thanks

 

OTL logfile created on: 14/11/2011 1:37:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sara\Desktop\Tom
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.49 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 73.06% Memory free
4.83 Gb Paging File | 4.26 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.22 Gb Total Space | 41.32 Gb Free Space | 58.02% Space Free | Partition Type: NTFS

Computer Name: BEAST | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 13:36:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sara\Desktop\Tom\OTL.exe
PRC - [2011/10/07 07:55:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/10/07 07:55:42 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2011/03/15 14:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2011/01/11 11:25:38 | 001,051,264 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
PRC - [2011/01/11 11:25:38 | 000,362,624 | ---- | M] (Genie-Soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/06/15 04:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 04:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/13 02:22:44 | 000,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2005/04/13 18:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 19:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/29 12:10:12 | 000,396,288 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSBackupManager.dll
MOD - [2011/01/31 11:21:46 | 000,342,528 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSIndexDB.dll
MOD - [2011/01/11 11:25:38 | 000,467,968 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSWatcher4.dll
MOD - [2011/01/11 11:25:38 | 000,048,128 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogManager.dll
MOD - [2011/01/11 11:25:38 | 000,028,160 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\VSSEngine_XP.dll
MOD - [2011/01/09 11:00:42 | 000,051,712 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\QueueManager.dll
MOD - [2011/01/09 11:00:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLibrariesManager.dll
MOD - [2011/01/09 11:00:42 | 000,038,400 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogging.dll
MOD - [2011/01/09 11:00:42 | 000,009,728 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\VSSEngine_Proxy.dll
MOD - [2011/01/09 11:00:40 | 000,144,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\Settings.dll
MOD - [2011/01/09 11:00:40 | 000,111,616 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\BlockLevel2.dll
MOD - [2010/08/31 06:43:58 | 000,080,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSEncryption.dll
MOD - [2010/08/31 06:43:58 | 000,072,192 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSCurl.dll
MOD - [2010/08/31 06:42:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll
MOD - [2010/06/15 06:00:28 | 000,921,088 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\sqlite3.dll
MOD - [2010/06/15 04:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/11/06 19:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - [2011/10/07 07:55:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/07 07:55:42 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/22 14:03:50 | 000,423,424 | -HS- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\tcpsvces.exe -- (RavAuto)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/26 02:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\tomfix\pev.3XE -- (PEVSystemStart)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 14:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2011/01/11 11:25:38 | 000,362,624 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 07:55:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/07 05:22:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2005/10/09 21:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2005/02/05 07:51:00 | 000,392,832 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/12/06 21:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/05/19 17:41:26 | 000,013,757 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/02/11 17:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003/01/10 17:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/09/20 14:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.ca/
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/24 17:18:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/24 17:18:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/09/16 06:01:45 | 000,263,300 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9132 more lines...
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4051018094-2330310444-191952952-1007..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe File not found
O4 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4051018094-2330310444-191952952-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4051018094-2330310444-191952952-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150472969437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} http://nsprdnacw-vip.aliant.net/lwp/static/installers/AliantActiveXInstaller.cab (ConnectivityTester Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD276B8D-8724-4576-8BBB-81DE5B529D86}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/18 07:23:12 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell - " " = AutoRun
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell\Auto\command - " " = E:\Server0.exe
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{1f89d856-e8af-11dd-9c74-001125745f72}\Shell\AutoRun\command - " " = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Server0.exe
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 18:28:29 | 000,000,000 | --SD | C] -- C:\tomfix
[2011/11/13 15:06:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/13 15:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/13 15:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/13 15:04:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/13 15:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/13 15:04:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/13 15:03:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/12 14:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/11/10 15:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\Application Data\SUPERAntiSpyware.com
[2011/11/10 15:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/10 15:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/10 15:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/10 13:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Genie-Soft
[2011/11/10 13:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Genie-Soft
[2011/11/10 12:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\Application Data\Skype
[2011/11/10 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/10 12:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/10 12:52:18 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/10 12:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/10 11:38:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Log
[2011/11/10 10:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/10 10:57:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/10 10:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/10 10:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\Desktop\Tom
[2011/11/09 11:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sara\My Documents\flower card project
[2011/10/21 08:31:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\web
[2011/10/21 08:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Storm
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[233 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 13:06:47 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Sara\Desktop\Microsoft Office Outlook 2003.lnk
[2011/11/14 12:30:26 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/14 12:29:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ECACB466-71A9-4424-857C-E804F2F94923}.job
[2011/11/14 12:26:58 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 12:25:33 | 000,002,561 | ---- | M] () -- C:\WINDOWS\System32\CCProxy.ini
[2011/11/14 12:25:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 21:51:35 | 000,000,311 | RHS- | M] () -- C:\BOOT.INI
[2011/11/10 11:36:21 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2011/11/10 10:57:44 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 09:29:19 | 000,001,154 | -HS- | M] () -- C:\WINDOWS\System32\AccInfo.ini
[2011/11/08 18:26:14 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Sara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/08 18:26:11 | 000,505,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 18:26:11 | 000,089,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 18:09:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/08 17:36:47 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/21 14:24:33 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\info.dat
[2011/10/21 11:51:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[233 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 08:30:42 | 000,002,561 | ---- | C] () -- C:\WINDOWS\System32\CCProxy.ini
[2011/11/13 15:06:40 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/11/13 15:06:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/13 15:04:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/13 15:04:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/13 15:04:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/13 15:04:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/13 15:04:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/10 10:57:44 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 18:26:13 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/08 17:41:44 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/21 08:31:39 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\info.dat
[2011/10/21 08:31:02 | 000,423,424 | -HS- | C] () -- C:\WINDOWS\System32\tcpsvces.exe
[2011/10/21 08:31:02 | 000,001,154 | -HS- | C] () -- C:\WINDOWS\System32\AccInfo.ini
[2011/10/21 08:31:02 | 000,000,404 | -HS- | C] () -- C:\WINDOWS\System32\ccjp.bat
[2011/09/12 09:24:18 | 000,022,086 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Comma Separated Values (Windows).ADR
[2011/07/08 09:51:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 08:29:06 | 000,006,257 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Comma Separated Values (Windows).EML
[2010/09/13 13:34:59 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\Sara\Application Data\Tab Separated Values (Windows).EML
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/07/31 15:14:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/11/24 16:59:15 | 000,164,497 | ---- | C] () -- C:\WINDOWS\hpoins33.dat
[2008/11/24 16:59:15 | 000,001,526 | ---- | C] () -- C:\WINDOWS\hpomdl33.dat
[2008/02/06 17:21:57 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2008/02/06 17:21:57 | 000,003,449 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2007/01/12 12:56:35 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/08/17 05:31:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\getfile.dat
[2006/08/16 20:07:09 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Sara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/27 14:19:45 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2006/05/07 07:42:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/02/08 07:58:33 | 000,112,885 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/02/08 07:58:32 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/02/01 07:08:27 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2006/02/01 07:08:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP2R.EXE
[2006/02/01 07:06:31 | 000,000,223 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat
[2006/02/01 07:01:44 | 000,000,070 | ---- | C] () -- C:\WINDOWS\A2593216.ini
[2006/01/18 07:36:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/18 07:23:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Sara\Local Settings\Application Data\fusioncache.dat
[2005/12/21 15:11:30 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/21 14:37:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/21 14:26:02 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/21 14:25:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/21 14:25:05 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/21 14:25:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/21 14:25:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/21 14:25:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/21 14:25:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/21 14:22:44 | 000,005,437 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2005/12/21 14:22:44 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2005/12/21 14:22:43 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2005/12/21 14:22:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2005/01/20 00:53:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/16 07:41:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/11/09 05:02:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2004/08/09 15:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 15:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 14:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/09 14:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 14:45:31 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/09 10:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/04/10 19:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 11:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 11:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/06 19:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 04:00:00 | 000,505,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 04:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003562_.tmp.dll
[1980/01/01 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 04:00:00 | 000,089,178 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 04:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003530_.tmp.dll
[1980/01/01 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/21 08:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Genie-Soft
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2011/09/16 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2009/07/31 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2011/11/14 07:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/06/16 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/07/20 10:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/08/11 10:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/03/17 11:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/10/21 08:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2011/09/14 10:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Genie-Soft
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\IBM
[2011/10/13 17:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Genie-Soft
[2005/12/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\IBM
[2011/09/14 10:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Genie-Soft
[2006/01/26 02:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\IBM
[2011/02/28 15:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Image Zone Express
[2008/11/23 20:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\InterVideo
[2006/01/18 09:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Leadertech
[2010/07/20 10:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\Panda Security
[2009/12/19 14:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sara\Application Data\TeamViewer
[2011/11/14 12:30:26 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/14 12:29:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ECACB466-71A9-4424-857C-E804F2F94923}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/09/16 05:46:54 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/01/18 07:23:12 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/07/20 10:30:17 | 000,000,236 | ---- | M] () -- C:\bdlog.txt
[2011/11/10 11:36:21 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2011/11/13 21:51:35 | 000,000,311 | RHS- | M] () -- C:\BOOT.INI
[2005/12/21 14:35:52 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2005/12/21 14:37:52 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2004/08/09 14:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/01/18 07:23:12 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/12/21 14:25:30 | 000,001,519 | ---- | M] () -- C:\drivez.log
[2006/06/16 12:30:27 | 000,124,126 | ---- | M] () -- C:\IbmEgath.XML
[2006/01/18 07:23:12 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/01/02 13:53:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/16 04:47:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/14 12:25:10 | 2673,782,784 | -HS- | M] () -- C:\pagefile.sys
[2011/11/13 18:27:40 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/11/13 15:26:35 | 000,000,602 | ---- | M] () -- C:\rkill_exe.log
[2005/12/21 14:18:54 | 000,000,736 | ---- | M] () -- C:\SYSLEVEL.IBM
[2011/11/13 07:03:16 | 000,062,758 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_13.11.2011_07.01.33_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 14:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2001/08/09 20:00:00 | 000,008,192 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD2R.DLL
[2001/08/09 20:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP2R.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/06/06 20:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp692.dll
[2011/10/07 07:55:43 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2004/11/04 20:40:14 | 000,329,160 | ---- | M] () -- C:\WINDOWS\1024 x 768 IBM Americas Map.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2006/07/27 14:13:26 | 000,000,461 | ---- | M] () -- C:\Program Files\INSTALL.LOG

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 14:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/09 14:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/09 14:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/16 04:52:52 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/01/18 07:23:24 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Sara\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/09 15:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sara\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/11 06:55:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Sara\Application Data\Microsoft\Internet Explorer\Quick Launch\Your #84 digital issue of Ceramics Art and Perception is here!.msg

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2003/05/28 13:16:23 | 013,388,464 | ---- | M] (Zero-Knowledge Systems Inc. ) -- C:\Documents and Settings\Sara\My Documents\ZeroKDownload.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/01/18 07:23:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sara\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/14 13:35:51 | 000,311,296 | -HS- | M] () -- C:\Documents and Settings\Sara\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 05:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 05:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 05:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 05:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 05:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 05:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 05:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >