Jump to content

Malware - bought your programme, had to Restore to earlier, lost files and library locations..


Recommended Posts

Hello all to you guys. Keep fighting the good fight please!!!!

OK, details as requested, including attachments.

1) Started to notice browser re-directs.

2) I was fully patched from Windows, and also had Microsoft Security Essentials. Which noticed that there was trojans, but did nothing about them.

3) I installed Trend Micro free trial, after having to do a roll back.

3.1) At this stage, no files missing.

3.2) Would not boot up - Vaio said boot sector issues.

4) Roll back earlier.

5) Trend Micro noticed Trojan, said it could not do anything - other than delete or remove unhealthy file.

6) Re-start. For the umpteen millionth time.

7) Purchase Malwarebytes full system.

8) Install. Malwarebytes does not see anything, but I get repeated browser launches of IE for no reason at all, at a random page. In addition, throughout states 1-5 above, I get a smiley face in the top left corner. And a crash window (or psuedo pretend window) saying that Center Stage had crashed due to some security issue. Big long crash text. Not selectable to copy. Closing this window brings up the smiley face, if it has already closed. Closing smiley face in top left of screen closes it.

9) Both Firefox and IE have redirects.

10) Having installed Malwarebytes service (I paid for this one rather than the free trial) notices NOTHING WRONG with my system. However, clearly something is. In addition, Malwarebytes DOES notice something happening in that it prevents IE from accessing a dodgy website. I would post up the text, but it does not let me select the text unfortunately.

11) As I have rolled back, some files are missing - however, not just this, but all my library has vanished - in the respect that VIDEOS, MUSIC folders are not there - clicking on the Library folder shows nothing. Going to recent files shows empty links. Running a search for a specific movie or music file finds it, sort of. But I cannot click and drag every file back.

Please, obi-wan kenobi of the Malware Removal world... youre my only hope...! Please can you guys also assist with the point 11) as its a real pain having no idea where any of my music or some of my other files are... what a drag!

THANKS :)

CheekyGrin

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Cheeky Grin at 20:44:24 on 2011-07-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.1222 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\RunDll32.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Sony\VAIO Care\Admload.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\hh.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Alex Lawrence\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\wbengine.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Alex Lawrence\Desktop\dds.scr

C:\Windows\SysWOW64\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Alex Lawrence\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR0pSVzItTlFIWEMtUVQ3T0otMlk0VEstOQ"&"inst=NzYtODgyMDk5MTU5LUREVCswLVRVRysz"&"prod=92"&"ver=10.0.1390

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe

mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Alex Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\a2pod0kl.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e25bf11&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Users\Alex Lawrence\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\Alex Lawrence\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Alex Lawrence\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-11 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-19 366640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-15 2214504]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-3-14 47616]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]

R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-9 259192]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-1-17 104960]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-1-17 575856]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-9 44736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\F97C.tmp --> C:\Windows\system32\F97C.tmp [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-6-6 24176]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 655088]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-1-17 1250160]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-07-20 03:14:25 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBE50A4A-83EB-4C6B-99EA-8A6061C50800}\mpengine.dll

2011-07-20 00:06:09 -------- d-----w- C:\Program Files (x86)\ESET

2011-07-19 23:52:31 -------- d-----w- C:\Users\Alex Lawrence\AppData\Local\Diagnostics

2011-07-19 21:55:34 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-19 21:55:27 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-19 20:15:03 6144 ------w- C:\Windows\System32\F97C.tmp

2011-07-19 20:14:23 6144 ------w- C:\Windows\System32\5DB9.tmp

2011-07-19 20:14:12 -------- d-----w- C:\Program Files (x86)\Sophos

2011-07-19 17:34:13 -------- d-----w- C:\Users\Alex Lawrence\AppData\Roaming\AVG10

2011-07-19 17:31:58 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2011-07-19 17:31:58 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2011-07-19 17:31:58 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-07-19 17:31:58 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-07-19 17:31:58 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2011-07-19 17:31:58 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2011-07-19 17:31:58 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2011-07-19 17:31:57 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2011-07-19 17:31:57 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2011-07-19 17:31:56 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-07-19 17:30:03 -------- d--h--w- C:\ProgramData\Common Files

2011-07-19 17:29:10 -------- d-----w- C:\ProgramData\AVG10

2011-07-19 17:28:34 -------- d-----w- C:\Program Files (x86)\AVG

2011-07-19 17:24:23 -------- d-----w- C:\ProgramData\MFAData

2011-07-19 15:33:54 -------- d-----w- C:\Users\Alex Lawrence\AppData\Roaming\Malwarebytes

2011-07-19 15:33:40 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-19 15:33:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-19 15:33:26 -------- d-----w- C:\temp

2011-07-19 00:00:24 -------- d-----w- C:\ProgramData\Trend Micro

2011-07-19 00:00:19 -------- d-----w- C:\Program Files\Trend Micro

2011-07-15 22:16:37 -------- d-----w- C:\dell

2011-07-08 21:33:00 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2011-07-08 19:12:29 -------- d--h--w- C:\Users\Alex Lawrence\AppData\Local\Fallout3

2011-07-08 19:06:44 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks

2011-07-08 19:05:06 -------- d-----w- C:\Windows\SysWow64\xlive

2011-07-08 19:04:43 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-07-08 19:04:43 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-07-08 19:04:43 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-07-08 19:04:42 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-07-08 19:04:42 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-07-08 19:04:42 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-07-08 19:04:42 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-07-08 19:04:42 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-07-08 18:49:55 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2011-07-08 18:49:53 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-07-08 18:31:58 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2011-07-08 18:28:01 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-07-08 18:27:53 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-07-08 18:27:28 -------- d--h--w- C:\Users\Alex Lawrence\AppData\Roaming\DAEMON Tools Lite

2011-07-08 18:27:28 -------- d--h--w- C:\ProgramData\DAEMON Tools Lite

2011-07-07 19:39:56 -------- d--h--w- C:\Users\Alex Lawrence\AppData\Roaming\Outlook

2011-07-06 19:58:18 0 ----a-w- C:\Program Files (x86)\7-Zip.exe

2011-07-06 18:12:29 -------- d-----w- C:\Users\Alex Lawrence\AppData\Local\Microsoft Games

2011-07-06 17:27:23 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-05 21:10:06 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC806606-79CC-4DBA-8299-E40A431F5374}\gapaengine.dll

2011-07-05 21:08:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-07-05 21:08:48 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-07-05 15:13:04 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74761368-E038-4E3D-B3B0-84E4255E9EAD}\mpengine.dll

2011-06-24 16:06:29 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-06-22 23:07:19 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-06-21 16:14:14 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-06-21 16:14:13 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-21 16:14:13 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

.

==================== Find3M ====================

.

2011-06-16 03:25:26 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-27 16:58:11 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-05-27 16:58:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-21 06:01:00 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll

2011-05-21 06:01:00 61544 ----a-w- C:\Windows\System32\nvshext.dll

2011-05-21 06:01:00 326760 ----a-w- C:\Windows\System32\nvhotkey.dll

2011-05-21 06:01:00 1496168 ----a-w- C:\Windows\System32\nvdispco6420150.dll

2011-05-21 06:01:00 1427048 ----a-w- C:\Windows\System32\nvgenco642090.dll

2011-05-21 05:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-05-10 09:41:27 1426536 ----a-w- C:\Windows\System32\nvhdagenco642040.dll

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-27 22:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

.

============= FINISH: 20:52:08.83 ===============

I have to say, I am not overly happy about having to post up for help, when I bought your software - which doesnt even think there is a problem. Also, Windows security essentials seems to pick up more things, and see more going on than Malwarebytes program.

Also, lately, while I am waiting for a reply, now Malwarebytes does not work properly. Now the protection module is disabled due to ERROR 1068 or something like that in some window that pops up.

This only switches on again when I shut down and start back up again.

Then it switches itself off with an error code after a while.

Its a pretty poor piece of software if some malware disables it!!

Attach.zip

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

You're running two Anti-Virus programs which can cause all types of issues.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

Uninstall one of them before going any further.

Next:

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

As requested, Microsoft Security Essentials was disabled. AVG was fully ininstalled. I have not uninstalled Malwarebytes program, although it keeps losing functionality (its being disabled somehow!!).

Things I notice:

1) Browser search redirects. This happens on any browser, on any search engine. I tried Chrome (but uninstalled it as I dont like too many of ANY one product or service on principle) and also IE and Firefox of course. Redirects are to random locations, sometimes even Google's blogger service page. Usually the redirects are to places that PEERGUARDIAN (checking this out) thinks should be blocked. Mind you, Peerguardian blocks lots of mainstream media sites, as well as some antivirus companies, go figure.. interesting - but thats the pleasures and the pain of open source systems.. chaotic mess sometimes if you ask me..

2) On leaving the computer alone for a while, when I had IE, it would randomly launch a browser, complete with random search engine site, usually but not always google related.

3) The Malwarebytes software now has the premium "Protection" module service disabled. Restarting lets this service launch properly, but after a while, it gives an error code of 2, but says the [startup] failed to launch. Which is a bit weird to be honest.

4) There is clearly something odd going on. The core widget speed shows my chip speeds to be at 55%, which isnt right if its just idling.

5) I have followed the instructions of your forum and used DEFOGGER before running the tests above as you requested.

6) Interestingly, replacing the MBR with MBR.exe results in the following - Microsoft Security Essentials wakes up and deletes something called Trojan.Alureon as soon as the MBR is replaced with MBR.exe.. however, this does precisely sod all, as the redirects are still there.

6.1) As you requested, ATF was run (I sometimes use CCleaner, seems a good tool for this too) as administrator.

6.2) As you requested, Gooredfix was run, but didnt do anything, or notice anything.

6.3) Similarly TDSS - here is the pasted text as you request.

7) Thanks... I appreciate your help!!! Seems a shame to buy a service and it doesnt pick up anything wrong (the only service which has noticed anything dodgy was Microsoft Security Essentials, but even that couldnt delete things properly)

2011/07/21 15:22:24.0993 6016 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/21 15:22:25.0472 6016 ================================================================================

2011/07/21 15:22:25.0472 6016 SystemInfo:

2011/07/21 15:22:25.0472 6016

2011/07/21 15:22:25.0472 6016 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/21 15:22:25.0472 6016 Product type: Workstation

2011/07/21 15:22:25.0472 6016 ComputerName: CheekyGrin

2011/07/21 15:22:25.0473 6016 UserName: Cheeky Grin

2011/07/21 15:22:25.0473 6016 Windows directory: C:\Windows

2011/07/21 15:22:25.0473 6016 System windows directory: C:\Windows

2011/07/21 15:22:25.0473 6016 Running under WOW64

2011/07/21 15:22:25.0473 6016 Processor architecture: Intel x64

2011/07/21 15:22:25.0473 6016 Number of processors: 8

2011/07/21 15:22:25.0473 6016 Page size: 0x1000

2011/07/21 15:22:25.0473 6016 Boot type: Normal boot

2011/07/21 15:22:25.0473 6016 ================================================================================

2011/07/21 15:22:25.0815 6016 Initialize success

2011/07/21 15:22:27.0477 5304 ================================================================================

2011/07/21 15:22:27.0477 5304 Scan started

2011/07/21 15:22:27.0477 5304 Mode: Manual;

2011/07/21 15:22:27.0477 5304 ================================================================================

2011/07/21 15:22:27.0942 5304 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/07/21 15:22:28.0027 5304 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/07/21 15:22:28.0092 5304 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/07/21 15:22:28.0193 5304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

2011/07/21 15:22:28.0296 5304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

2011/07/21 15:22:28.0330 5304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

2011/07/21 15:22:28.0404 5304 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/07/21 15:22:28.0461 5304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/07/21 15:22:28.0494 5304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/07/21 15:22:28.0515 5304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/07/21 15:22:28.0579 5304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

2011/07/21 15:22:28.0628 5304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

2011/07/21 15:22:28.0747 5304 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/07/21 15:22:28.0791 5304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

2011/07/21 15:22:28.0816 5304 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/07/21 15:22:28.0877 5304 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys

2011/07/21 15:22:28.0949 5304 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/07/21 15:22:29.0035 5304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

2011/07/21 15:22:29.0082 5304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

2011/07/21 15:22:29.0216 5304 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

2011/07/21 15:22:29.0273 5304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/21 15:22:29.0349 5304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/07/21 15:22:29.0464 5304 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys

2011/07/21 15:22:29.0642 5304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

2011/07/21 15:22:29.0690 5304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/21 15:22:29.0739 5304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/21 15:22:29.0810 5304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

2011/07/21 15:22:29.0848 5304 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/21 15:22:29.0873 5304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

2011/07/21 15:22:29.0894 5304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

2011/07/21 15:22:29.0999 5304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/21 15:22:30.0046 5304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/21 15:22:30.0083 5304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/21 15:22:30.0109 5304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/21 15:22:30.0190 5304 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

2011/07/21 15:22:30.0225 5304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

2011/07/21 15:22:30.0260 5304 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2011/07/21 15:22:30.0320 5304 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

2011/07/21 15:22:30.0446 5304 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

2011/07/21 15:22:30.0523 5304 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys

2011/07/21 15:22:30.0553 5304 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys

2011/07/21 15:22:30.0620 5304 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys

2011/07/21 15:22:30.0670 5304 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/07/21 15:22:30.0707 5304 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/07/21 15:22:31.0023 5304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/21 15:22:31.0104 5304 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/21 15:22:31.0163 5304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

2011/07/21 15:22:31.0200 5304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/21 15:22:31.0283 5304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

2011/07/21 15:22:31.0306 5304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/07/21 15:22:31.0434 5304 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/07/21 15:22:31.0508 5304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

2011/07/21 15:22:31.0567 5304 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/21 15:22:31.0637 5304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

2011/07/21 15:22:31.0727 5304 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/07/21 15:22:31.0827 5304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/21 15:22:31.0898 5304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

2011/07/21 15:22:31.0982 5304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/21 15:22:32.0073 5304 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/21 15:22:32.0187 5304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

2011/07/21 15:22:32.0361 5304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

2011/07/21 15:22:32.0422 5304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/07/21 15:22:32.0506 5304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/21 15:22:32.0535 5304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/21 15:22:32.0597 5304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

2011/07/21 15:22:32.0667 5304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/21 15:22:32.0696 5304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/21 15:22:32.0795 5304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

2011/07/21 15:22:32.0856 5304 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/07/21 15:22:32.0903 5304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/21 15:22:32.0926 5304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/21 15:22:32.0982 5304 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/21 15:22:33.0041 5304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/21 15:22:33.0068 5304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/21 15:22:33.0138 5304 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/07/21 15:22:33.0261 5304 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/21 15:22:33.0301 5304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

2011/07/21 15:22:33.0341 5304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

2011/07/21 15:22:33.0377 5304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

2011/07/21 15:22:33.0435 5304 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/21 15:22:33.0506 5304 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/21 15:22:33.0569 5304 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/07/21 15:22:33.0690 5304 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys

2011/07/21 15:22:33.0760 5304 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/07/21 15:22:33.0823 5304 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/21 15:22:33.0875 5304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/07/21 15:22:33.0913 5304 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys

2011/07/21 15:22:33.0981 5304 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/07/21 15:22:34.0109 5304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

2011/07/21 15:22:34.0204 5304 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys

2011/07/21 15:22:34.0332 5304 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys

2011/07/21 15:22:34.0521 5304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/07/21 15:22:34.0586 5304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

2011/07/21 15:22:34.0668 5304 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/21 15:22:34.0735 5304 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/21 15:22:34.0770 5304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/21 15:22:34.0799 5304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/21 15:22:34.0854 5304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/07/21 15:22:34.0958 5304 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/07/21 15:22:34.0995 5304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/07/21 15:22:35.0061 5304 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/07/21 15:22:35.0131 5304 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/21 15:22:35.0188 5304 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/21 15:22:35.0231 5304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/21 15:22:35.0311 5304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/21 15:22:35.0465 5304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/21 15:22:35.0515 5304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/21 15:22:35.0541 5304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

2011/07/21 15:22:35.0567 5304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/21 15:22:35.0592 5304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/21 15:22:35.0720 5304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

2011/07/21 15:22:35.0834 5304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

2011/07/21 15:22:35.0899 5304 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\2EF.tmp

2011/07/21 15:22:35.0939 5304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/21 15:22:35.0991 5304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/21 15:22:36.0051 5304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/21 15:22:36.0108 5304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/21 15:22:36.0259 5304 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/07/21 15:22:36.0344 5304 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/07/21 15:22:36.0404 5304 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/07/21 15:22:36.0435 5304 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/07/21 15:22:36.0479 5304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/21 15:22:36.0547 5304 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/07/21 15:22:36.0584 5304 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/21 15:22:36.0672 5304 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/21 15:22:36.0705 5304 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/21 15:22:36.0759 5304 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/07/21 15:22:36.0794 5304 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/07/21 15:22:36.0823 5304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/21 15:22:36.0869 5304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/21 15:22:36.0901 5304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/07/21 15:22:36.0966 5304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/21 15:22:37.0042 5304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/21 15:22:37.0140 5304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/21 15:22:37.0212 5304 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/07/21 15:22:37.0275 5304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/07/21 15:22:37.0325 5304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/21 15:22:37.0351 5304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

2011/07/21 15:22:37.0377 5304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/21 15:22:37.0441 5304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/21 15:22:37.0522 5304 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/07/21 15:22:37.0652 5304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/21 15:22:37.0733 5304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/21 15:22:37.0797 5304 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/21 15:22:37.0860 5304 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/21 15:22:37.0935 5304 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/07/21 15:22:38.0003 5304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/21 15:22:38.0061 5304 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/21 15:22:38.0233 5304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

2011/07/21 15:22:38.0279 5304 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/07/21 15:22:38.0338 5304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/21 15:22:38.0361 5304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/21 15:22:38.0445 5304 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/07/21 15:22:38.0494 5304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/21 15:22:38.0544 5304 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\drivers\nusb3hub.sys

2011/07/21 15:22:38.0672 5304 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\drivers\nusb3xhc.sys

2011/07/21 15:22:38.0743 5304 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\Windows\system32\drivers\nvhda64v.sys

2011/07/21 15:22:39.0028 5304 nvlddmkm (b4402e1d61a3015fc29bef94bb1c81fd) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/07/21 15:22:39.0208 5304 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/07/21 15:22:39.0251 5304 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/07/21 15:22:39.0315 5304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/07/21 15:22:39.0400 5304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/07/21 15:22:39.0485 5304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

2011/07/21 15:22:39.0527 5304 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/07/21 15:22:39.0653 5304 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys

2011/07/21 15:22:39.0799 5304 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/07/21 15:22:39.0860 5304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/07/21 15:22:39.0911 5304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

2011/07/21 15:22:39.0943 5304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/21 15:22:39.0975 5304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/21 15:22:40.0101 5304 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/21 15:22:40.0184 5304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

2011/07/21 15:22:40.0258 5304 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/21 15:22:40.0360 5304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

2011/07/21 15:22:40.0400 5304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

2011/07/21 15:22:40.0429 5304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/21 15:22:40.0489 5304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/21 15:22:40.0546 5304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/21 15:22:40.0666 5304 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/21 15:22:40.0710 5304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/21 15:22:40.0736 5304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/21 15:22:40.0791 5304 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/21 15:22:40.0827 5304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

2011/07/21 15:22:40.0883 5304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/21 15:22:40.0912 5304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/21 15:22:40.0932 5304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/21 15:22:40.0956 5304 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/07/21 15:22:41.0015 5304 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/07/21 15:22:41.0138 5304 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/07/21 15:22:41.0212 5304 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys

2011/07/21 15:22:41.0287 5304 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys

2011/07/21 15:22:41.0358 5304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/21 15:22:41.0522 5304 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/21 15:22:41.0596 5304 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/21 15:22:41.0640 5304 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

2011/07/21 15:22:41.0698 5304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/21 15:22:41.0785 5304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

2011/07/21 15:22:41.0831 5304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

2011/07/21 15:22:41.0951 5304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

2011/07/21 15:22:42.0038 5304 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys

2011/07/21 15:22:42.0093 5304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/07/21 15:22:42.0117 5304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/21 15:22:42.0149 5304 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/21 15:22:42.0183 5304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

2011/07/21 15:22:42.0266 5304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

2011/07/21 15:22:42.0292 5304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

2011/07/21 15:22:42.0351 5304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/21 15:22:42.0481 5304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/21 15:22:42.0551 5304 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/07/21 15:22:42.0582 5304 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/21 15:22:42.0641 5304 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/21 15:22:42.0713 5304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

2011/07/21 15:22:42.0773 5304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/07/21 15:22:42.0856 5304 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/07/21 15:22:43.0003 5304 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/21 15:22:43.0065 5304 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/21 15:22:43.0101 5304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/21 15:22:43.0134 5304 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/21 15:22:43.0183 5304 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/21 15:22:43.0247 5304 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/07/21 15:22:43.0340 5304 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/21 15:22:43.0411 5304 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/21 15:22:43.0569 5304 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/21 15:22:43.0613 5304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

2011/07/21 15:22:43.0680 5304 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/21 15:22:43.0731 5304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/21 15:22:43.0788 5304 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/07/21 15:22:43.0855 5304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

2011/07/21 15:22:43.0931 5304 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/21 15:22:44.0059 5304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/07/21 15:22:44.0110 5304 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

2011/07/21 15:22:44.0150 5304 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/21 15:22:44.0183 5304 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/07/21 15:22:44.0229 5304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

2011/07/21 15:22:44.0281 5304 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/21 15:22:44.0312 5304 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

2011/07/21 15:22:44.0371 5304 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/21 15:22:44.0559 5304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/21 15:22:44.0609 5304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/21 15:22:44.0637 5304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/21 15:22:44.0686 5304 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/07/21 15:22:44.0739 5304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/07/21 15:22:44.0771 5304 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/07/21 15:22:44.0828 5304 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/07/21 15:22:44.0875 5304 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/07/21 15:22:45.0011 5304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

2011/07/21 15:22:45.0081 5304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/21 15:22:45.0128 5304 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/21 15:22:45.0147 5304 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/07/21 15:22:45.0213 5304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

2011/07/21 15:22:45.0277 5304 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/21 15:22:45.0287 5304 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/21 15:22:45.0437 5304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

2011/07/21 15:22:45.0495 5304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/21 15:22:45.0565 5304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/21 15:22:45.0613 5304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/21 15:22:45.0700 5304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/21 15:22:45.0782 5304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/21 15:22:45.0847 5304 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/07/21 15:22:45.0905 5304 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/21 15:22:46.0028 5304 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/07/21 15:22:46.0108 5304 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/21 15:22:46.0129 5304 Boot (0x1200) (b8d1c3fb0ab7a24b319dee5f6371eb0d) \Device\Harddisk0\DR0\Partition0

2011/07/21 15:22:46.0141 5304 Boot (0x1200) (2834c7ecbf1e7b076d42a807258add41) \Device\Harddisk0\DR0\Partition1

2011/07/21 15:22:46.0145 5304 ================================================================================

2011/07/21 15:22:46.0145 5304 Scan finished

2011/07/21 15:22:46.0145 5304 ================================================================================

2011/07/21 15:22:46.0153 4136 Detected object count: 0

2011/07/21 15:22:46.0153 4136 Actual detected object count: 0

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

You're running two Anti-Virus programs which can cause all types of issues.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

Uninstall one of them before going any further.

Next:

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Some of these infections will not let you install any cleaner.

You need to have the anti-malware program installed before the infection to try and help prevent it in the first place.

You might need to uninstall AVG in order to run combofix.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks LDTate.

I did have a couple of paid subscriptions, but in the time I unsubscribed from one and loaded the Malwarebytes system, I "only" had the Microsoft Security Essentials while I downloaded the full product from Malwarebytes. Whatever this is, its pretty hard core.

You asked: Describe what is going on in the computer now.

1) Switched off all antivirus/software/disabled/uninstalled other copies, as you requested.

2) Uninstalled IE, (Microsoft call this "switching off" in the uninstall programmes file in Windows 7... is it really uninstalled!!! Still shows in the list for me to re-check to activate..the gits..) so now the only browser I have is FireFox.

3) All windows closed. All operating files from the standard user experience side were shut down.

4) Ran CF as you requested (text pasted below)

5) Chip speed on the speed and memory widget for Win7 is still at 49%. Not sure what is going on, since 8 cores on an i7 chassis seems a bit excessive to have a windows environment running at half capacity..

6) Browser redirects still happen.

7) Browser redirects still happen. Any browser type (install, uninstall after). Any search engine (tried all in the list on the right of URL window on Firefox). Typing in "Wine" leads me to Groupon, for no apparent reason.

8) I am sure that this is linked to some dodgey LLC search third party in the States, I was looking at the Peerguardian logs checking where this malware gets its instructions to and from, and there is a lot of traffic routing out/through this guy's firm.. follow the money, eh.. ;o)

9) All my music and video files, as well as some personal folders of family documents and pictures etc. were lost. I heard Roguekiller was good for restoring these "lost" items (the documents were not deleted, just the links I noticed). This restored almost everything back again, but its all ended up as a dog's breakfast on the desktop instead of in the Explorer folders where it was all neatly before. Should I drag and drop this back?

10) Thanks for bearing with me.. and appreciate the assistance, as ever.

ComboFix 11-07-21.04 - Alex Lawrence 07/21/2011 21:05:12.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2231 [GMT -7:00]

Running from: c:\users\Alex Lawrence\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))

.

.

2011-07-22 05:03 . 2011-07-22 05:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-22 05:03 . 2011-07-22 05:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-07-22 05:03 . 2011-07-22 05:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-22 05:03 . 2011-07-22 05:03 -------- d-----w- c:\users\boinc_master\AppData\Local\temp

2011-07-22 03:28 . 2011-07-22 03:28 -------- d--h--w- c:\programdata\CanonIJEGV

2011-07-22 03:27 . 2011-07-22 03:27 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Adobe

2011-07-22 00:40 . 2011-07-22 00:40 -------- d-----w- c:\program files (x86)\ESET

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonEPP

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJMyPrinter

2011-07-21 22:09 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMXLMAN.DLL

2011-07-21 22:09 . 2011-07-22 03:50 -------- d-----w- c:\programdata\CanonIJPLM

2011-07-21 22:08 . 2011-07-21 22:08 -------- d-----w- c:\programdata\Canon IJ Network Tool

2011-07-21 22:08 . 2010-09-13 21:44 106496 ----a-w- c:\windows\SysWow64\CNC880U.dll

2011-07-21 22:08 . 2010-09-07 00:03 315392 ----a-w- c:\windows\SysWow64\CNC880L.dll

2011-07-21 22:08 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2011-07-21 22:08 . 2011-07-21 22:08 -------- d--h--w- c:\programdata\CanonIJFAX

2011-07-21 21:23 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\2EF.tmp

2011-07-21 21:22 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\25BA.tmp

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\program files\Common Files\CANON

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\programdata\CanonIJWSpt

2011-07-21 21:09 . 2011-07-21 21:09 -------- d-----w- c:\program files\Canon

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\programdata\CanonBJ

2011-07-21 21:08 . 2010-10-18 12:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL

2011-07-21 21:08 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL

2011-07-21 21:08 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\1_CNMPDAN.DLL

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-07-21 21:08 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMLMAN.DLL

2011-07-21 21:08 . 2010-10-19 12:00 302080 ----a-w- c:\windows\system32\CNCALAN.DLL

2011-07-21 21:07 . 2010-09-07 10:58 248320 ----a-w- c:\windows\system32\CNMIUAN.DLL

2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\windows\system32\STRING

2011-07-21 21:07 . 2010-09-08 16:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL

2011-07-21 21:07 . 2010-09-08 16:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2011-07-21 21:05 . 2011-07-21 22:10 -------- d-----w- c:\program files (x86)\Canon

2011-07-21 18:14 . 2011-07-21 18:14 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Malwarebytes

2011-07-21 18:14 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-21 18:13 . 2011-07-21 18:13 -------- d-----w- c:\programdata\Malwarebytes

2011-07-21 18:13 . 2011-07-21 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-21 18:11 . 2011-07-21 18:11 388096 ----a-r- c:\users\Alex Lawrence\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-21 18:11 . 2011-07-21 18:11 -------- d-----w- c:\program files (x86)\Hijackthisar5ehole

2011-07-21 17:48 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90B62810-02C0-4C67-997C-57D4D7967296}\mpengine.dll

2011-07-21 03:17 . 2011-07-21 03:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-07-21 03:03 . 2011-07-21 03:03 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\QuickScan

2011-07-19 23:52 . 2011-07-19 23:52 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Diagnostics

2011-07-19 20:15 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\F97C.tmp

2011-07-19 20:14 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\5DB9.tmp

2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\program files (x86)\Sophos

2011-07-19 17:34 . 2011-07-19 17:34 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\AVG10

2011-07-19 17:31 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-19 17:31 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-19 17:31 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-19 17:31 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-19 17:31 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-19 17:31 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-19 17:31 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-19 17:31 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-19 17:31 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-19 17:31 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-19 17:30 . 2011-07-19 17:30 -------- d-----w- c:\programdata\Common Files

2011-07-19 17:29 . 2011-07-20 14:54 -------- d-----w- c:\programdata\AVG10

2011-07-19 17:28 . 2011-07-19 17:28 -------- d-----w- c:\program files (x86)\AVG

2011-07-19 17:24 . 2011-07-19 21:25 -------- d-----w- c:\programdata\MFAData

2011-07-19 15:33 . 2011-07-19 15:33 -------- d-----w- C:\temp

2011-07-19 00:10 . 2011-07-19 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Trend Micro

2011-07-19 00:00 . 2011-07-19 17:19 -------- d-----w- c:\programdata\Trend Micro

2011-07-19 00:00 . 2011-07-19 00:02 -------- d-----w- c:\program files\Trend Micro

2011-07-15 22:16 . 2011-07-19 17:02 -------- d-----w- C:\dell

2011-07-08 21:33 . 2011-07-19 18:02 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-07-08 19:12 . 2011-07-08 19:12 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Fallout3

2011-07-08 19:06 . 2011-07-19 18:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2011-07-08 19:05 . 2011-07-19 18:18 -------- d-----w- c:\windows\SysWow64\xlive

2011-07-08 19:04 . 2005-04-04 06:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-07-08 19:04 . 2005-04-04 06:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-07-08 19:04 . 2005-04-04 06:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-07-08 19:04 . 2011-07-08 19:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-07-08 19:04 . 2011-07-08 19:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-07-08 19:04 . 2005-04-04 06:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-07-08 19:04 . 2005-04-04 06:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-07-08 19:04 . 2005-04-04 05:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-07-08 18:49 . 2011-07-19 18:17 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2011-07-08 18:49 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-07-08 18:31 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-07-08 18:27 . 2011-07-11 18:22 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\DAEMON Tools Lite

2011-07-08 18:27 . 2011-07-08 18:27 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-07 19:39 . 2011-07-07 19:39 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Outlook

2011-07-06 19:58 . 2011-07-06 19:58 0 ----a-w- c:\program files (x86)\7-Zip.exe

2011-07-06 18:12 . 2011-07-19 18:06 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Microsoft Games

2011-07-06 17:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-05 21:10 . 2011-07-05 21:09 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC806606-79CC-4DBA-8299-E40A431F5374}\gapaengine.dll

2011-07-05 21:08 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-07-05 21:08 . 2011-07-19 18:17 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-05 15:13 . 2011-06-20 15:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74761368-E038-4E3D-B3B0-84E4255E9EAD}\mpengine.dll

2011-06-22 23:07 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-16 03:25 . 2011-06-01 16:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-19 17:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-27 17:27 . 2011-05-27 17:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 448512 ----a-w- c:\windows\system32\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-27 17:27 . 2011-05-27 17:27 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-27 16:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-27 16:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-21 06:01 . 2011-06-16 00:23 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-05-21 06:01 . 2011-06-16 00:23 326760 ----a-w- c:\windows\system32\nvhotkey.dll

2011-05-21 06:01 . 2011-06-16 00:22 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll

2011-05-21 06:01 . 2011-06-16 00:22 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll

2011-05-21 06:01 . 2010-07-19 02:36 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-05-10 09:41 . 2011-06-16 00:23 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll

2011-05-03 05:29 . 2011-06-16 09:43 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-16 09:43 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-16 09:43 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-16 09:43 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-16 09:43 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 22:25 . 2011-04-27 22:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2011-04-27 02:40 . 2011-06-16 09:43 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-16 09:43 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-16 09:43 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-25 05:33 . 2011-06-16 09:43 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:34 . 2011-06-16 09:43 499200 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-20_22.06.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-21 22:08 . 2010-07-14 16:55 73728 c:\windows\twain_32\MX880 series\SG_JPN.dll

+ 2011-07-21 22:08 . 2009-07-08 17:58 86016 c:\windows\twain_32\MX880 series\rstcol.dll

+ 2011-07-21 22:08 . 2009-09-15 21:13 98304 c:\windows\twain_32\MX880 series\MC2Plus.dll

+ 2011-07-21 22:08 . 2007-12-06 20:46 73728 c:\windows\twain_32\MX880 series\IJFSHLIB.dll

+ 2011-07-21 22:08 . 2007-11-09 15:48 53248 c:\windows\twain_32\MX880 series\HSL.DLL

+ 2011-07-21 22:08 . 2008-11-19 20:31 73728 c:\windows\twain_32\MX880 series\DDT.dll

+ 2011-07-21 22:08 . 2010-06-03 15:11 94208 c:\windows\twain_32\MX880 series\cncisco3.dll

+ 2011-07-21 22:08 . 2010-05-18 22:54 30720 c:\windows\twain_32\MX880 series\CNC880.DAT

+ 2011-07-21 22:08 . 2005-04-15 22:34 57344 c:\windows\twain_32\MX880 series\BaLCo.dll

+ 2011-01-12 03:18 . 2011-07-21 19:28 57496 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-07-21 19:28 40448 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-24 23:15 . 2011-07-21 19:15 10164 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1834004198-3942806062-3000046163-1005_UserData.bin

+ 2011-07-21 22:09 . 2010-10-18 12:00 27648 c:\windows\system32\spool\drivers\x64\3\CNMXZWAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 69632 c:\windows\system32\spool\drivers\x64\3\CNMXZCAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 15360 c:\windows\system32\spool\drivers\x64\3\CNMXW6AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 13824 c:\windows\system32\spool\drivers\x64\3\CNMXW3AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 16384 c:\windows\system32\spool\drivers\x64\3\CNMXU6AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 14848 c:\windows\system32\spool\drivers\x64\3\CNMXU3AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 79360 c:\windows\system32\spool\drivers\x64\3\CNMXSRAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 90112 c:\windows\system32\spool\drivers\x64\3\CNMXSQAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 17560 c:\windows\system32\spool\drivers\x64\3\CNMXSEAN.EXE

+ 2011-07-21 22:09 . 2010-10-18 12:00 95232 c:\windows\system32\spool\drivers\x64\3\CNMXSDAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 78336 c:\windows\system32\spool\drivers\x64\3\CNMXS6AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 62464 c:\windows\system32\spool\drivers\x64\3\CNMXS3AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 12800 c:\windows\system32\spool\drivers\x64\3\CNMXPSAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 07:00 30320 c:\windows\system32\spool\drivers\x64\3\CNMXP2AN.DAT

+ 2011-07-21 22:09 . 2010-10-18 12:00 28672 c:\windows\system32\spool\drivers\x64\3\CNMXOPAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 18432 c:\windows\system32\spool\drivers\x64\3\CNMXM6AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 16384 c:\windows\system32\spool\drivers\x64\3\CNMXM3AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 89088 c:\windows\system32\spool\drivers\x64\3\CNMXLHAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 10240 c:\windows\system32\spool\drivers\x64\3\CNMXFUAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 13312 c:\windows\system32\spool\drivers\x64\3\CNMW6AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 12288 c:\windows\system32\spool\drivers\x64\3\CNMW3AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 57496 c:\windows\system32\spool\drivers\x64\3\CNMVSAN.EXE

+ 2011-07-21 21:08 . 2010-10-18 12:00 15872 c:\windows\system32\spool\drivers\x64\3\CNMVSAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 79360 c:\windows\system32\spool\drivers\x64\3\CNMSRAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 90112 c:\windows\system32\spool\drivers\x64\3\CNMSQAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 17560 c:\windows\system32\spool\drivers\x64\3\CNMSEAN.EXE

+ 2011-07-21 21:08 . 2010-10-18 12:00 95232 c:\windows\system32\spool\drivers\x64\3\CNMSDAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 07:00 30320 c:\windows\system32\spool\drivers\x64\3\CNMP2AN.DAT

+ 2011-07-21 21:08 . 2010-10-18 07:00 27140 c:\windows\system32\spool\drivers\x64\3\CNMP1AN.DAT

+ 2011-07-21 21:08 . 2010-10-18 07:00 23280 c:\windows\system32\spool\drivers\x64\3\CNMP0AN.DAT

+ 2011-07-21 21:08 . 2010-10-18 12:00 28672 c:\windows\system32\spool\drivers\x64\3\CNMOPAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 89088 c:\windows\system32\spool\drivers\x64\3\CNMLHAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 10240 c:\windows\system32\spool\drivers\x64\3\CNMFUAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 14848 c:\windows\system32\spool\drivers\x64\3\CNMBU6AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 13824 c:\windows\system32\spool\drivers\x64\3\CNMBU3AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 78336 c:\windows\system32\spool\drivers\x64\3\CNMBS6AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 62464 c:\windows\system32\spool\drivers\x64\3\CNMBS3AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 15872 c:\windows\system32\spool\drivers\x64\3\CNMBM6AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 14848 c:\windows\system32\spool\drivers\x64\3\CNMBM3AN.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 18944 c:\windows\system32\spool\drivers\x64\3\CNCARAN.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 37888 c:\windows\system32\spool\drivers\x64\3\CNCADAN.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 46080 c:\windows\system32\spool\drivers\x64\3\CNCA2AN.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 78848 c:\windows\system32\spool\drivers\x64\3\CNCA1AN.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 31232 c:\windows\system32\spool\drivers\x64\3\CNCA0AN.DLL

+ 2009-07-14 05:30 . 2011-07-21 22:09 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2011-07-19 17:35 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2011-07-21 21:08 . 2010-07-14 16:55 73728 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SG_JPN.dll

+ 2011-07-21 21:08 . 2009-07-08 17:58 86016 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\rstcol.dll

+ 2011-07-21 21:08 . 2009-09-15 21:13 98304 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\MC2Plus.dll

+ 2011-07-21 21:08 . 2007-12-06 20:46 73728 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\IJFSHLIB.dll

+ 2011-07-21 21:08 . 2007-11-09 15:48 53248 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\HSL.DLL

+ 2011-07-21 21:08 . 2008-11-19 20:31 73728 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\DDT.dll

+ 2011-07-21 21:08 . 2008-08-26 01:02 17920 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNHMCA6.dll

+ 2011-07-21 21:08 . 2008-08-26 01:02 15872 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNHMCA.dll

+ 2011-07-21 21:07 . 2010-06-03 15:11 94208 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\cncisco3.dll

+ 2011-07-21 21:08 . 2010-05-18 22:54 30720 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880.DAT

+ 2011-07-21 21:08 . 2005-04-15 22:34 57344 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\BaLCo.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 27648 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxz_wcs.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 69632 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxz_coral.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 15360 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXW6.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 13824 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXW3.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 46592 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXSRJ.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 95744 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXSRES.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 79360 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXSR.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 95232 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXSMSD.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 17560 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXSE.EXE

+ 2011-07-21 22:09 . 2010-10-18 12:00 90112 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXQUEUE.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 12800 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxps.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 28672 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXOPAE.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 89088 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXLH.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 10240 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXFUS.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 16384 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXBZU6.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 14848 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXBZU3.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 78336 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXBZS6.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 62464 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXBZS3.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 18432 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXBZM6.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 16384 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXBZM3.DLL

+ 2011-07-21 22:09 . 2010-10-18 07:00 30320 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMP2.DAT

+ 2011-07-21 21:08 . 2010-10-18 12:00 13312 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMW6.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 12288 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMW3.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 57496 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMVS.EXE

+ 2011-07-21 21:08 . 2010-10-18 12:00 15872 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMVS.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 46592 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMSRJ.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 95744 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMSRES.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 79360 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMSR.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 95232 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMSMSD.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 17560 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMSE.EXE

+ 2011-07-21 21:08 . 2010-10-18 12:00 90112 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMQUEUE.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 88576 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMPP.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 29696 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMPD.DLL

+ 2011-07-21 21:08 . 2010-10-18 07:00 30320 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMP2.DAT

+ 2011-07-21 21:08 . 2010-10-18 07:00 27140 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMP1.DAT

+ 2011-07-21 21:08 . 2010-10-18 07:00 23280 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMP0.DAT

+ 2011-07-21 21:08 . 2010-10-18 12:00 28672 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMOPAE.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 89088 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMLH.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 10240 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMFUS.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 14848 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMBZU6.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 13824 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMBZU3.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 78336 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMBZS6.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 62464 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMBZS3.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 15872 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMBZM6.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 14848 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMBZM3.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 46080 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXWA.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 14336 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXURJ.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 22016 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXURES.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 18944 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXUR.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 37888 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXDR.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 78848 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXAR.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 31232 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXAD.DLL

- 2011-04-02 01:47 . 2011-07-20 19:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-02 01:47 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-07-20 19:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-21 21:08 . 2010-09-07 10:56 77312 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series\RES\DLL\IJInstJP.dll

+ 2011-07-21 22:08 . 2010-09-30 16:41 6234 c:\windows\twain_32\MX880 series\SCNDB.DAT

+ 2011-07-21 22:08 . 2010-05-18 21:38 9040 c:\windows\twain_32\MX880 series\CNC880T.DAT

+ 2011-07-21 22:08 . 2010-05-18 21:35 1888 c:\windows\twain_32\MX880 series\CNC880M.DAT

- 2011-05-27 17:38 . 2011-07-20 05:36 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-05-27 17:38 . 2011-07-21 05:34 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-07-21 21:07 . 2010-09-08 16:25 5120 c:\windows\system32\STRING\CNMNPPRCUS.DLL

+ 2011-07-21 21:07 . 2010-09-08 16:25 4096 c:\windows\system32\STRING\CNMNPPRCJP.DLL

+ 2011-07-21 21:07 . 2010-09-08 16:25 5120 c:\windows\system32\STRING\CNMNPPRCES.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 9216 c:\windows\system32\spool\drivers\x64\3\CNMXL2AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 9216 c:\windows\system32\spool\drivers\x64\3\CNML2AN.DLL

+ 2011-07-21 21:08 . 2010-09-30 16:41 6234 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SCNDB.DAT

+ 2011-07-21 21:08 . 2010-05-18 21:38 9040 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880T.DAT

+ 2011-07-21 21:08 . 2010-05-18 21:35 1888 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880M.DAT

+ 2011-07-21 22:09 . 2010-10-18 12:00 9216 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXLH2.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 9216 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMLH2.DLL

+ 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-20 19:36 . 2011-07-20 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-20 19:36 . 2011-07-20 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-21 22:08 . 2009-03-11 23:20 487424 c:\windows\twain_32\MX880 series\usip.dll

+ 2011-07-21 22:08 . 2010-10-04 16:17 241664 c:\windows\twain_32\MX880 series\TPM.dll

+ 2011-07-21 22:08 . 2009-12-24 23:56 139264 c:\windows\twain_32\MX880 series\TDGLIB.dll

+ 2011-07-21 22:08 . 2009-01-21 18:41 122880 c:\windows\twain_32\MX880 series\softfare.dll

+ 2011-07-21 22:08 . 2010-07-14 16:54 118784 c:\windows\twain_32\MX880 series\SG_ESP.dll

+ 2011-07-21 22:08 . 2010-07-14 16:54 102400 c:\windows\twain_32\MX880 series\SG_ENU.dll

+ 2011-07-21 22:08 . 2007-07-02 18:04 114688 c:\windows\twain_32\MX880 series\scrprmvl.dll

+ 2011-07-21 22:08 . 2010-01-14 17:55 118784 c:\windows\twain_32\MX880 series\SCRPRMV.DLL

+ 2011-07-21 22:08 . 2010-10-04 16:17 135168 c:\windows\twain_32\MX880 series\SCNIF.dll

+ 2011-07-21 22:08 . 2010-10-04 16:17 339968 c:\windows\twain_32\MX880 series\SCNFLW.dll

+ 2011-07-21 22:08 . 2010-10-04 16:16 212992 c:\windows\twain_32\MX880 series\SCNDB.dll

+ 2011-07-21 22:08 . 2008-01-23 23:45 454656 c:\windows\twain_32\MX880 series\RACSLIB.dll

+ 2011-07-21 22:08 . 2009-10-30 02:18 143360 c:\windows\twain_32\MX880 series\MC2.dll

+ 2011-07-21 22:08 . 2004-06-07 19:58 290816 c:\windows\twain_32\MX880 series\libBLC.dll

+ 2011-07-21 22:08 . 2008-11-07 21:20 176128 c:\windows\twain_32\MX880 series\CUBS.dll

+ 2011-07-21 22:08 . 2010-06-03 15:11 103424 c:\windows\twain_32\MX880 series\cncisco6.dll

+ 2011-07-21 22:08 . 2010-05-18 21:38 207372 c:\windows\twain_32\MX880 series\CNC880P.DAT

+ 2011-07-21 22:08 . 2005-08-24 22:51 126976 c:\windows\twain_32\MX880 series\CFine2.dll

+ 2011-07-21 22:08 . 2008-11-05 17:10 118784 c:\windows\twain_32\MX880 series\CAPS.dll

+ 2011-07-21 22:08 . 2009-11-26 18:32 118784 c:\windows\twain_32\MX880 series\AG.dll

+ 2010-09-08 16:26 . 2010-09-08 16:26 342016 c:\windows\SysWOW64\CNMNPPM.DLL

+ 2011-05-25 00:46 . 2011-07-22 04:59 190272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-07-21 22:09 . 2010-10-18 12:00 185856 c:\windows\system32\spool\drivers\x64\3\CNMXZUAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 721408 c:\windows\system32\spool\drivers\x64\3\CNMXZAAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 455680 c:\windows\system32\spool\drivers\x64\3\CNMXURAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 653824 c:\windows\system32\spool\drivers\x64\3\CNMXUBAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 889344 c:\windows\system32\spool\drivers\x64\3\CNMXSMAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 729088 c:\windows\system32\spool\drivers\x64\3\CNMXSBAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 595096 c:\windows\system32\spool\drivers\x64\3\CNMXPVAN.EXE

+ 2011-07-21 22:09 . 2010-10-18 12:00 224256 c:\windows\system32\spool\drivers\x64\3\CNMXPFAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 115200 c:\windows\system32\spool\drivers\x64\3\CNMXPBAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 215552 c:\windows\system32\spool\drivers\x64\3\CNMXLRAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 272384 c:\windows\system32\spool\drivers\x64\3\CNMXLFAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 130560 c:\windows\system32\spool\drivers\x64\3\CNMXICAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 161792 c:\windows\system32\spool\drivers\x64\3\CNMXEIAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 410112 c:\windows\system32\spool\drivers\x64\3\CNMXD5AN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 111616 c:\windows\system32\spool\drivers\x64\3\CNMXCPAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 455680 c:\windows\system32\spool\drivers\x64\3\CNMURAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 653824 c:\windows\system32\spool\drivers\x64\3\CNMUBAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 889344 c:\windows\system32\spool\drivers\x64\3\CNMSMAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 729088 c:\windows\system32\spool\drivers\x64\3\CNMSBAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 205824 c:\windows\system32\spool\drivers\x64\3\CNMPVAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 215552 c:\windows\system32\spool\drivers\x64\3\CNMLRAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 130560 c:\windows\system32\spool\drivers\x64\3\CNMICAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 161792 c:\windows\system32\spool\drivers\x64\3\CNMEIAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 733696 c:\windows\system32\spool\drivers\x64\3\CNMDRAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 407552 c:\windows\system32\spool\drivers\x64\3\CNMD5AN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 111616 c:\windows\system32\spool\drivers\x64\3\CNMCPAN.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 228352 c:\windows\system32\spool\drivers\x64\3\CNCAUAN.DLL

- 2009-07-14 02:36 . 2011-07-20 19:43 629676 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-21 19:31 629676 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-21 19:31 108648 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-07-20 19:43 108648 c:\windows\system32\perfc009.dat

- 2009-07-14 05:30 . 2011-07-19 17:35 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-07-21 22:09 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-07-19 17:35 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2011-07-21 22:09 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-07-21 21:08 . 2009-03-11 23:20 487424 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\usip.dll

+ 2011-07-21 21:08 . 2010-10-04 16:17 241664 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\TPM.dll

+ 2011-07-21 21:08 . 2009-12-24 23:56 139264 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\TDGLIB.dll

+ 2011-07-21 21:08 . 2009-01-21 18:41 122880 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\softfare.dll

+ 2011-07-21 21:08 . 2010-07-14 16:54 118784 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SG_ESP.dll

+ 2011-07-21 21:08 . 2010-07-14 16:54 102400 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SG_ENU.dll

+ 2011-07-21 21:08 . 2007-07-02 18:04 114688 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\scrprmvl.dll

+ 2011-07-21 21:08 . 2010-01-14 17:55 118784 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SCRPRMV.DLL

+ 2011-07-21 21:08 . 2010-10-04 16:17 135168 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SCNIF.dll

+ 2011-07-21 21:08 . 2010-10-04 16:17 339968 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SCNFLW.dll

+ 2011-07-21 21:08 . 2010-10-04 16:16 212992 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SCNDB.dll

+ 2011-07-21 21:08 . 2008-01-23 23:45 454656 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\RACSLIB.dll

+ 2011-07-21 21:08 . 2009-10-30 02:18 143360 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\MC2.dll

+ 2011-07-21 21:08 . 2004-06-07 19:58 290816 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\libBLC.dll

+ 2011-07-21 21:08 . 2008-11-07 21:20 176128 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CUBS.dll

+ 2011-07-21 21:07 . 2010-06-03 15:11 103424 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\cncisco6.dll

+ 2011-07-21 21:08 . 2010-09-13 21:44 106496 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880U.dll

+ 2011-07-21 21:08 . 2010-05-18 21:38 207372 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880P.DAT

+ 2011-07-21 21:08 . 2010-09-07 00:04 367104 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880L6.dll

+ 2011-07-21 21:08 . 2010-09-07 00:03 315392 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880L.dll

+ 2011-07-21 21:08 . 2010-09-13 21:43 112128 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880I6.dll

+ 2011-07-21 21:08 . 2005-08-24 22:51 126976 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CFine2.dll

+ 2011-07-21 21:08 . 2008-11-05 17:10 118784 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CAPS.dll

+ 2011-07-21 21:08 . 2009-11-26 18:32 118784 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\AG.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 224256 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\PreviewFilter.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 272384 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\LayoutFilter.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 185856 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxz_udil.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 721408 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxz_aqua.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 324608 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXURJ.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 518144 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXURES.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 455680 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXUR.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 889344 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXSTMN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 161792 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXSMOPT.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 595096 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxpv.exe

+ 2011-07-21 22:09 . 2010-10-18 12:00 130560 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXPIC04.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 115200 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxpb.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 729088 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXP_383.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 119296 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXLRJ.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 260608 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXLRES.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 215552 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXLR.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 374784 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXLMON2.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 410112 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXDUMP5.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 653824 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXBR383.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 111616 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMX_0383.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 324608 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMURJ.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 518144 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMURES.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 455680 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMUR.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 889344 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMSTMN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 161792 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMSMOPT.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 205824 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMPV.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 130560 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMPIC04.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 729088 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMP_383.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 119296 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMLRJ.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 260608 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMLRES.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 215552 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMLR.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 374784 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMLMON2.DLL

+ 2011-07-21 21:07 . 2010-09-07 10:58 248320 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMIU6.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 407552 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMDUMP5.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 733696 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMDRV.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 653824 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMBR383.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 111616 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNM_0383.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 228352 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXUI.DLL

+ 2011-07-21 21:08 . 2010-10-19 12:00 302080 c:\windows\system32\DriverStore\FileRepository\mx880f6.inf_amd64_neutral_cd15c1e9a5e3c54b\FXLM.DLL

+ 2011-07-21 21:08 . 2010-09-07 10:56 105472 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series\RES\DLL\IJInstUS.dll

+ 2011-07-21 21:08 . 2010-08-23 17:07 120320 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series\RES\DLL\IJInstES.dll

+ 2011-07-21 21:08 . 2010-09-07 11:30 678816 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series\DelDrv64.exe

+ 2011-07-21 22:08 . 2008-12-26 17:56 1168896 c:\windows\twain_32\MX880 series\SGCFLTR6.dll

+ 2011-07-21 22:08 . 2008-12-26 17:57 1159168 c:\windows\twain_32\MX880 series\SGCFLTR.dll

+ 2011-07-21 22:08 . 2010-10-04 16:18 1253376 c:\windows\twain_32\MX880 series\SG_IMG.dll

+ 2011-07-21 22:08 . 2010-10-04 16:20 1093632 c:\windows\twain_32\MX880 series\SCNUI.dll

+ 2011-07-21 22:08 . 2010-04-06 01:17 1355776 c:\windows\twain_32\MX880 series\IB.dll

+ 2011-07-21 22:08 . 2010-05-18 22:52 2102320 c:\windows\twain_32\MX880 series\CNC880R.DAT

+ 2011-07-21 22:09 . 2010-10-18 12:00 2213376 c:\windows\system32\spool\drivers\x64\3\CNMXZXAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 2457088 c:\windows\system32\spool\drivers\x64\3\CNMXZNAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 6329856 c:\windows\system32\spool\drivers\x64\3\CNMXZLAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 3454976 c:\windows\system32\spool\drivers\x64\3\CNMXUIAN.DLL

+ 2011-07-21 22:09 . 2010-10-18 07:00 1124720 c:\windows\system32\spool\drivers\x64\3\CNMXJPAN.DAT

+ 2011-07-21 22:09 . 2010-10-18 12:00 2308608 c:\windows\system32\spool\drivers\x64\3\CNMXCBAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 3476480 c:\windows\system32\spool\drivers\x64\3\CNMUIAN.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 2308608 c:\windows\system32\spool\drivers\x64\3\CNMCBAN.DLL

+ 2011-07-21 21:08 . 2008-12-26 17:56 1168896 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SGCFLTR6.dll

+ 2011-07-21 21:08 . 2008-12-26 17:57 1159168 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SGCFLTR.dll

+ 2011-07-21 21:08 . 2010-10-04 16:18 1253376 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SG_IMG.dll

+ 2011-07-21 21:08 . 2010-10-04 16:20 1093632 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\SCNUI.dll

+ 2011-07-21 21:08 . 2010-04-06 01:17 1355776 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\IB.dll

+ 2011-07-21 21:08 . 2010-05-18 22:52 2102320 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880R.DAT

+ 2011-07-21 21:08 . 2010-09-13 21:43 1368064 c:\windows\system32\DriverStore\FileRepository\mx880sc.inf_amd64_neutral_76d6408e5013aad4\CNC880C6.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 2213376 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxz_xitp.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 2457088 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxz_navy.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 6329856 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\cnmxz_lbor.dll

+ 2011-07-21 22:09 . 2010-10-18 12:00 3454976 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXUI.DLL

+ 2011-07-21 22:09 . 2010-10-18 12:00 2308608 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNMXPCOM2.DLL

+ 2011-07-21 22:09 . 2010-10-18 07:00 1124720 c:\windows\system32\DriverStore\FileRepository\mx880p6xps.inf_amd64_neutral_9c797db55b023808\CNBJPRNB.DAT

+ 2011-07-21 21:08 . 2010-10-18 12:00 3476480 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMUI.DLL

+ 2011-07-21 21:08 . 2010-10-18 12:00 2308608 c:\windows\system32\DriverStore\FileRepository\mx880p6.inf_amd64_neutral_9ee1e6330f978d4e\CNMPCOM2.DLL

+ 2009-07-14 04:45 . 2011-07-21 19:31 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2011-07-19 17:39 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2011-05-24 23:56 . 2011-07-20 19:36 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-05-24 23:56 . 2011-07-21 19:25 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-07-21 18:08 . 2011-07-21 18:08 1402880 c:\windows\Installer\48db1.msi

+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\107470e.msi

+ 2011-05-27 23:22 . 2011-05-27 23:22 1220672 c:\windows\Downloaded Program Files\qsax.dll

- 2009-07-14 02:34 . 2011-07-19 17:35 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-07-21 19:25 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-19 26017576]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-28 585728]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2EF.tmp [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 86646952

*NewlyCreated* - 89896917

*Deregistered* - 86646952

*Deregistered* - 89896917

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

FF - ProfilePath - c:\users\Alex Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\a2pod0kl.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e25bf11&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\2EF.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-21 22:24:04

ComboFix-quarantined-files.txt 2011-07-22 05:23

ComboFix2.txt 2011-07-20 23:58

ComboFix3.txt 2011-07-20 22:25

.

Pre-Run: 241,056,157,696 bytes free

Post-Run: 240,987,746,304 bytes free

.

- - End Of File - - FA6FAD2800B95B770229E2A41D622476

Link to post
Share on other sites

Its funny, but whenever I see traffic happening out from my Vaio, with these browser re-directs, the same sketchers show up again and again..

Namedrive LLC

Oversee.net

Parked.com

Its funny because all of these guys profit from.... PPC... directly or indirectly. Seem a little too convenient?

Link to post
Share on other sites

Its funny, but whenever I see traffic happening out from my Vaio, with these browser re-directs, the same sketchers show up again and again..

Namedrive LLC

Oversee.net

Parked.com

Its funny because all of these guys profit from.... PPC... directly or indirectly. Seem a little too convenient?

Oh and BODIS LLC too..

Link to post
Share on other sites

Yes, they make huge profits from this "Stuff".

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\2EF.tmp
c:\windows\system32\25BA.tmp
c:\windows\system32\F97C.tmp
c:\windows\system32\5DB9.tmp

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks LDTate.

Things I have noticed this time:

1) During the CF run, Sony Vaio Communicator (whatever that is, never used it) window pops up and says there is some crash. Computer was untouched and running CF.

2) Vaio shuts down.

3) Restarting Vaio leads to CF screen relaunching, and preparing log files.

4) Window pops up saying Malwarebytes Startup failure error code 2. Malwarebytes is disabled. I close this window.

5) CF window clears, and then says that it wants to upload malware files to server.

6) CF finishes and outputs log (printed below).

7) Running a test with Firefox shows redirects still occurring.

Log files as below:

ComboFix 11-07-22.02 - Alex Lawrence 07/22/2011 9:46.6.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2640 [GMT -7:00]

Running from: c:\users\Alex Lawrence\Desktop\ComboFix.exe

Command switches used :: c:\users\Alex Lawrence\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\25BA.tmp"

"c:\windows\system32\2EF.tmp"

"c:\windows\system32\5DB9.tmp"

"c:\windows\system32\F97C.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\25BA.tmp

c:\windows\system32\2EF.tmp

c:\windows\system32\5DB9.tmp

c:\windows\system32\F97C.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))

.

.

2011-07-22 17:18 . 2011-07-22 17:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-22 17:18 . 2011-07-22 17:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-07-22 17:18 . 2011-07-22 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-22 17:18 . 2011-07-22 17:18 -------- d-----w- c:\users\boinc_master\AppData\Local\temp

2011-07-22 17:09 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12DAE92A-F0CC-42C7-95EE-C77C95A2B431}\mpengine.dll

2011-07-22 06:04 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\F7B3.tmp

2011-07-22 06:03 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\B565.tmp

2011-07-22 03:28 . 2011-07-22 03:28 -------- d--h--w- c:\programdata\CanonIJEGV

2011-07-22 03:27 . 2011-07-22 03:27 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Adobe

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonEPP

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJMyPrinter

2011-07-21 22:09 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMXLMAN.DLL

2011-07-21 22:09 . 2011-07-22 06:32 -------- d-----w- c:\programdata\CanonIJPLM

2011-07-21 22:08 . 2011-07-21 22:08 -------- d-----w- c:\programdata\Canon IJ Network Tool

2011-07-21 22:08 . 2010-09-13 21:44 106496 ----a-w- c:\windows\SysWow64\CNC880U.dll

2011-07-21 22:08 . 2010-09-07 00:03 315392 ----a-w- c:\windows\SysWow64\CNC880L.dll

2011-07-21 22:08 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2011-07-21 22:08 . 2011-07-21 22:08 -------- d--h--w- c:\programdata\CanonIJFAX

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\program files\Common Files\CANON

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\programdata\CanonIJWSpt

2011-07-21 21:09 . 2011-07-21 21:09 -------- d-----w- c:\program files\Canon

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\programdata\CanonBJ

2011-07-21 21:08 . 2010-10-18 12:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL

2011-07-21 21:08 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-07-21 21:08 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMLMAN.DLL

2011-07-21 21:08 . 2010-10-19 12:00 302080 ----a-w- c:\windows\system32\CNCALAN.DLL

2011-07-21 21:07 . 2010-09-07 10:58 248320 ----a-w- c:\windows\system32\CNMIUAN.DLL

2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\windows\system32\STRING

2011-07-21 21:07 . 2010-09-08 16:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL

2011-07-21 21:07 . 2010-09-08 16:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2011-07-21 21:05 . 2011-07-21 22:10 -------- d-----w- c:\program files (x86)\Canon

2011-07-21 18:14 . 2011-07-21 18:14 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Malwarebytes

2011-07-21 18:14 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-21 18:13 . 2011-07-21 18:13 -------- d-----w- c:\programdata\Malwarebytes

2011-07-21 18:13 . 2011-07-21 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-21 18:11 . 2011-07-21 18:11 388096 ----a-r- c:\users\Alex Lawrence\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-21 18:11 . 2011-07-21 18:11 -------- d-----w- c:\program files (x86)\Hijackthisar5ehole

2011-07-21 03:17 . 2011-07-21 03:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-07-21 03:03 . 2011-07-21 03:03 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\QuickScan

2011-07-19 23:52 . 2011-07-19 23:52 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Diagnostics

2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\program files (x86)\Sophos

2011-07-19 17:34 . 2011-07-19 17:34 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\AVG10

2011-07-19 17:31 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-19 17:31 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-19 17:31 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-19 17:31 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-19 17:31 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-19 17:31 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-19 17:31 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-19 17:31 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-19 17:31 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-19 17:31 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-19 17:30 . 2011-07-19 17:30 -------- d-----w- c:\programdata\Common Files

2011-07-19 17:29 . 2011-07-20 14:54 -------- d-----w- c:\programdata\AVG10

2011-07-19 17:28 . 2011-07-19 17:28 -------- d-----w- c:\program files (x86)\AVG

2011-07-19 17:24 . 2011-07-19 21:25 -------- d-----w- c:\programdata\MFAData

2011-07-19 15:33 . 2011-07-19 15:33 -------- d-----w- C:\temp

2011-07-19 00:10 . 2011-07-19 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Trend Micro

2011-07-19 00:00 . 2011-07-19 17:19 -------- d-----w- c:\programdata\Trend Micro

2011-07-19 00:00 . 2011-07-19 00:02 -------- d-----w- c:\program files\Trend Micro

2011-07-15 22:16 . 2011-07-19 17:02 -------- d-----w- C:\dell

2011-07-08 21:33 . 2011-07-19 18:02 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-07-08 19:12 . 2011-07-08 19:12 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Fallout3

2011-07-08 19:06 . 2011-07-19 18:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2011-07-08 19:05 . 2011-07-19 18:18 -------- d-----w- c:\windows\SysWow64\xlive

2011-07-08 19:04 . 2005-04-04 06:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-07-08 19:04 . 2005-04-04 06:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-07-08 19:04 . 2005-04-04 06:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-07-08 19:04 . 2011-07-08 19:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-07-08 19:04 . 2011-07-08 19:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-07-08 19:04 . 2005-04-04 06:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-07-08 19:04 . 2005-04-04 06:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-07-08 19:04 . 2005-04-04 05:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-07-08 18:49 . 2011-07-19 18:17 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2011-07-08 18:49 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-07-08 18:31 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-07-08 18:27 . 2011-07-11 18:22 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\DAEMON Tools Lite

2011-07-08 18:27 . 2011-07-08 18:27 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-07 19:39 . 2011-07-07 19:39 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Outlook

2011-07-06 19:58 . 2011-07-06 19:58 0 ----a-w- c:\program files (x86)\7-Zip.exe

2011-07-06 18:12 . 2011-07-19 18:06 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Microsoft Games

2011-07-06 17:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-05 21:10 . 2011-07-05 21:09 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC806606-79CC-4DBA-8299-E40A431F5374}\gapaengine.dll

2011-07-05 21:08 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-07-05 21:08 . 2011-07-19 18:17 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-05 15:13 . 2011-06-20 15:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74761368-E038-4E3D-B3B0-84E4255E9EAD}\mpengine.dll

2011-06-22 23:07 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-16 03:25 . 2011-06-01 16:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-19 17:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-27 17:27 . 2011-05-27 17:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 448512 ----a-w- c:\windows\system32\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-27 17:27 . 2011-05-27 17:27 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-27 16:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-27 16:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-21 06:01 . 2011-06-16 00:23 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-05-21 06:01 . 2011-06-16 00:23 326760 ----a-w- c:\windows\system32\nvhotkey.dll

2011-05-21 06:01 . 2011-06-16 00:22 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll

2011-05-21 06:01 . 2011-06-16 00:22 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll

2011-05-21 06:01 . 2010-07-19 02:36 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-05-10 09:41 . 2011-06-16 00:23 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll

2011-05-03 05:29 . 2011-06-16 09:43 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-16 09:43 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-16 09:43 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-16 09:43 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-16 09:43 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 22:25 . 2011-04-27 22:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2011-04-27 02:40 . 2011-06-16 09:43 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-16 09:43 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-16 09:43 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-25 05:33 . 2011-06-16 09:43 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:34 . 2011-06-16 09:43 499200 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-07-22_05.05.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-12 03:18 . 2011-07-22 15:14 58470 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-07-22 16:29 40612 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-24 23:15 . 2011-07-22 16:29 10188 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1834004198-3942806062-3000046163-1005_UserData.bin

- 2011-05-27 17:38 . 2011-07-21 05:34 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-05-27 17:38 . 2011-07-22 06:32 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-22 17:20 . 2011-07-22 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-22 17:20 . 2011-07-22 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-18 18:29 . 2009-08-18 18:29 195456 c:\windows\SysWOW64\LIVESSP.DLL

+ 2011-05-25 00:46 . 2011-07-22 06:23 202990 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2011-07-22 17:24 629676 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-07-21 19:31 629676 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-22 17:24 108648 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-07-21 19:31 108648 c:\windows\system32\perfc009.dat

+ 2009-08-18 19:48 . 2009-08-18 19:48 243056 c:\windows\system32\LIVESSP.DLL

+ 2011-05-24 23:56 . 2011-07-22 06:32 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-05-24 23:56 . 2011-07-21 19:25 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-10-06 07:07 . 2010-10-06 07:07 6575616 c:\windows\Installer\42a7d.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-19 26017576]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-28 585728]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F7B3.tmp [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

FF - ProfilePath - c:\users\Alex Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\a2pod0kl.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e25bf11&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\F7B3.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files\Sony\VAIO Care\listener.exe

c:\windows\SysWOW64\RunDll32.exe

c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe

.

**************************************************************************

.

Completion time: 2011-07-22 10:53:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-22 17:53

ComboFix2.txt 2011-07-22 05:24

ComboFix3.txt 2011-07-20 23:58

ComboFix4.txt 2011-07-20 22:25

.

Pre-Run: 240,822,398,976 bytes free

Post-Run: 240,397,119,488 bytes free

.

- - End Of File - - B74F7008A6989F3E93C7A3A0BCBEB16A

Link to post
Share on other sites

As you can see we have 2 new temp fils.

2011-07-22 06:04 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\F7B3.tmp

2011-07-22 06:03 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\B565.tmp

Take your time here and be careful

Open c:\windows\system32\

Delete all .tmp files <--ONLY .tmp files

Link to post
Share on other sites

Thanks LDTate,

I am wireless over to a Ubee (brand) Cable router.

I searched for all .tmp files in System32 and there were no others other than the two you mentioned.

They were deleted (using the recycle bin/trash).

Should I run CF again?

I notice that no other tools out on the internet pick up anything wrong - Sophos, Kaspersky, the main players, you name it.

Please let me know what my next step is.

Many thanks

As you can see we have 2 new temp fils.

2011-07-22 06:04 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\F7B3.tmp

2011-07-22 06:03 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\B565.tmp

Take your time here and be careful

Open c:\windows\system32\

Delete all .tmp files <--ONLY .tmp files

Link to post
Share on other sites

Thanks, pasted as requested. CF requested to update itself, and I did so.

ComboFix 11-07-23.03 - Alex Lawrence 07/23/2011 10:11:38.9.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2574 [GMT -7:00]

Running from: c:\users\Alex Lawrence\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

.

.

2011-07-23 17:42 . 2011-07-23 17:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-23 17:42 . 2011-07-23 17:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-07-23 17:42 . 2011-07-23 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-23 17:42 . 2011-07-23 17:42 -------- d-----w- c:\users\boinc_master\AppData\Local\temp

2011-07-22 20:39 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{654EC554-912E-4A82-9E41-8A0720DAC703}\mpengine.dll

2011-07-22 03:28 . 2011-07-22 03:28 -------- d--h--w- c:\programdata\CanonIJEGV

2011-07-22 03:27 . 2011-07-22 03:27 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Adobe

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonEPP

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJMyPrinter

2011-07-21 22:09 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMXLMAN.DLL

2011-07-21 22:09 . 2011-07-22 06:32 -------- d-----w- c:\programdata\CanonIJPLM

2011-07-21 22:08 . 2011-07-21 22:08 -------- d-----w- c:\programdata\Canon IJ Network Tool

2011-07-21 22:08 . 2010-09-13 21:44 106496 ----a-w- c:\windows\SysWow64\CNC880U.dll

2011-07-21 22:08 . 2010-09-07 00:03 315392 ----a-w- c:\windows\SysWow64\CNC880L.dll

2011-07-21 22:08 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2011-07-21 22:08 . 2011-07-21 22:08 -------- d--h--w- c:\programdata\CanonIJFAX

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\program files\Common Files\CANON

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\programdata\CanonIJWSpt

2011-07-21 21:09 . 2011-07-21 21:09 -------- d-----w- c:\program files\Canon

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\programdata\CanonBJ

2011-07-21 21:08 . 2010-10-18 12:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL

2011-07-21 21:08 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-07-21 21:08 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMLMAN.DLL

2011-07-21 21:08 . 2010-10-19 12:00 302080 ----a-w- c:\windows\system32\CNCALAN.DLL

2011-07-21 21:07 . 2010-09-07 10:58 248320 ----a-w- c:\windows\system32\CNMIUAN.DLL

2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\windows\system32\STRING

2011-07-21 21:07 . 2010-09-08 16:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL

2011-07-21 21:07 . 2010-09-08 16:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2011-07-21 21:05 . 2011-07-21 22:10 -------- d-----w- c:\program files (x86)\Canon

2011-07-21 18:14 . 2011-07-21 18:14 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Malwarebytes

2011-07-21 18:14 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-21 18:13 . 2011-07-21 18:13 -------- d-----w- c:\programdata\Malwarebytes

2011-07-21 18:13 . 2011-07-21 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-21 18:11 . 2011-07-21 18:11 388096 ----a-r- c:\users\Alex Lawrence\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-21 18:11 . 2011-07-21 18:11 -------- d-----w- c:\program files (x86)\Hijackthisar5ehole

2011-07-21 03:17 . 2011-07-21 03:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-07-21 03:03 . 2011-07-21 03:03 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\QuickScan

2011-07-19 23:52 . 2011-07-19 23:52 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Diagnostics

2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\program files (x86)\Sophos

2011-07-19 17:34 . 2011-07-19 17:34 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\AVG10

2011-07-19 17:31 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-19 17:31 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-19 17:31 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-19 17:31 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-19 17:31 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-19 17:31 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-19 17:31 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-19 17:31 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-19 17:31 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-19 17:31 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-19 17:30 . 2011-07-19 17:30 -------- d-----w- c:\programdata\Common Files

2011-07-19 17:29 . 2011-07-20 14:54 -------- d-----w- c:\programdata\AVG10

2011-07-19 17:28 . 2011-07-19 17:28 -------- d-----w- c:\program files (x86)\AVG

2011-07-19 17:24 . 2011-07-19 21:25 -------- d-----w- c:\programdata\MFAData

2011-07-19 15:33 . 2011-07-19 15:33 -------- d-----w- C:\temp

2011-07-19 00:10 . 2011-07-19 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Trend Micro

2011-07-19 00:00 . 2011-07-19 17:19 -------- d-----w- c:\programdata\Trend Micro

2011-07-19 00:00 . 2011-07-19 00:02 -------- d-----w- c:\program files\Trend Micro

2011-07-15 22:16 . 2011-07-19 17:02 -------- d-----w- C:\dell

2011-07-08 21:33 . 2011-07-19 18:02 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-07-08 19:12 . 2011-07-08 19:12 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Fallout3

2011-07-08 19:06 . 2011-07-19 18:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2011-07-08 19:05 . 2011-07-19 18:18 -------- d-----w- c:\windows\SysWow64\xlive

2011-07-08 19:04 . 2005-04-04 06:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-07-08 19:04 . 2005-04-04 06:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-07-08 19:04 . 2005-04-04 06:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-07-08 19:04 . 2011-07-08 19:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-07-08 19:04 . 2011-07-08 19:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-07-08 19:04 . 2005-04-04 06:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-07-08 19:04 . 2005-04-04 06:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-07-08 19:04 . 2005-04-04 05:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-07-08 18:49 . 2011-07-19 18:17 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2011-07-08 18:49 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-07-08 18:31 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-07-08 18:27 . 2011-07-11 18:22 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\DAEMON Tools Lite

2011-07-08 18:27 . 2011-07-08 18:27 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-07 19:39 . 2011-07-07 19:39 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Outlook

2011-07-06 19:58 . 2011-07-06 19:58 0 ----a-w- c:\program files (x86)\7-Zip.exe

2011-07-06 18:12 . 2011-07-19 18:06 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Microsoft Games

2011-07-06 17:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-05 21:10 . 2011-07-05 21:09 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC806606-79CC-4DBA-8299-E40A431F5374}\gapaengine.dll

2011-07-05 21:08 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-07-05 21:08 . 2011-07-19 18:17 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-05 15:13 . 2011-06-20 15:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74761368-E038-4E3D-B3B0-84E4255E9EAD}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-16 03:25 . 2011-06-01 16:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-19 17:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-27 17:27 . 2011-05-27 17:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 448512 ----a-w- c:\windows\system32\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-27 17:27 . 2011-05-27 17:27 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-27 16:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-27 16:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-21 06:01 . 2011-06-16 00:23 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-05-21 06:01 . 2011-06-16 00:23 326760 ----a-w- c:\windows\system32\nvhotkey.dll

2011-05-21 06:01 . 2011-06-16 00:22 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll

2011-05-21 06:01 . 2011-06-16 00:22 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll

2011-05-21 06:01 . 2010-07-19 02:36 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-05-10 09:41 . 2011-06-16 00:23 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll

2011-05-03 05:29 . 2011-06-16 09:43 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-16 09:43 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-16 09:43 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-16 09:43 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-16 09:43 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 22:25 . 2011-04-27 22:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2011-04-27 02:40 . 2011-06-16 09:43 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-16 09:43 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-16 09:43 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-25 05:33 . 2011-06-16 09:43 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:34 . 2011-06-16 09:43 499200 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-07-22_05.05.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-25 00:46 . 2011-07-23 10:46 78686 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-01-12 03:18 . 2011-07-22 23:38 59298 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-07-23 17:00 40780 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-24 23:15 . 2011-07-23 17:00 10562 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1834004198-3942806062-3000046163-1005_UserData.bin

- 2011-04-02 01:47 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-02 01:47 . 2011-07-22 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-07-22 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-27 17:38 . 2011-07-22 06:32 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-05-27 17:38 . 2011-07-21 05:34 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-22 23:36 . 2011-07-23 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-22 23:36 . 2011-07-23 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-18 18:29 . 2009-08-18 18:29 195456 c:\windows\SysWOW64\LIVESSP.DLL

- 2009-07-14 02:36 . 2011-07-21 19:31 629676 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-23 17:03 629676 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-07-21 19:31 108648 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-07-23 17:03 108648 c:\windows\system32\perfc009.dat

+ 2009-08-18 19:48 . 2009-08-18 19:48 243056 c:\windows\system32\LIVESSP.DLL

- 2011-05-24 23:56 . 2011-07-21 19:25 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-05-24 23:56 . 2011-07-22 21:28 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-10-06 07:07 . 2010-10-06 07:07 6575616 c:\windows\Installer\42a7d.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-19 26017576]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-28 585728]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F7B3.tmp [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

FF - ProfilePath - c:\users\Alex Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\a2pod0kl.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e25bf11&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\F7B3.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-23 11:00:52

ComboFix-quarantined-files.txt 2011-07-23 18:00

ComboFix2.txt 2011-07-23 07:46

ComboFix3.txt 2011-07-23 01:31

ComboFix4.txt 2011-07-22 17:53

ComboFix5.txt 2011-07-23 17:06

.

Pre-Run: 240,454,021,120 bytes free

Post-Run: 240,397,012,992 bytes free

.

- - End Of File - - AA383A2A9F87DA32EC0E5DA8AC17E876

Link to post
Share on other sites

If the Java update doesn't solve the redirects will try resetting the router.

javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 26 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 26 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

Link to post
Share on other sites

Done, all steps as you requested.

I ran CF and report is as below - it did not state it was removing anything.

ComboFix 11-07-24.03 - Alex Lawrence 07/24/2011 22:20:15.13.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2599 [GMT -7:00]

Running from: c:\users\Alex Lawrence\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\msvcr100.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))

.

.

2011-07-25 05:50 . 2011-07-25 05:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-25 05:50 . 2011-07-25 05:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-07-25 05:50 . 2011-07-25 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-25 05:50 . 2011-07-25 05:50 -------- d-----w- c:\users\boinc_master\AppData\Local\temp

2011-07-25 04:51 . 2011-07-25 04:51 -------- d-----w- c:\program files\Java

2011-07-24 05:13 . 2011-07-24 05:13 -------- d-----w- c:\program files (x86)\ESET

2011-07-24 05:04 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3B85633-5EE0-4677-82CF-B9DA692269B4}\mpengine.dll

2011-07-22 03:28 . 2011-07-22 03:28 -------- d--h--w- c:\programdata\CanonIJEGV

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonEPP

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJMyPrinter

2011-07-21 22:09 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMXLMAN.DLL

2011-07-21 22:09 . 2011-07-22 06:32 -------- d-----w- c:\programdata\CanonIJPLM

2011-07-21 22:08 . 2011-07-21 22:08 -------- d-----w- c:\programdata\Canon IJ Network Tool

2011-07-21 22:08 . 2010-09-13 21:44 106496 ----a-w- c:\windows\SysWow64\CNC880U.dll

2011-07-21 22:08 . 2010-09-07 00:03 315392 ----a-w- c:\windows\SysWow64\CNC880L.dll

2011-07-21 22:08 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2011-07-21 22:08 . 2011-07-21 22:08 -------- d--h--w- c:\programdata\CanonIJFAX

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\program files\Common Files\CANON

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\programdata\CanonIJWSpt

2011-07-21 21:09 . 2011-07-21 21:09 -------- d-----w- c:\program files\Canon

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\programdata\CanonBJ

2011-07-21 21:08 . 2010-10-18 12:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL

2011-07-21 21:08 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-07-21 21:08 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMLMAN.DLL

2011-07-21 21:08 . 2010-10-19 12:00 302080 ----a-w- c:\windows\system32\CNCALAN.DLL

2011-07-21 21:07 . 2010-09-07 10:58 248320 ----a-w- c:\windows\system32\CNMIUAN.DLL

2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\windows\system32\STRING

2011-07-21 21:07 . 2010-09-08 16:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL

2011-07-21 21:07 . 2010-09-08 16:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2011-07-21 21:05 . 2011-07-21 22:10 -------- d-----w- c:\program files (x86)\Canon

2011-07-21 18:14 . 2011-07-21 18:14 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Malwarebytes

2011-07-21 18:14 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-21 18:13 . 2011-07-21 18:13 -------- d-----w- c:\programdata\Malwarebytes

2011-07-21 18:13 . 2011-07-21 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-21 18:11 . 2011-07-21 18:11 388096 ----a-r- c:\users\Alex Lawrence\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-21 18:11 . 2011-07-21 18:11 -------- d-----w- c:\program files (x86)\Hijackthisar5ehole

2011-07-21 03:17 . 2011-07-21 03:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-07-21 03:03 . 2011-07-21 03:03 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\QuickScan

2011-07-19 23:52 . 2011-07-19 23:52 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Diagnostics

2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\program files (x86)\Sophos

2011-07-19 17:34 . 2011-07-19 17:34 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\AVG10

2011-07-19 17:31 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-19 17:31 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-19 17:31 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-19 17:31 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-19 17:31 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-19 17:31 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-19 17:31 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-19 17:31 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-19 17:31 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-19 17:31 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-19 17:30 . 2011-07-19 17:30 -------- d-----w- c:\programdata\Common Files

2011-07-19 17:29 . 2011-07-20 14:54 -------- d-----w- c:\programdata\AVG10

2011-07-19 17:28 . 2011-07-19 17:28 -------- d-----w- c:\program files (x86)\AVG

2011-07-19 17:24 . 2011-07-19 21:25 -------- d-----w- c:\programdata\MFAData

2011-07-19 15:33 . 2011-07-19 15:33 -------- d-----w- C:\temp

2011-07-19 00:10 . 2011-07-19 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Trend Micro

2011-07-19 00:00 . 2011-07-19 17:19 -------- d-----w- c:\programdata\Trend Micro

2011-07-19 00:00 . 2011-07-19 00:02 -------- d-----w- c:\program files\Trend Micro

2011-07-15 22:16 . 2011-07-19 17:02 -------- d-----w- C:\dell

2011-07-08 21:33 . 2011-07-19 18:02 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-07-08 19:12 . 2011-07-08 19:12 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Fallout3

2011-07-08 19:06 . 2011-07-19 18:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2011-07-08 19:05 . 2011-07-19 18:18 -------- d-----w- c:\windows\SysWow64\xlive

2011-07-08 19:04 . 2005-04-04 06:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-07-08 19:04 . 2005-04-04 06:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-07-08 19:04 . 2005-04-04 06:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-07-08 19:04 . 2011-07-08 19:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-07-08 19:04 . 2011-07-08 19:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-07-08 19:04 . 2005-04-04 06:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-07-08 19:04 . 2005-04-04 06:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-07-08 19:04 . 2005-04-04 05:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-07-08 18:49 . 2011-07-19 18:17 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2011-07-08 18:49 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-07-08 18:31 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-07-08 18:27 . 2011-07-11 18:22 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\DAEMON Tools Lite

2011-07-08 18:27 . 2011-07-08 18:27 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-07 19:39 . 2011-07-07 19:39 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\Outlook

2011-07-06 19:58 . 2011-07-06 19:58 0 ----a-w- c:\program files (x86)\7-Zip.exe

2011-07-06 18:12 . 2011-07-19 18:06 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Microsoft Games

2011-07-06 17:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-05 21:10 . 2011-07-05 21:09 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC806606-79CC-4DBA-8299-E40A431F5374}\gapaengine.dll

2011-07-05 21:08 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-07-05 21:08 . 2011-07-19 18:17 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-05 15:13 . 2011-06-20 15:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74761368-E038-4E3D-B3B0-84E4255E9EAD}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-25 04:51 . 2011-01-18 02:30 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-16 03:25 . 2011-06-01 16:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-19 17:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-27 17:27 . 2011-05-27 17:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 448512 ----a-w- c:\windows\system32\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-27 17:27 . 2011-05-27 17:27 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-27 16:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-27 16:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-21 06:01 . 2011-06-16 00:23 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-05-21 06:01 . 2011-06-16 00:23 326760 ----a-w- c:\windows\system32\nvhotkey.dll

2011-05-21 06:01 . 2011-06-16 00:22 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll

2011-05-21 06:01 . 2011-06-16 00:22 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll

2011-05-21 06:01 . 2010-07-19 02:36 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-05-10 09:41 . 2011-06-16 00:23 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll

2011-05-03 05:29 . 2011-06-16 09:43 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-16 09:43 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-16 09:43 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-16 09:43 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-16 09:43 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 22:25 . 2011-04-27 22:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2011-04-27 02:40 . 2011-06-16 09:43 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-16 09:43 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-16 09:43 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-07-22_05.05.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-12 03:18 . 2011-07-25 04:48 59442 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-07-25 04:48 41232 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-24 23:15 . 2011-07-25 04:48 10678 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1834004198-3942806062-3000046163-1005_UserData.bin

- 2011-04-02 01:47 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-02 01:47 . 2011-07-24 17:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-07-24 17:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-27 17:38 . 2011-07-22 06:32 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-05-27 17:38 . 2011-07-21 05:34 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-07-25 04:45 . 2011-07-25 04:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-25 04:45 . 2011-07-25 04:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-18 18:29 . 2009-08-18 18:29 195456 c:\windows\SysWOW64\LIVESSP.DLL

+ 2011-05-25 00:46 . 2011-07-24 10:15 103186 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2011-07-25 04:49 629676 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-07-21 19:31 629676 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-25 04:49 108648 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-07-21 19:31 108648 c:\windows\system32\perfc009.dat

+ 2009-08-18 19:48 . 2009-08-18 19:48 243056 c:\windows\system32\LIVESSP.DLL

+ 2011-07-25 04:51 . 2011-07-25 04:51 190752 c:\windows\system32\javaws.exe

+ 2011-07-25 04:51 . 2011-07-25 04:51 171808 c:\windows\system32\javaw.exe

+ 2011-07-25 04:51 . 2011-07-25 04:51 171808 c:\windows\system32\java.exe

+ 2011-07-25 04:50 . 2011-07-25 04:50 683520 c:\windows\Installer\5ec25.msi

- 2011-05-24 23:56 . 2011-07-21 19:25 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-05-24 23:56 . 2011-07-24 18:12 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-10-06 07:07 . 2010-10-06 07:07 6575616 c:\windows\Installer\42a7d.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-19 26017576]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-28 585728]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F7B3.tmp [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

FF - ProfilePath - c:\users\Alex Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\a2pod0kl.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e25bf11&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\F7B3.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-24 23:09:32

ComboFix-quarantined-files.txt 2011-07-25 06:09

ComboFix2.txt 2011-07-24 08:14

ComboFix3.txt 2011-07-23 20:19

ComboFix4.txt 2011-07-23 18:01

ComboFix5.txt 2011-07-25 05:15

.

Pre-Run: 238,868,783,104 bytes free

Post-Run: 238,684,844,032 bytes free

.

- - End Of File - - 81F2D02366DE1E194954A4E025B3178D

Link to post
Share on other sites

Router Reset

1. Very important: First disconnect your computer from the internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

3. Reset the IP/DNS settings of your interent connection:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

Hi there LDTate,

Steps done as requested, in the order you requested.

Nothing happened. Still got browser redirects. For some reason I cannot do Windows updates, I will check on this and see if I can force them through. Defogger is still turned on whenever I switch on the computer - maybe it is this which is disabling the Windows update.

I have a question LDTate, how can I push this forwards quicker? I am working on this for nearly a week it seems, and while I appreciate your help, it is taking a really long time. Would it be quicker to slave you in to my system remotely?

GMER shows this:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-07-25 10:33:06

Windows 6.1.7601 Service Pack 1

Running: random name.. ;) .exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e9c0776

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e47cda

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd1008a

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e9c0776 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e47cda (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd1008a (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Kaspersky picks up nothing. CF does not seem to show anything. TDSkiller has never picked up anything, ever. Neither has MBAM, has never picked up anything. It still disables itself. Interestingly, AVAST notes the same interesting things as before:

Run date: 2011-07-25 10:38:25

-----------------------------

10:38:25.764 OS Version: Windows x64 6.1.7601 Service Pack 1

10:38:25.764 Number of processors: 8 586 0x1E05

10:38:25.765 ComputerName: UserName:

10:38:27.144 Initialize success

10:39:04.800 AVAST engine defs: 11072500

10:39:37.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:39:37.961 Disk 0 Vendor: TOSHIBA_ LH50 Size: 476940MB BusType: 3

10:39:37.986 Disk 0 MBR read successfully

10:39:37.990 Disk 0 MBR scan

10:39:37.995 Disk 0 Windows 7 default MBR code

10:39:38.003 Service scanning

10:39:39.056 Disk 0 trace - called modules:

10:39:39.103 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004b43254]<<

10:39:39.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004aa6790]

10:39:39.120 3 CLASSPNP.SYS[fffff88001b7043f] -> nt!IofCallDriver -> [0xfffffa8004826db0]

10:39:39.128 5 ACPI.sys[fffff88000f867a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004825050]

10:39:39.137 \Driver\iaStor[0xfffffa80047fd060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004b43254

10:39:40.719 AVAST engine scan C:\Windows

10:39:46.503 AVAST engine scan C:\Windows\system32

10:39:51.230 Disk 0 MBR has been saved successfully to "C:\Users\Cheeky Grin\Desktop\MBR.dat"

10:39:51.231 The log file has been saved successfully to "C:\Users\Cheeky Grin\aswMBR.txt"

10:41:48.602 AVAST engine scan C:\Windows\system32\drivers

10:42:00.295 AVAST engine scan C:\Users\Cheeky Grin

10:48:22.403 AVAST engine scan C:\ProgramData

10:49:05.674 Scan finished successfully

Link to post
Share on other sites

Remote login doesn't work really because of the required reboots.

Please download Dr.Web CureIt . Save it to your desktop:

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
    Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Link to post
Share on other sites

Here you go - first AV/anti-malware program that has properly detected things - very impressed:

Process in memory: C:\Program Files (x86)\Mozilla Firefox\firefox.exe:4336;;BackDoor.Tdss.565;Eradicated.;

dds.scr;C:\Documents and Settings\Cheeky Grin\Desktop\ANTIVIRUS MALWARE TOOLS;Trojan.MulDrop2.48413;;

dds.scr;C:\Documents and Settings\Cheeky Grin\DoctorWeb\Quarantine;Trojan.MulDrop2.48413;Incurable.Moved.;

dds.scr;C:\Users\Cheeky Grin\Desktop\ANTIVIRUS MALWARE TOOLS;Trojan.MulDrop2.48413;;

Link to post
Share on other sites

Still got redirects on browser. Opening Malwarebytes and updating with recent database still gives a pop up window saying [OpenEvent] Failed to perform desired action. Error Code: 2 and then the "Protection" function disables. Running searches with Malwarebytes never picks up anything.

Regards

How's it running now?

Link to post
Share on other sites

Tis done - as requested. CF required to be updated again, to the newest version:

ComboFix 11-07-26.02 - Cheeky Grin 07/26/2011 8:50.14.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2719 [GMT -7:00]

Running from: c:\users\Cheeky Grin\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))

.

.

2011-07-26 16:21 . 2011-07-26 16:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-26 16:21 . 2011-07-26 16:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-07-26 16:21 . 2011-07-26 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-26 16:21 . 2011-07-26 16:21 -------- d-----w- c:\users\boinc_master\AppData\Local\temp

2011-07-25 18:50 . 2011-07-25 21:04 -------- d-----w- c:\users\Cheeky Grin\DoctorWeb

2011-07-25 18:35 . 2011-07-25 18:40 -------- d-----w- c:\windows\system32\catroot2

2011-07-25 18:04 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE261607-B7DC-4AAE-8DE8-8E3418A74A2B}\mpengine.dll

2011-07-25 18:03 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A63CFAE-76ED-4CFE-8522-9785930F8CBC}\mpengine.dll

2011-07-25 17:40 . 2011-07-25 18:21 -------- d-----w- c:\users\Cheeky Grin\AppData\Local\ElevatedDiagnostics

2011-07-25 04:51 . 2011-07-25 04:51 -------- d-----w- c:\program files\Java

2011-07-24 05:13 . 2011-07-24 05:13 -------- d-----w- c:\program files (x86)\ESET

2011-07-22 03:28 . 2011-07-22 03:28 -------- d--h--w- c:\programdata\CanonIJEGV

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonEPP

2011-07-21 22:10 . 2011-07-21 22:10 -------- d--h--w- c:\programdata\CanonIJMyPrinter

2011-07-21 22:09 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMXLMAN.DLL

2011-07-21 22:09 . 2011-07-22 06:32 -------- d-----w- c:\programdata\CanonIJPLM

2011-07-21 22:08 . 2011-07-21 22:08 -------- d-----w- c:\programdata\Canon IJ Network Tool

2011-07-21 22:08 . 2010-09-13 21:44 106496 ----a-w- c:\windows\SysWow64\CNC880U.dll

2011-07-21 22:08 . 2010-09-07 00:03 315392 ----a-w- c:\windows\SysWow64\CNC880L.dll

2011-07-21 22:08 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2011-07-21 22:08 . 2011-07-21 22:08 -------- d--h--w- c:\programdata\CanonIJFAX

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\program files\Common Files\CANON

2011-07-21 21:11 . 2011-07-21 21:11 -------- d-----w- c:\programdata\CanonIJWSpt

2011-07-21 21:09 . 2011-07-21 21:09 -------- d-----w- c:\program files\Canon

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\programdata\CanonBJ

2011-07-21 21:08 . 2010-10-18 12:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL

2011-07-21 21:08 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL

2011-07-21 21:08 . 2011-07-21 21:08 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-07-21 21:08 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMLMAN.DLL

2011-07-21 21:08 . 2010-10-19 12:00 302080 ----a-w- c:\windows\system32\CNCALAN.DLL

2011-07-21 21:07 . 2010-09-07 10:58 248320 ----a-w- c:\windows\system32\CNMIUAN.DLL

2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\windows\system32\STRING

2011-07-21 21:07 . 2010-09-08 16:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL

2011-07-21 21:07 . 2010-09-08 16:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2011-07-21 21:05 . 2011-07-21 22:10 -------- d-----w- c:\program files (x86)\Canon

2011-07-21 18:14 . 2011-07-21 18:14 -------- d-----w- c:\users\Cheeky Grin\AppData\Roaming\Malwarebytes

2011-07-21 18:14 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-21 18:13 . 2011-07-21 18:13 -------- d-----w- c:\programdata\Malwarebytes

2011-07-21 18:13 . 2011-07-21 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-21 18:11 . 2011-07-21 18:11 388096 ----a-r- c:\users\Cheeky Grin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-21 18:11 . 2011-07-21 18:11 -------- d-----w- c:\program files (x86)\Hijackthisar5ehole

2011-07-21 03:17 . 2011-07-21 03:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-07-21 03:03 . 2011-07-21 03:03 -------- d-----w- c:\users\Alex Lawrence\AppData\Roaming\QuickScan

2011-07-19 23:52 . 2011-07-25 19:58 -------- d-----w- c:\users\Alex Lawrence\AppData\Local\Diagnostics

2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\program files (x86)\Sophos

2011-07-19 17:34 . 2011-07-19 17:34 -------- d-----w- c:\users\Cheeky Grin\AppData\Roaming\AVG10

2011-07-19 17:31 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-19 17:31 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-19 17:31 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-19 17:31 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-19 17:31 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-19 17:31 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-19 17:31 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-19 17:31 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-19 17:31 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-19 17:31 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-19 17:30 . 2011-07-19 17:30 -------- d-----w- c:\programdata\Common Files

2011-07-19 17:29 . 2011-07-20 14:54 -------- d-----w- c:\programdata\AVG10

2011-07-19 17:28 . 2011-07-19 17:28 -------- d-----w- c:\program files (x86)\AVG

2011-07-19 17:24 . 2011-07-19 21:25 -------- d-----w- c:\programdata\MFAData

2011-07-19 15:33 . 2011-07-19 15:33 -------- d-----w- C:\temp

2011-07-19 00:10 . 2011-07-19 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Trend Micro

2011-07-19 00:00 . 2011-07-19 17:19 -------- d-----w- c:\programdata\Trend Micro

2011-07-19 00:00 . 2011-07-19 00:02 -------- d-----w- c:\program files\Trend Micro

2011-07-15 22:16 . 2011-07-19 17:02 -------- d-----w- C:\dell

2011-07-08 21:33 . 2011-07-19 18:02 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-07-08 19:12 . 2011-07-08 19:12 -------- d-----w- c:\users\Cheeky Grin\AppData\Local\Fallout3

2011-07-08 19:06 . 2011-07-19 18:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2011-07-08 19:05 . 2011-07-19 18:18 -------- d-----w- c:\windows\SysWow64\xlive

2011-07-08 19:04 . 2005-04-04 06:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-07-08 19:04 . 2005-04-04 06:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-07-08 19:04 . 2005-04-04 06:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-07-08 19:04 . 2011-07-08 19:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-07-08 19:04 . 2011-07-08 19:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-07-08 19:04 . 2005-04-04 06:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-07-08 19:04 . 2005-04-04 06:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-07-08 19:04 . 2005-04-04 05:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-07-08 18:49 . 2011-07-19 18:17 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2011-07-08 18:49 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-07-08 18:31 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-07-08 18:27 . 2011-07-11 18:22 -------- d-----w- c:\users\Cheeky Grin\AppData\Roaming\DAEMON Tools Lite

2011-07-08 18:27 . 2011-07-08 18:27 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-07 19:39 . 2011-07-07 19:39 -------- d-----w- c:\users\Cheeky Grin\AppData\Roaming\Outlook

2011-07-06 19:58 . 2011-07-06 19:58 0 ----a-w- c:\program files (x86)\7-Zip.exe

2011-07-06 18:12 . 2011-07-19 18:06 -------- d-----w- c:\users\Cheeky Grin\AppData\Local\Microsoft Games

2011-07-06 17:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-05 21:10 . 2011-07-05 21:09 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC806606-79CC-4DBA-8299-E40A431F5374}\gapaengine.dll

2011-07-05 21:08 . 2011-07-19 18:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-07-05 21:08 . 2011-07-19 18:17 -------- d-----w- c:\program files\Microsoft Security Client

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-25 04:51 . 2011-01-18 02:30 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-16 03:25 . 2011-06-01 16:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-19 17:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-27 17:27 . 2011-05-27 17:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-27 17:27 . 2011-05-27 17:27 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-27 17:27 . 2011-05-27 17:27 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-27 17:27 . 2011-05-27 17:27 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-27 17:27 . 2011-05-27 17:27 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-27 17:27 . 2011-05-27 17:27 448512 ----a-w- c:\windows\system32\html.iec

2011-05-27 17:27 . 2011-05-27 17:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-27 17:27 . 2011-05-27 17:27 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-27 17:27 . 2011-05-27 17:27 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-27 17:27 . 2011-05-27 17:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-27 17:27 . 2011-05-27 17:27 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-27 17:27 . 2011-05-27 17:27 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-27 17:27 . 2011-05-27 17:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-27 17:27 . 2011-05-27 17:27 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-27 17:27 . 2011-05-27 17:27 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-27 17:27 . 2011-05-27 17:27 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-27 17:27 . 2011-05-27 17:27 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-27 17:27 . 2011-05-27 17:27 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-27 17:27 . 2011-05-27 17:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-27 16:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-27 16:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-25 02:14 . 2011-06-22 23:07 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-21 06:01 . 2011-06-16 00:23 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-05-21 06:01 . 2011-06-16 00:23 326760 ----a-w- c:\windows\system32\nvhotkey.dll

2011-05-21 06:01 . 2011-06-16 00:22 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll

2011-05-21 06:01 . 2011-06-16 00:22 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll

2011-05-21 06:01 . 2010-07-19 02:36 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-05-10 09:41 . 2011-06-16 00:23 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll

2011-05-03 05:29 . 2011-06-16 09:43 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-16 09:43 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-16 09:43 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-16 09:43 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-16 09:43 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 22:25 . 2011-04-27 22:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-07-22_05.05.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-25 00:46 . 2011-07-26 05:00 84100 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-01-12 03:18 . 2011-07-25 19:58 59884 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-07-26 14:46 42096 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-24 23:15 . 2011-07-26 14:46 10898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1834004198-3942806062-3000046163-1005_UserData.bin

+ 2011-04-02 01:47 . 2011-07-25 18:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-04-02 01:47 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-07-25 18:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-21 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-05-27 17:38 . 2011-07-21 05:34 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-05-27 17:38 . 2011-07-22 06:32 2312 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-25 19:56 . 2011-07-26 14:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-25 19:56 . 2011-07-26 14:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-21 19:25 . 2011-07-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-18 18:29 . 2009-08-18 18:29 195456 c:\windows\SysWOW64\LIVESSP.DLL

- 2009-07-14 02:36 . 2011-07-21 19:31 629676 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-26 14:49 629676 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-26 14:49 108648 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-07-21 19:31 108648 c:\windows\system32\perfc009.dat

+ 2009-08-18 19:48 . 2009-08-18 19:48 243056 c:\windows\system32\LIVESSP.DLL

+ 2011-07-25 04:51 . 2011-07-25 04:51 190752 c:\windows\system32\javaws.exe

+ 2011-07-25 04:51 . 2011-07-25 04:51 171808 c:\windows\system32\javaw.exe

+ 2011-07-25 04:51 . 2011-07-25 04:51 171808 c:\windows\system32\java.exe

+ 2011-07-25 04:50 . 2011-07-25 04:50 683520 c:\windows\Installer\5ec25.msi

- 2011-05-24 23:56 . 2011-07-21 19:25 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-05-24 23:56 . 2011-07-25 19:55 1321776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-10-06 07:07 . 2010-10-06 07:07 6575616 c:\windows\Installer\42a7d.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-19 26017576]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-28 585728]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F7B3.tmp [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

FF - ProfilePath - c:\users\Cheeky Grin\AppData\Roaming\Mozilla\Firefox\Profiles\a2pod0kl.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e25bf11&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\F7B3.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-26 09:40:11

ComboFix-quarantined-files.txt 2011-07-26 16:40

ComboFix2.txt 2011-07-25 06:09

ComboFix3.txt 2011-07-24 08:14

ComboFix4.txt 2011-07-23 20:19

ComboFix5.txt 2011-07-26 15:45

.

Pre-Run: 237,248,122,880 bytes free

Post-Run: 237,187,919,872 bytes free

.

- - End Of File - - 5F4F34DA28C0AC8BC54D353568B407EE

Run a new combofix scan

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.