Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Malbytes reporting a Trojan.agent


  • This topic is locked This topic is locked
16 replies to this topic

#1 dirtee

dirtee

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 06 January 2012 - 11:44 AM

When my computer booted up this morning Malware Malbytes returned the following notification

"Successfully blocked access to a potentially malicious website: 141.136.16.152
Type: Outgoing
Port: 49347, Process: schost.exe"


The notification pops up just about every 10 minutes with a different website IP and port. I have ran the Malbytes scan 2 time and twice in Safe Mode.
Each time it is finding
Trojan.agent - c:\windows\svchost.exe (File)
Trojan.agent - c:\windows\svchost.exe 2516 (Memory Process)

I have removed them and rebooted to have them reappear.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by sunnyside at 10:45:50 on 2012-01-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.251 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\BeaconSoftware\TowMagic\TowMagic.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\BeaconSoftware\DA\DispatchAnywhere.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: TVonPC8000 Full 18+ BHO: {623d9d18-52b9-438a-ae92-ef1c85d09309} - C:\Program Files (x86)\TVonPC8000 Full 18+\Toolbar.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: TVonPC8000 Full 18+: {ff83939a-d480-4018-9a28-be7c4f533036} - C:\Program Files (x86)\TVonPC8000 Full 18+\Toolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TowMagic.lnk - C:\Program Files (x86)\BeaconSoftware\TowMagic\TowMagic.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{18ECB1BF-87BD-420A-8F89-F98BFAC198F5} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{BF2AA7AB-F25F-4B7E-8BB4-1796E7B3B63E} : DhcpNameServer = 10.0.0.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files (x86)\Common Files\BeaconSoftware\wowctl2.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: TVonPC8000 Full 18+ BHO: {623D9D18-52B9-438A-AE92-EF1C85D09309} - C:\Program Files (x86)\TVonPC8000 Full 18+\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: TVonPC8000 Full 18+: {FF83939A-D480-4018-9A28-BE7C4F533036} - C:\Program Files (x86)\TVonPC8000 Full 18+\Toolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sunnyside\AppData\Roaming\Mozilla\Firefox\Profiles\tigw4dw1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\sunnyside\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120105.001\IDSviA64.sys [2012-1-6 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-5 652872]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-5-2 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2214504]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-14 135664]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-14 135664]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 QuickBooksDB19;QuickBooksDB19;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
=============== Created Last 30 ================
.
2012-01-05 17:26:12 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-05 13:33:35 98816 ----a-w- C:\Windows\sed.exe
2012-01-05 13:33:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-05 13:33:35 256000 ----a-w- C:\Windows\PEV.exe
2012-01-05 13:33:35 208896 ----a-w- C:\Windows\MBR.exe
2012-01-03 16:41:11 -------- d-----w- C:\Users\sunnyside\AppData\Local\Broadcom
2012-01-03 16:38:19 -------- d-----w- C:\Program Files\WIDCOMM
2012-01-03 16:28:38 319016 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2011-12-28 13:05:12 -------- d-----w- C:\Users\sunnyside\AppData\Roaming\HpUpdate
2011-12-28 13:05:06 -------- d-----w- C:\Windows\Hewlett-Packard
2011-12-22 12:00:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-12-22 11:57:12 20480 ----a-w- C:\Windows\svchost.exe
2011-12-21 12:00:41 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-14 19:26:29 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 19:26:27 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 19:26:26 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 19:26:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 19:26:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 19:26:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-13 17:06:29 -------- d-----w- C:\Users\sunnyside\AppData\Local\SanctionedMedia
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-17 11:53:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 10:47:10.01 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 09 January 2012 - 03:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 09 January 2012 - 07:54 AM

Thanks Gringo,
Here is the ComboFix Log. I had no problems. I can't really say how the computer is as the only issue I was having was the alert from Malbytes and I am no receiving that because it is disabled.

ComboFix 12-01-09.02 - sunnyside 01/09/2012 7:08.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.935 [GMT -5:00]
Running from: c:\users\sunnyside\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
.
.
2012-01-09 12:19 . 2012-01-09 12:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-09 12:19 . 2012-01-09 12:19 -------- d-----w- c:\users\Rick\AppData\Local\temp
2012-01-09 12:19 . 2012-01-09 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 16:41 . 2012-01-03 16:41 -------- d-----w- c:\users\sunnyside\AppData\Local\Broadcom
2012-01-03 16:38 . 2012-01-03 16:38 -------- d-----w- c:\program files\WIDCOMM
2012-01-03 16:28 . 2009-11-30 19:37 319016 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2011-12-28 13:05 . 2012-01-04 13:02 -------- d-----w- c:\users\sunnyside\AppData\Roaming\HpUpdate
2011-12-28 13:05 . 2011-12-28 13:05 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-22 12:00 . 2011-12-22 12:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-12-22 11:57 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2011-12-21 12:00 . 2011-12-21 12:00 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-14 19:26 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 19:26 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 19:26 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 19:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 19:26 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 19:26 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 17:06 . 2011-12-13 17:06 -------- d-----w- c:\users\sunnyside\AppData\Local\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2010-10-27 13:03 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 11:53 . 2011-06-13 12:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_17.18.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-09 12:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-05 16:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-05 16:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-09 12:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-05 16:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-09 12:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-22 12:00 . 2012-01-09 12:06 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-12-22 12:00 . 2012-01-05 16:07 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-12 20:33 . 2012-01-09 11:55 54284 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-09 11:55 45942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-12 20:07 . 2012-01-09 11:55 20968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3322105531-2836566735-1377234858-1000_UserData.bin
+ 2009-12-12 22:13 . 2012-01-06 14:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 22:13 . 2012-01-02 18:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-12 22:13 . 2012-01-06 14:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-12 22:13 . 2011-12-28 21:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-28 21:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-06 14:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-09 11:53 . 2012-01-09 11:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-05 16:39 . 2012-01-05 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-05 16:39 . 2012-01-05 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-09 11:53 . 2012-01-09 11:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-03 16:33 631208 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-05 21:25 631208 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-05 21:25 109326 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-03 16:33 109326 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-05 16:38 435632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-06 22:06 435632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-01 22:05 . 2012-01-06 22:06 43012448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3322105531-2836566735-1377234858-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{623D9D18-52B9-438A-AE92-EF1C85D09309}]
2011-06-28 12:45 1544192 ----a-w- c:\program files (x86)\TVonPC8000 Full 18+\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{FF83939A-D480-4018-9A28-BE7C4F533036}"= "c:\program files (x86)\TVonPC8000 Full 18+\Toolbar.dll" [2011-06-28 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{ff83939a-d480-4018-9a28-be7c4f533036}]
[HKEY_CLASSES_ROOT\FCTB000061301.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{76297F77-07FB-4782-AA22-91ACF9E83F50}]
[HKEY_CLASSES_ROOT\FCTB000061301.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 135664]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 135664]
R3 Normandy;Normandy SR2; [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-10-01 131072]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-14 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120105.001\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 11:28]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 11:28]
.
2011-11-07 c:\windows\Tasks\TowMagic Updates.job
- c:\windows\Installer\TowMagic Updates for All Users.lnk [2010-06-14 20:36]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\sunnyside\AppData\Roaming\Mozilla\Firefox\Profiles\tigw4dw1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{FF83939A-D480-4018-9A28-BE7C4F533036} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3322105531-2836566735-1377234858-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3322105531-2836566735-1377234858-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3322105531-2836566735-1377234858-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3322105531-2836566735-1377234858-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-09 07:44:37
ComboFix-quarantined-files.txt 2012-01-09 12:44
.
Pre-Run: 230,240,780,288 bytes free
Post-Run: 229,698,949,120 bytes free
.
- - End Of File - - B3F6901305B0946F15D6922230F10FF5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 09 January 2012 - 11:02 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 09 January 2012 - 03:47 PM

15:32:36.0957 1272 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:32:37.0413 1272 ============================================================
15:32:37.0413 1272 Current date / time: 2012/01/09 15:32:37.0413
15:32:37.0413 1272 SystemInfo:
15:32:37.0413 1272
15:32:37.0414 1272 OS Version: 6.1.7601 ServicePack: 1.0
15:32:37.0414 1272 Product type: Workstation
15:32:37.0414 1272 ComputerName: PGDISPATCH
15:32:37.0414 1272 UserName: sunnyside
15:32:37.0414 1272 Windows directory: C:\Windows
15:32:37.0414 1272 System windows directory: C:\Windows
15:32:37.0414 1272 Running under WOW64
15:32:37.0414 1272 Processor architecture: Intel x64
15:32:37.0414 1272 Number of processors: 2
15:32:37.0414 1272 Page size: 0x1000
15:32:37.0414 1272 Boot type: Normal boot
15:32:37.0414 1272 ============================================================
15:32:38.0661 1272 Initialize success
15:32:41.0556 4452 ============================================================
15:32:41.0556 4452 Scan started
15:32:41.0556 4452 Mode: Manual;
15:32:41.0556 4452 ============================================================
15:32:43.0522 4452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:32:43.0525 4452 1394ohci - ok
15:32:43.0602 4452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:32:43.0606 4452 ACPI - ok
15:32:43.0643 4452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:32:43.0644 4452 AcpiPmi - ok
15:32:43.0673 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:32:43.0688 4452 adp94xx - ok
15:32:43.0708 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:32:43.0712 4452 adpahci - ok
15:32:43.0734 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:32:43.0736 4452 adpu320 - ok
15:32:43.0781 4452 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:32:43.0796 4452 AFD - ok
15:32:43.0832 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:32:43.0834 4452 agp440 - ok
15:32:43.0850 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:32:43.0852 4452 aliide - ok
15:32:43.0869 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:32:43.0870 4452 amdide - ok
15:32:43.0887 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:32:43.0888 4452 AmdK8 - ok
15:32:43.0900 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:32:43.0901 4452 AmdPPM - ok
15:32:43.0920 4452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:32:43.0922 4452 amdsata - ok
15:32:43.0943 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:32:43.0945 4452 amdsbs - ok
15:32:43.0961 4452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:32:43.0962 4452 amdxata - ok
15:32:44.0005 4452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:32:44.0006 4452 AppID - ok
15:32:44.0035 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:32:44.0037 4452 arc - ok
15:32:44.0054 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:32:44.0056 4452 arcsas - ok
15:32:44.0071 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:32:44.0072 4452 AsyncMac - ok
15:32:44.0087 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:32:44.0088 4452 atapi - ok
15:32:44.0134 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:32:44.0141 4452 b06bdrv - ok
15:32:44.0160 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:32:44.0163 4452 b57nd60a - ok
15:32:44.0206 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:32:44.0207 4452 Beep - ok
15:32:44.0434 4452 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys
15:32:44.0460 4452 BHDrvx64 - ok
15:32:44.0483 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:32:44.0485 4452 blbdrive - ok
15:32:44.0526 4452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:32:44.0528 4452 bowser - ok
15:32:44.0546 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:32:44.0547 4452 BrFiltLo - ok
15:32:44.0563 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:32:44.0564 4452 BrFiltUp - ok
15:32:44.0603 4452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:32:44.0605 4452 BridgeMP - ok
15:32:44.0644 4452 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
15:32:44.0647 4452 BrSerIb - ok
15:32:44.0669 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:32:44.0673 4452 Brserid - ok
15:32:44.0687 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:32:44.0688 4452 BrSerWdm - ok
15:32:44.0706 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:32:44.0707 4452 BrUsbMdm - ok
15:32:44.0720 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:32:44.0721 4452 BrUsbSer - ok
15:32:44.0740 4452 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
15:32:44.0741 4452 BrUsbSIb - ok
15:32:44.0788 4452 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:32:44.0789 4452 BthEnum - ok
15:32:44.0807 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:32:44.0809 4452 BTHMODEM - ok
15:32:44.0825 4452 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:32:44.0827 4452 BthPan - ok
15:32:44.0865 4452 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:32:44.0871 4452 BTHPORT - ok
15:32:44.0896 4452 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:32:44.0898 4452 BTHUSB - ok
15:32:44.0921 4452 btwampfl (163668fdc42cc73f397a0b5ef00017fd) C:\Windows\system32\drivers\btwampfl.sys
15:32:44.0925 4452 btwampfl - ok
15:32:44.0948 4452 catchme - ok
15:32:44.0969 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:32:44.0970 4452 cdfs - ok
15:32:45.0014 4452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:32:45.0017 4452 cdrom - ok
15:32:45.0045 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:32:45.0047 4452 circlass - ok
15:32:45.0074 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:32:45.0078 4452 CLFS - ok
15:32:45.0107 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:32:45.0108 4452 CmBatt - ok
15:32:45.0138 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:32:45.0139 4452 cmdide - ok
15:32:45.0178 4452 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:32:45.0183 4452 CNG - ok
15:32:45.0199 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:32:45.0200 4452 Compbatt - ok
15:32:45.0234 4452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:32:45.0236 4452 CompositeBus - ok
15:32:45.0256 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:32:45.0257 4452 crcdisk - ok
15:32:45.0318 4452 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:32:45.0331 4452 CSC - ok
15:32:45.0386 4452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:32:45.0388 4452 DfsC - ok
15:32:45.0431 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:32:45.0432 4452 discache - ok
15:32:45.0480 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:32:45.0481 4452 Disk - ok
15:32:45.0518 4452 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:32:45.0520 4452 Dot4 - ok
15:32:45.0561 4452 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:32:45.0563 4452 Dot4Print - ok
15:32:45.0577 4452 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:32:45.0578 4452 dot4usb - ok
15:32:45.0602 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:32:45.0603 4452 drmkaud - ok
15:32:45.0650 4452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:32:45.0668 4452 DXGKrnl - ok
15:32:45.0702 4452 easytether (1e8d0e318d3f17b2eaaf993db20c76f0) C:\Windows\system32\DRIVERS\easytthr.sys
15:32:45.0703 4452 easytether - ok
15:32:45.0765 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:32:45.0819 4452 ebdrv - ok
15:32:45.0916 4452 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:32:45.0930 4452 eeCtrl - ok
15:32:45.0965 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:32:45.0981 4452 elxstor - ok
15:32:46.0039 4452 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:32:46.0041 4452 EraserUtilRebootDrv - ok
15:32:46.0069 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:32:46.0070 4452 ErrDev - ok
15:32:46.0095 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:32:46.0098 4452 exfat - ok
15:32:46.0119 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:32:46.0122 4452 fastfat - ok
15:32:46.0153 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:32:46.0154 4452 fdc - ok
15:32:46.0193 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:32:46.0195 4452 FileInfo - ok
15:32:46.0209 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:32:46.0210 4452 Filetrace - ok
15:32:46.0229 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:32:46.0230 4452 flpydisk - ok
15:32:46.0271 4452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:32:46.0274 4452 FltMgr - ok
15:32:46.0294 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:32:46.0304 4452 FsDepends - ok
15:32:46.0328 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:32:46.0329 4452 Fs_Rec - ok
15:32:46.0363 4452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:32:46.0366 4452 fvevol - ok
15:32:46.0383 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:32:46.0385 4452 gagp30kx - ok
15:32:46.0426 4452 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:32:46.0427 4452 GEARAspiWDM - ok
15:32:46.0464 4452 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
15:32:46.0465 4452 grmnusb - ok
15:32:46.0510 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:32:46.0511 4452 hcw85cir - ok
15:32:46.0553 4452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:32:46.0558 4452 HdAudAddService - ok
15:32:46.0575 4452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:32:46.0577 4452 HDAudBus - ok
15:32:46.0590 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:32:46.0592 4452 HidBatt - ok
15:32:46.0609 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:32:46.0611 4452 HidBth - ok
15:32:46.0637 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:32:46.0638 4452 HidIr - ok
15:32:46.0678 4452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:32:46.0679 4452 HidUsb - ok
15:32:46.0713 4452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:32:46.0733 4452 HpSAMD - ok
15:32:46.0772 4452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:32:46.0790 4452 HTTP - ok
15:32:46.0825 4452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:32:46.0840 4452 hwpolicy - ok
15:32:46.0873 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:32:46.0875 4452 i8042prt - ok
15:32:46.0907 4452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:32:46.0912 4452 iaStorV - ok
15:32:47.0141 4452 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120105.001\IDSvia64.sys
15:32:47.0149 4452 IDSVia64 - ok
15:32:47.0272 4452 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:32:47.0367 4452 igfx - ok
15:32:47.0394 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:32:47.0395 4452 iirsp - ok
15:32:47.0423 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:32:47.0424 4452 intelide - ok
15:32:47.0440 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:32:47.0441 4452 intelppm - ok
15:32:47.0482 4452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:47.0484 4452 IpFilterDriver - ok
15:32:47.0509 4452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:32:47.0510 4452 IPMIDRV - ok
15:32:47.0530 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:32:47.0532 4452 IPNAT - ok
15:32:47.0557 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:32:47.0558 4452 IRENUM - ok
15:32:47.0590 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:32:47.0591 4452 isapnp - ok
15:32:47.0609 4452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:32:47.0612 4452 iScsiPrt - ok
15:32:47.0628 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:32:47.0630 4452 kbdclass - ok
15:32:47.0647 4452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:32:47.0648 4452 kbdhid - ok
15:32:47.0685 4452 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:32:47.0686 4452 KMWDFILTER - ok
15:32:47.0724 4452 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:32:47.0726 4452 KSecDD - ok
15:32:47.0761 4452 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:32:47.0764 4452 KSecPkg - ok
15:32:47.0781 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:32:47.0783 4452 ksthunk - ok
15:32:47.0813 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:32:47.0814 4452 lltdio - ok
15:32:47.0844 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:32:47.0846 4452 LSI_FC - ok
15:32:47.0861 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:32:47.0863 4452 LSI_SAS - ok
15:32:47.0880 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:32:47.0882 4452 LSI_SAS2 - ok
15:32:47.0900 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:32:47.0902 4452 LSI_SCSI - ok
15:32:47.0923 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:32:47.0925 4452 luafv - ok
15:32:47.0998 4452 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:32:48.0000 4452 MBAMProtector - ok
15:32:48.0023 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:32:48.0024 4452 megasas - ok
15:32:48.0043 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:32:48.0047 4452 MegaSR - ok
15:32:48.0073 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:32:48.0074 4452 Modem - ok
15:32:48.0112 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:32:48.0113 4452 monitor - ok
15:32:48.0149 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:32:48.0150 4452 mouclass - ok
15:32:48.0166 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:32:48.0167 4452 mouhid - ok
15:32:48.0208 4452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:32:48.0210 4452 mountmgr - ok
15:32:48.0245 4452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:32:48.0247 4452 mpio - ok
15:32:48.0270 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:32:48.0287 4452 mpsdrv - ok
15:32:48.0342 4452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:32:48.0344 4452 MRxDAV - ok
15:32:48.0381 4452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:48.0383 4452 mrxsmb - ok
15:32:48.0428 4452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:48.0443 4452 mrxsmb10 - ok
15:32:48.0476 4452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:48.0478 4452 mrxsmb20 - ok
15:32:48.0515 4452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:32:48.0516 4452 msahci - ok
15:32:48.0557 4452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:32:48.0559 4452 msdsm - ok
15:32:48.0586 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:32:48.0587 4452 Msfs - ok
15:32:48.0598 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:32:48.0600 4452 mshidkmdf - ok
15:32:48.0626 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:32:48.0628 4452 msisadrv - ok
15:32:48.0652 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:32:48.0654 4452 MSKSSRV - ok
15:32:48.0667 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:48.0668 4452 MSPCLOCK - ok
15:32:48.0681 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:32:48.0682 4452 MSPQM - ok
15:32:48.0723 4452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:32:48.0727 4452 MsRPC - ok
15:32:48.0749 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:32:48.0750 4452 mssmbios - ok
15:32:48.0769 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:32:48.0770 4452 MSTEE - ok
15:32:48.0782 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:32:48.0784 4452 MTConfig - ok
15:32:48.0802 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:32:48.0803 4452 Mup - ok
15:32:48.0832 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:32:48.0836 4452 NativeWifiP - ok
15:32:49.0009 4452 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120105.034\ENG64.SYS
15:32:49.0010 4452 NAVENG - ok
15:32:49.0068 4452 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120105.034\EX64.SYS
15:32:49.0079 4452 NAVEX15 - ok
15:32:49.0125 4452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:32:49.0143 4452 NDIS - ok
15:32:49.0157 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:32:49.0158 4452 NdisCap - ok
15:32:49.0178 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:32:49.0179 4452 NdisTapi - ok
15:32:49.0207 4452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:32:49.0209 4452 Ndisuio - ok
15:32:49.0249 4452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:32:49.0251 4452 NdisWan - ok
15:32:49.0306 4452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:32:49.0309 4452 NDProxy - ok
15:32:49.0358 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:32:49.0359 4452 NetBIOS - ok
15:32:49.0404 4452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:32:49.0407 4452 NetBT - ok
15:32:49.0434 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:32:49.0436 4452 nfrd960 - ok
15:32:49.0459 4452 Normandy - ok
15:32:49.0479 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:32:49.0481 4452 Npfs - ok
15:32:49.0501 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:32:49.0503 4452 nsiproxy - ok
15:32:49.0569 4452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:32:49.0595 4452 Ntfs - ok
15:32:49.0612 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:32:49.0613 4452 Null - ok
15:32:49.0637 4452 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
15:32:49.0639 4452 NVHDA - ok
15:32:49.0870 4452 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:32:50.0065 4452 nvlddmkm - ok
15:32:50.0116 4452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:32:50.0118 4452 nvraid - ok
15:32:50.0136 4452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:32:50.0139 4452 nvstor - ok
15:32:50.0184 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:32:50.0185 4452 nv_agp - ok
15:32:50.0218 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:32:50.0219 4452 ohci1394 - ok
15:32:50.0247 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:32:50.0249 4452 Parport - ok
15:32:50.0292 4452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:32:50.0296 4452 partmgr - ok
15:32:50.0320 4452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:32:50.0322 4452 pci - ok
15:32:50.0336 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:32:50.0337 4452 pciide - ok
15:32:50.0356 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:32:50.0359 4452 pcmcia - ok
15:32:50.0381 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:32:50.0382 4452 pcw - ok
15:32:50.0435 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:32:50.0452 4452 PEAUTH - ok
15:32:50.0541 4452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:32:50.0543 4452 PptpMiniport - ok
15:32:50.0557 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:32:50.0558 4452 Processor - ok
15:32:50.0606 4452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:32:50.0609 4452 Psched - ok
15:32:50.0647 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:32:50.0673 4452 ql2300 - ok
15:32:50.0691 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:32:50.0693 4452 ql40xx - ok
15:32:50.0715 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:32:50.0716 4452 QWAVEdrv - ok
15:32:50.0729 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:32:50.0730 4452 RasAcd - ok
15:32:50.0761 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:32:50.0763 4452 RasAgileVpn - ok
15:32:50.0795 4452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:32:50.0797 4452 Rasl2tp - ok
15:32:50.0815 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:32:50.0817 4452 RasPppoe - ok
15:32:50.0833 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:32:50.0835 4452 RasSstp - ok
15:32:50.0885 4452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:32:50.0888 4452 rdbss - ok
15:32:50.0900 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:32:50.0902 4452 rdpbus - ok
15:32:50.0914 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:32:50.0915 4452 RDPCDD - ok
15:32:50.0951 4452 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:32:50.0953 4452 RDPDR - ok
15:32:50.0971 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:32:50.0972 4452 RDPENCDD - ok
15:32:50.0984 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:32:50.0985 4452 RDPREFMP - ok
15:32:51.0025 4452 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:32:51.0028 4452 RDPWD - ok
15:32:51.0071 4452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:32:51.0074 4452 rdyboost - ok
15:32:51.0151 4452 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:32:51.0154 4452 RFCOMM - ok
15:32:51.0184 4452 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:32:51.0185 4452 RimUsb - ok
15:32:51.0236 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:32:51.0237 4452 rspndr - ok
15:32:51.0298 4452 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:32:51.0305 4452 RTL8167 - ok
15:32:51.0341 4452 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:32:51.0342 4452 s3cap - ok
15:32:51.0387 4452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:32:51.0389 4452 sbp2port - ok
15:32:51.0426 4452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:32:51.0427 4452 scfilter - ok
15:32:51.0480 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:32:51.0481 4452 secdrv - ok
15:32:51.0504 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:32:51.0517 4452 Serenum - ok
15:32:51.0540 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:32:51.0542 4452 Serial - ok
15:32:51.0555 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:32:51.0556 4452 sermouse - ok
15:32:51.0601 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:32:51.0602 4452 sffdisk - ok
15:32:51.0615 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:32:51.0616 4452 sffp_mmc - ok
15:32:51.0630 4452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:32:51.0631 4452 sffp_sd - ok
15:32:51.0644 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:32:51.0645 4452 sfloppy - ok
15:32:51.0672 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:32:51.0687 4452 SiSRaid2 - ok
15:32:51.0710 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:32:51.0712 4452 SiSRaid4 - ok
15:32:51.0727 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:32:51.0729 4452 Smb - ok
15:32:51.0751 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:32:51.0752 4452 spldr - ok
15:32:51.0850 4452 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
15:32:51.0867 4452 SRTSP - ok
15:32:51.0884 4452 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
15:32:51.0885 4452 SRTSPX - ok
15:32:51.0924 4452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:32:51.0929 4452 srv - ok
15:32:51.0972 4452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:32:51.0977 4452 srv2 - ok
15:32:51.0995 4452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:32:52.0020 4452 srvnet - ok
15:32:52.0054 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:32:52.0055 4452 stexstor - ok
15:32:52.0092 4452 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:32:52.0093 4452 storflt - ok
15:32:52.0113 4452 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:32:52.0122 4452 storvsc - ok
15:32:52.0138 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:32:52.0140 4452 swenum - ok
15:32:52.0167 4452 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
15:32:52.0172 4452 SymDS - ok
15:32:52.0204 4452 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
15:32:52.0221 4452 SymEFA - ok
15:32:52.0266 4452 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:32:52.0269 4452 SymEvent - ok
15:32:52.0293 4452 SYMFW - ok
15:32:52.0342 4452 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
15:32:52.0358 4452 SymIRON - ok
15:32:52.0366 4452 SYMNDISV - ok
15:32:52.0396 4452 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
15:32:52.0400 4452 SymNetS - ok
15:32:52.0474 4452 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:32:52.0509 4452 Tcpip - ok
15:32:52.0546 4452 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:32:52.0555 4452 TCPIP6 - ok
15:32:52.0607 4452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:32:52.0608 4452 tcpipreg - ok
15:32:52.0643 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:32:52.0644 4452 TDPIPE - ok
15:32:52.0667 4452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:32:52.0668 4452 TDTCP - ok
15:32:52.0704 4452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:32:52.0706 4452 tdx - ok
15:32:52.0738 4452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:32:52.0740 4452 TermDD - ok
15:32:52.0785 4452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:32:52.0786 4452 tssecsrv - ok
15:32:52.0841 4452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:32:52.0843 4452 TsUsbFlt - ok
15:32:52.0896 4452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:32:52.0898 4452 tunnel - ok
15:32:52.0910 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:32:52.0912 4452 uagp35 - ok
15:32:52.0956 4452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:32:52.0960 4452 udfs - ok
15:32:52.0988 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:32:52.0989 4452 uliagpkx - ok
15:32:53.0033 4452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:32:53.0034 4452 umbus - ok
15:32:53.0050 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:32:53.0051 4452 UmPass - ok
15:32:53.0097 4452 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
15:32:53.0099 4452 USBAAPL64 - ok
15:32:53.0162 4452 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:32:53.0165 4452 usbaudio - ok
15:32:53.0186 4452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:32:53.0188 4452 usbccgp - ok
15:32:53.0220 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:32:53.0222 4452 usbcir - ok
15:32:53.0241 4452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:32:53.0243 4452 usbehci - ok
15:32:53.0263 4452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:32:53.0267 4452 usbhub - ok
15:32:53.0287 4452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:32:53.0288 4452 usbohci - ok
15:32:53.0330 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:32:53.0331 4452 usbprint - ok
15:32:53.0370 4452 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:32:53.0371 4452 usbscan - ok
15:32:53.0387 4452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:32:53.0388 4452 USBSTOR - ok
15:32:53.0405 4452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:32:53.0406 4452 usbuhci - ok
15:32:53.0426 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:32:53.0427 4452 vdrvroot - ok
15:32:53.0446 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:32:53.0447 4452 vga - ok
15:32:53.0467 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:32:53.0468 4452 VgaSave - ok
15:32:53.0505 4452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:32:53.0508 4452 vhdmp - ok
15:32:53.0539 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:32:53.0541 4452 viaide - ok
15:32:53.0560 4452 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:32:53.0563 4452 vmbus - ok
15:32:53.0578 4452 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:32:53.0580 4452 VMBusHID - ok
15:32:53.0597 4452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:32:53.0598 4452 volmgr - ok
15:32:53.0638 4452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:32:53.0642 4452 volmgrx - ok
15:32:53.0660 4452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:32:53.0663 4452 volsnap - ok
15:32:53.0683 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:32:53.0685 4452 vsmraid - ok
15:32:53.0706 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:32:53.0707 4452 vwifibus - ok
15:32:53.0729 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:32:53.0731 4452 WacomPen - ok
15:32:53.0746 4452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:32:53.0748 4452 WANARP - ok
15:32:53.0752 4452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:32:53.0753 4452 Wanarpv6 - ok
15:32:53.0786 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:32:53.0787 4452 Wd - ok
15:32:53.0812 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:32:53.0829 4452 Wdf01000 - ok
15:32:53.0855 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:32:53.0857 4452 WfpLwf - ok
15:32:53.0872 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:32:53.0873 4452 WIMMount - ok
15:32:53.0908 4452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:32:53.0909 4452 WinUsb - ok
15:32:53.0945 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:32:53.0946 4452 WmiAcpi - ok
15:32:53.0975 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:32:53.0976 4452 ws2ifsl - ok
15:32:54.0030 4452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:32:54.0032 4452 WudfPf - ok
15:32:54.0074 4452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:32:54.0077 4452 WUDFRd - ok
15:32:54.0113 4452 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
15:32:54.0143 4452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:32:54.0143 4452 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:32:54.0155 4452 MBR (0x1B8) (d54e43549861260dd6d1b08564c9b906) \Device\Harddisk6\DR6
15:33:02.0021 4452 \Device\Harddisk6\DR6 - ok
15:33:02.0032 4452 Boot (0x1200) (d3643f383ed3723a114c5fe25ae3df56) \Device\Harddisk0\DR0\Partition0
15:33:02.0033 4452 \Device\Harddisk0\DR0\Partition0 - ok
15:33:02.0038 4452 Boot (0x1200) (64f75a3585ffa5daf7b7ca4ea3991b6a) \Device\Harddisk0\DR0\Partition1
15:33:02.0039 4452 \Device\Harddisk0\DR0\Partition1 - ok
15:33:02.0039 4452 ============================================================
15:33:02.0039 4452 Scan finished
15:33:02.0039 4452 ============================================================
15:33:02.0050 1724 Detected object count: 1
15:33:02.0050 1724 Actual detected object count: 1
15:33:11.0164 1724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:33:11.0165 1724 \Device\Harddisk0\DR0 - ok
15:33:11.0198 1724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:33:29.0454 1304 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 09 January 2012 - 04:16 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 10 January 2012 - 07:35 AM

ComboFix 12-01-09.02 - sunnyside 01/10/2012 7:05.6.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.959 [GMT -5:00]
Running from: c:\users\sunnyside\Downloads\ComboFix.exe
Command switches used :: c:\users\sunnyside\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 12:29 . 2012-01-10 12:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-10 12:29 . 2012-01-10 12:29 -------- d-----w- c:\users\Rick\AppData\Local\temp
2012-01-10 12:29 . 2012-01-10 12:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-09 21:35 . 2012-01-09 21:58 -------- d-----w- c:\programdata\CanonIJPLM
2012-01-09 21:35 . 2012-01-09 21:35 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX
2012-01-09 21:35 . 2012-01-09 21:35 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2012-01-09 21:14 . 2010-09-13 19:44 106496 ----a-w- c:\windows\SysWow64\CNC410U.dll
2012-01-09 21:14 . 2010-09-13 19:43 1368064 ----a-w- c:\windows\system32\CNC410C.dll
2012-01-09 21:14 . 2010-09-13 19:43 112128 ----a-w- c:\windows\system32\CNC410I.dll
2012-01-09 21:14 . 2010-09-06 22:04 367104 ----a-w- c:\windows\system32\CNC410L.dll
2012-01-09 21:14 . 2010-09-06 22:03 315392 ----a-w- c:\windows\SysWow64\CNC410L.dll
2012-01-09 21:14 . 2008-08-25 23:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2012-01-09 21:14 . 2008-08-25 23:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-01-09 21:13 . 2012-01-09 21:13 -------- d--h--w- c:\programdata\CanonIJFAX
2012-01-09 21:13 . 2010-09-20 10:00 374784 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-01-09 21:13 . 2010-10-21 10:00 302080 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-01-09 20:46 . 2012-01-09 20:46 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-09 20:46 . 2012-01-09 20:46 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-09 20:46 . 2012-01-09 20:46 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-09 20:46 . 2012-01-09 20:46 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-03 16:41 . 2012-01-03 16:41 -------- d-----w- c:\users\sunnyside\AppData\Local\Broadcom
2012-01-03 16:38 . 2012-01-03 16:38 -------- d-----w- c:\program files\WIDCOMM
2012-01-03 16:28 . 2009-11-30 19:37 319016 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2011-12-28 13:05 . 2012-01-04 13:02 -------- d-----w- c:\users\sunnyside\AppData\Roaming\HpUpdate
2011-12-28 13:05 . 2011-12-28 13:05 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-22 12:00 . 2011-12-22 12:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-12-21 12:00 . 2011-12-21 12:00 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-14 19:26 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 19:26 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 19:26 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 19:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 19:26 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 19:26 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 17:06 . 2011-12-13 17:06 -------- d-----w- c:\users\sunnyside\AppData\Local\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2010-10-27 13:03 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 11:53 . 2011-06-13 12:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_17.18.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-09 21:14 . 2010-07-14 14:55 98304 c:\windows\twain_32\MX410 series\SG_THA.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 77824 c:\windows\twain_32\MX410 series\SG_KOR.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 73728 c:\windows\twain_32\MX410 series\SG_JPN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 65536 c:\windows\twain_32\MX410 series\SG_CHT.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 65536 c:\windows\twain_32\MX410 series\SG_CHS.dll
+ 2012-01-09 21:14 . 2009-07-08 15:58 86016 c:\windows\twain_32\MX410 series\rstcol.dll
+ 2012-01-09 21:14 . 2009-09-15 19:13 98304 c:\windows\twain_32\MX410 series\MC2Plus.dll
+ 2012-01-09 21:14 . 2007-12-06 18:46 73728 c:\windows\twain_32\MX410 series\IJFSHLIB.dll
+ 2012-01-09 21:14 . 2007-11-09 13:48 53248 c:\windows\twain_32\MX410 series\HSL.DLL
+ 2012-01-09 21:14 . 2008-11-19 18:31 73728 c:\windows\twain_32\MX410 series\DDT.dll
+ 2010-06-03 11:11 . 2010-06-03 11:11 94208 c:\windows\twain_32\MX410 series\cncisco3.dll
+ 2012-01-09 21:14 . 2010-08-03 19:03 30720 c:\windows\twain_32\MX410 series\CNC410.DAT
+ 2012-01-09 21:14 . 2005-04-15 20:34 57344 c:\windows\twain_32\MX410 series\BaLCo.dll
+ 2009-07-14 04:54 . 2012-01-09 20:45 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-09 12:29 . 2012-01-09 12:29 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-01-09 12:29 . 2012-01-09 12:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-22 12:00 . 2012-01-05 16:07 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-22 12:00 . 2012-01-09 12:06 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-12 20:33 . 2012-01-09 21:36 54386 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-10 11:58 46044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-12 20:07 . 2012-01-10 11:58 21392 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3322105531-2836566735-1377234858-1000_UserData.bin
+ 2012-01-09 21:14 . 2010-09-20 10:00 88576 c:\windows\system32\spool\prtprocs\x64\CNMPPAL.DLL
+ 2012-01-09 21:14 . 2010-09-20 10:00 29696 c:\windows\system32\spool\prtprocs\x64\CNMPDAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 13312 c:\windows\system32\spool\drivers\x64\3\CNMW6AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 12288 c:\windows\system32\spool\drivers\x64\3\CNMW3AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 57496 c:\windows\system32\spool\drivers\x64\3\CNMVSAL.EXE
+ 2012-01-09 21:13 . 2010-09-20 10:00 15872 c:\windows\system32\spool\drivers\x64\3\CNMVSAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 79360 c:\windows\system32\spool\drivers\x64\3\CNMSRAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 90112 c:\windows\system32\spool\drivers\x64\3\CNMSQAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 17560 c:\windows\system32\spool\drivers\x64\3\CNMSEAL.EXE
+ 2012-01-09 21:13 . 2010-09-20 10:00 95232 c:\windows\system32\spool\drivers\x64\3\CNMSDAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 05:00 30320 c:\windows\system32\spool\drivers\x64\3\CNMP2AL.DAT
+ 2012-01-09 21:13 . 2010-09-20 05:00 27140 c:\windows\system32\spool\drivers\x64\3\CNMP1AL.DAT
+ 2012-01-09 21:13 . 2010-09-20 05:00 23280 c:\windows\system32\spool\drivers\x64\3\CNMP0AL.DAT
+ 2012-01-09 21:13 . 2010-09-20 10:00 31232 c:\windows\system32\spool\drivers\x64\3\CNMOPAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 89088 c:\windows\system32\spool\drivers\x64\3\CNMLHAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 86016 c:\windows\system32\spool\drivers\x64\3\CNMICAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 10240 c:\windows\system32\spool\drivers\x64\3\CNMFUAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 14848 c:\windows\system32\spool\drivers\x64\3\CNMBU6AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 13824 c:\windows\system32\spool\drivers\x64\3\CNMBU3AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 78336 c:\windows\system32\spool\drivers\x64\3\CNMBS6AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 62464 c:\windows\system32\spool\drivers\x64\3\CNMBS3AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 15872 c:\windows\system32\spool\drivers\x64\3\CNMBM6AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 14848 c:\windows\system32\spool\drivers\x64\3\CNMBM3AL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18944 c:\windows\system32\spool\drivers\x64\3\CNCARAL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 37888 c:\windows\system32\spool\drivers\x64\3\CNCADAL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 46080 c:\windows\system32\spool\drivers\x64\3\CNCA2AL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 78848 c:\windows\system32\spool\drivers\x64\3\CNCA1AL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 31232 c:\windows\system32\spool\drivers\x64\3\CNCA0AL.DLL
- 2009-07-14 05:30 . 2012-01-03 16:32 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-01-09 21:16 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-09 21:16 . 2010-07-14 14:55 73728 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SG_JPN.dll
+ 2012-01-09 21:16 . 2009-07-08 15:58 86016 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\rstcol.dll
+ 2012-01-09 21:16 . 2009-09-15 19:13 98304 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\MC2Plus.dll
+ 2012-01-09 21:16 . 2007-12-06 18:46 73728 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\IJFSHLIB.dll
+ 2012-01-09 21:16 . 2007-11-09 13:48 53248 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\HSL.DLL
+ 2012-01-09 21:16 . 2008-11-19 18:31 73728 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\DDT.dll
+ 2012-01-09 21:16 . 2008-08-25 23:02 17920 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNHMCA6.dll
+ 2012-01-09 21:16 . 2008-08-25 23:02 15872 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNHMCA.dll
+ 2012-01-09 21:16 . 2010-06-03 15:11 94208 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\cncisco3.dll
+ 2012-01-09 21:16 . 2010-08-03 19:03 30720 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410.DAT
+ 2012-01-09 21:16 . 2005-04-15 20:34 57344 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\BaLCo.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 98304 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_THA.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 77824 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_KOR.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 73728 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_JPN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 65536 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_CHT.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 65536 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_CHS.dll
+ 2012-01-09 21:14 . 2009-07-08 15:58 86016 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\rstcol.dll
+ 2012-01-09 21:14 . 2009-09-15 19:13 98304 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\MC2Plus.dll
+ 2012-01-09 21:14 . 2007-12-06 18:46 73728 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\IJFSHLIB.dll
+ 2012-01-09 21:14 . 2007-11-09 13:48 53248 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\HSL.DLL
+ 2012-01-09 21:14 . 2008-11-19 18:31 73728 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\DDT.dll
+ 2012-01-09 21:14 . 2008-08-25 23:02 17920 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNHMCA6.dll
+ 2012-01-09 21:14 . 2008-08-25 23:02 15872 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNHMCA.dll
+ 2010-06-03 11:11 . 2010-06-03 11:11 94208 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\cncisco3.dll
+ 2012-01-09 21:14 . 2010-08-03 19:03 30720 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410.DAT
+ 2012-01-09 21:14 . 2005-04-15 20:34 57344 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\BaLCo.dll
+ 2012-01-09 21:13 . 2010-09-20 10:00 13312 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMW6.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 12288 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMW3.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 57496 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMVS.EXE
+ 2012-01-09 21:13 . 2010-09-20 10:00 15872 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMVS.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 32768 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRTW.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 81408 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRTR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 70144 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRTH.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 80384 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRSE.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 84992 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRRU.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 90624 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRPT.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 93696 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRPL.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 79360 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRNO.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 89600 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRNL.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 46592 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRKR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 46592 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRJ.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 96768 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRIT.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 84480 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRID.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 86016 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRHU.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 97792 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRGR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 96256 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRFR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 77312 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRFI.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 95744 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRES.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 85504 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRDK.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 99328 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRDE.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 83456 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRCZ.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 32256 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRCN.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 78336 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSRAR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 79360 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 95232 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSMSD.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 17560 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSE.EXE
+ 2012-01-09 21:13 . 2010-09-20 10:00 90112 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMQUEUE.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 88576 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMPP.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 86016 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMPIC08.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 29696 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMPD.DLL
+ 2012-01-09 21:13 . 2010-09-20 05:00 30320 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMP2.DAT
+ 2012-01-09 21:13 . 2010-09-20 05:00 27140 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMP1.DAT
+ 2012-01-09 21:13 . 2010-09-20 05:00 23280 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMP0.DAT
+ 2012-01-09 21:13 . 2010-09-20 10:00 31232 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMOPA9.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 86528 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRTW.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 83968 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRCN.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 89088 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLH.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 10240 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMFUS.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 14848 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMBZU6.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 13824 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMBZU3.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 78336 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMBZS6.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 62464 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMBZS3.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 15872 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMBZM6.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 14848 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMBZM3.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 13312 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMW6.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 12288 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMW3.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 57496 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMVS.EXE
+ 2012-01-09 21:16 . 2010-09-20 10:00 15872 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMVS.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 46592 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMSRJ.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 95744 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMSRES.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 79360 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMSR.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 95232 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMSMSD.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 17560 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMSE.EXE
+ 2012-01-09 21:16 . 2010-09-20 10:00 90112 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMQUEUE.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 88576 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMPP.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 86016 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMPIC08.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 29696 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMPD.DLL
+ 2012-01-09 21:16 . 2010-09-20 05:00 30320 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMP2.DAT
+ 2012-01-09 21:16 . 2010-09-20 05:00 27140 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMP1.DAT
+ 2012-01-09 21:16 . 2010-09-20 05:00 23280 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMP0.DAT
+ 2012-01-09 21:16 . 2010-09-20 10:00 31232 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMOPA9.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 89088 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMLH.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 10240 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMFUS.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 14848 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMBZU6.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 13824 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMBZU3.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 78336 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMBZS6.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 62464 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMBZS3.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 15872 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMBZM6.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 14848 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMBZM3.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 46080 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXWA.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 14336 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXURJ.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 22016 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXURES.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 18944 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXUR.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 37888 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXDR.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 78848 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXAR.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 31232 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXAD.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 46080 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXWA.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 12800 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURTW.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18432 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURTR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18432 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURTH.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 19456 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURSE.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 19456 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURRU.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 20992 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURPT.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 19968 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURPL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18432 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURNO.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 19968 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURNL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 14336 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURKR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 14336 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURJ.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 19968 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURIT.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 19456 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURID.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18944 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURHU.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 20992 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURGR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 22016 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURFR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 19456 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURFI.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 22016 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURES.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18944 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURDK.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 20480 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURDE.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18944 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURCZ.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 12800 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURCN.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 17920 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXURAR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 18944 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXUR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 37888 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXDR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 78848 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXAR.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 31232 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXAD.DLL
+ 2009-12-12 22:13 . 2012-01-09 21:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 22:13 . 2012-01-02 18:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-12 22:13 . 2012-01-09 21:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-12 22:13 . 2011-12-28 21:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-09 21:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-28 21:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-09 21:15 . 2010-09-08 16:27 37376 c:\windows\system32\CNMN6UI.DLL
+ 2012-01-09 21:14 . 2010-09-07 10:56 77312 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstJP.dll
+ 2012-01-09 21:14 . 2010-09-30 14:41 6222 c:\windows\twain_32\MX410 series\SCNDB.DAT
+ 2012-01-09 21:14 . 2010-08-03 19:06 9040 c:\windows\twain_32\MX410 series\CNC410T.DAT
+ 2012-01-09 21:14 . 2010-08-03 19:05 1888 c:\windows\twain_32\MX410 series\CNC410M.DAT
+ 2012-01-09 21:15 . 2010-09-08 16:25 5120 c:\windows\system32\STRING\CNMNPPRCUS.DLL
+ 2012-01-09 21:15 . 2010-09-08 16:25 4096 c:\windows\system32\STRING\CNMNPPRCJP.DLL
+ 2012-01-09 21:15 . 2010-09-08 16:25 5120 c:\windows\system32\STRING\CNMNPPRCES.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 9216 c:\windows\system32\spool\drivers\x64\3\CNML2AL.DLL
+ 2012-01-09 21:16 . 2010-09-30 14:41 6222 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SCNDB.DAT
+ 2012-01-09 21:16 . 2010-08-03 19:06 9040 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410T.DAT
+ 2012-01-09 21:16 . 2010-08-03 19:05 1888 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410M.DAT
+ 2012-01-09 21:14 . 2010-09-30 14:41 6222 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SCNDB.DAT
+ 2012-01-09 21:14 . 2010-08-03 19:06 9040 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410T.DAT
+ 2012-01-09 21:14 . 2010-08-03 19:05 1888 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410M.DAT
+ 2012-01-09 21:13 . 2010-09-20 10:00 9216 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLH2.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 9216 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMLH2.DLL
- 2012-01-05 16:39 . 2012-01-05 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-09 21:23 . 2012-01-10 11:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-09 21:23 . 2012-01-10 11:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-05 16:39 . 2012-01-05 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-09 21:14 . 2009-03-11 21:20 487424 c:\windows\twain_32\MX410 series\usip.dll
+ 2012-01-09 21:14 . 2010-09-27 22:41 241664 c:\windows\twain_32\MX410 series\TPM.dll
+ 2012-01-09 21:14 . 2009-12-24 21:56 139264 c:\windows\twain_32\MX410 series\TDGLIB.dll
+ 2012-01-09 21:14 . 2009-01-21 16:41 122880 c:\windows\twain_32\MX410 series\softfare.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 106496 c:\windows\twain_32\MX410 series\SG_TRK.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 110592 c:\windows\twain_32\MX410 series\SG_SVE.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 110592 c:\windows\twain_32\MX410 series\SG_RUS.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 114688 c:\windows\twain_32\MX410 series\SG_PTB.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 110592 c:\windows\twain_32\MX410 series\SG_PLK.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 106496 c:\windows\twain_32\MX410 series\SG_NOR.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 118784 c:\windows\twain_32\MX410 series\SG_NLD.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\twain_32\MX410 series\SG_ITA.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 110592 c:\windows\twain_32\MX410 series\SG_IND.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 114688 c:\windows\twain_32\MX410 series\SG_HUN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\twain_32\MX410 series\SG_FRA.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 106496 c:\windows\twain_32\MX410 series\SG_FIN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\twain_32\MX410 series\SG_ESP.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 102400 c:\windows\twain_32\MX410 series\SG_ENU.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\twain_32\MX410 series\SG_ELL.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 114688 c:\windows\twain_32\MX410 series\SG_DEU.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 106496 c:\windows\twain_32\MX410 series\SG_DAN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 106496 c:\windows\twain_32\MX410 series\SG_CSY.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 102400 c:\windows\twain_32\MX410 series\SG_ARA.dll
+ 2012-01-09 21:14 . 2007-07-02 16:04 114688 c:\windows\twain_32\MX410 series\scrprmvl.dll
+ 2012-01-09 21:14 . 2010-01-14 15:55 118784 c:\windows\twain_32\MX410 series\SCRPRMV.DLL
+ 2012-01-09 21:14 . 2010-09-27 22:42 135168 c:\windows\twain_32\MX410 series\SCNIF.dll
+ 2012-01-09 21:14 . 2010-09-27 22:42 339968 c:\windows\twain_32\MX410 series\SCNFLW.dll
+ 2012-01-09 21:14 . 2010-09-27 22:41 212992 c:\windows\twain_32\MX410 series\SCNDB.dll
+ 2012-01-09 21:14 . 2008-01-23 21:45 454656 c:\windows\twain_32\MX410 series\RACSLIB.dll
+ 2012-01-09 21:14 . 2009-10-30 00:18 143360 c:\windows\twain_32\MX410 series\MC2.dll
+ 2012-01-09 21:14 . 2004-06-07 17:58 290816 c:\windows\twain_32\MX410 series\libBLC.dll
+ 2012-01-09 21:14 . 2008-11-07 19:20 176128 c:\windows\twain_32\MX410 series\CUBS.dll
+ 2010-06-03 11:11 . 2010-06-03 11:11 103424 c:\windows\twain_32\MX410 series\cncisco6.dll
+ 2012-01-09 21:14 . 2010-05-18 19:24 207372 c:\windows\twain_32\MX410 series\CNC410P.DAT
+ 2012-01-09 21:14 . 2005-08-24 20:51 126976 c:\windows\twain_32\MX410 series\CFine2.dll
+ 2012-01-09 21:14 . 2008-11-05 15:10 118784 c:\windows\twain_32\MX410 series\CAPS.dll
+ 2012-01-09 21:14 . 2009-11-26 16:32 118784 c:\windows\twain_32\MX410 series\AG.dll
+ 2009-07-14 04:54 . 2012-01-09 20:45 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-09 20:36 . 2012-01-09 20:36 114576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2010-09-08 16:26 . 2010-09-08 16:26 342016 c:\windows\SysWOW64\CNMNPPM.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 455680 c:\windows\system32\spool\drivers\x64\3\CNMURAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 308736 c:\windows\system32\spool\drivers\x64\3\CNMUBAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 889344 c:\windows\system32\spool\drivers\x64\3\CNMSMAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 670208 c:\windows\system32\spool\drivers\x64\3\CNMSBAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 205824 c:\windows\system32\spool\drivers\x64\3\CNMPVAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 215552 c:\windows\system32\spool\drivers\x64\3\CNMLRAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 161792 c:\windows\system32\spool\drivers\x64\3\CNMEIAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 733184 c:\windows\system32\spool\drivers\x64\3\CNMDRAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 407552 c:\windows\system32\spool\drivers\x64\3\CNMD5AL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 102912 c:\windows\system32\spool\drivers\x64\3\CNMCPAL.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 228352 c:\windows\system32\spool\drivers\x64\3\CNCAUAL.DLL
+ 2009-07-14 02:36 . 2012-01-05 21:25 631208 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-03 16:33 631208 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-05 21:25 109326 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-03 16:33 109326 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-01-09 21:16 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-03 16:32 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-03 16:29 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-01-09 21:16 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-01-09 21:16 . 2009-03-11 21:20 487424 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\usip.dll
+ 2012-01-09 21:16 . 2010-09-27 22:41 241664 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\TPM.dll
+ 2012-01-09 21:16 . 2009-12-24 21:56 139264 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\TDGLIB.dll
+ 2012-01-09 21:16 . 2009-01-21 16:41 122880 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\softfare.dll
+ 2012-01-09 21:16 . 2010-07-14 14:54 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SG_ESP.dll
+ 2012-01-09 21:16 . 2010-07-14 14:54 102400 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SG_ENU.dll
+ 2012-01-09 21:16 . 2007-07-02 16:04 114688 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\scrprmvl.dll
+ 2012-01-09 21:16 . 2010-01-14 15:55 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SCRPRMV.DLL
+ 2012-01-09 21:16 . 2010-09-27 22:42 135168 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SCNIF.dll
+ 2012-01-09 21:16 . 2010-09-27 22:42 339968 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SCNFLW.dll
+ 2012-01-09 21:16 . 2010-09-27 22:41 212992 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SCNDB.dll
+ 2012-01-09 21:16 . 2008-01-23 21:45 454656 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\RACSLIB.dll
+ 2012-01-09 21:16 . 2009-10-30 00:18 143360 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\MC2.dll
+ 2012-01-09 21:16 . 2004-06-07 17:58 290816 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\libBLC.dll
+ 2012-01-09 21:16 . 2008-11-07 19:20 176128 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CUBS.dll
+ 2012-01-09 21:16 . 2010-06-03 15:11 103424 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\cncisco6.dll
+ 2012-01-09 21:16 . 2010-09-13 19:44 106496 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410U.dll
+ 2012-01-09 21:16 . 2010-05-18 19:24 207372 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410P.DAT
+ 2012-01-09 21:16 . 2010-09-06 22:04 367104 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410L6.dll
+ 2012-01-09 21:16 . 2010-09-06 22:03 315392 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410L.dll
+ 2012-01-09 21:16 . 2010-09-13 19:43 112128 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410I6.dll
+ 2012-01-09 21:16 . 2005-08-24 20:51 126976 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CFine2.dll
+ 2012-01-09 21:16 . 2008-11-05 15:10 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CAPS.dll
+ 2012-01-09 21:16 . 2009-11-26 16:32 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\AG.dll
+ 2012-01-09 21:14 . 2009-03-11 21:20 487424 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\usip.dll
+ 2012-01-09 21:14 . 2010-09-27 22:41 241664 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\TPM.dll
+ 2012-01-09 21:14 . 2009-12-24 21:56 139264 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\TDGLIB.dll
+ 2012-01-09 21:14 . 2009-01-21 16:41 122880 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\softfare.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 106496 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_TRK.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 110592 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_SVE.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 110592 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_RUS.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 114688 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_PTB.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 110592 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_PLK.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 106496 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_NOR.dll
+ 2012-01-09 21:14 . 2010-07-14 14:55 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_NLD.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_ITA.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 110592 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_IND.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 114688 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_HUN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_FRA.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 106496 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_FIN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_ESP.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 102400 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_ENU.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_ELL.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 114688 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_DEU.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 106496 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_DAN.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 106496 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_CSY.dll
+ 2012-01-09 21:14 . 2010-07-14 14:54 102400 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_ARA.dll
+ 2012-01-09 21:14 . 2007-07-02 16:04 114688 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\scrprmvl.dll
+ 2012-01-09 21:14 . 2010-01-14 15:55 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SCRPRMV.DLL
+ 2012-01-09 21:14 . 2010-09-27 22:42 135168 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SCNIF.dll
+ 2012-01-09 21:14 . 2010-09-27 22:42 339968 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SCNFLW.dll
+ 2012-01-09 21:14 . 2010-09-27 22:41 212992 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SCNDB.dll
+ 2012-01-09 21:14 . 2008-01-23 21:45 454656 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\RACSLIB.dll
+ 2012-01-09 21:14 . 2009-10-30 00:18 143360 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\MC2.dll
+ 2012-01-09 21:14 . 2004-06-07 17:58 290816 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\libBLC.dll
+ 2012-01-09 21:14 . 2008-11-07 19:20 176128 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CUBS.dll
+ 2010-06-03 11:11 . 2010-06-03 11:11 103424 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\cncisco6.dll
+ 2012-01-09 21:14 . 2010-09-13 19:44 106496 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410U.dll
+ 2012-01-09 21:14 . 2010-05-18 19:24 207372 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410P.DAT
+ 2012-01-09 21:14 . 2010-09-06 22:04 367104 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410L6.dll
+ 2012-01-09 21:14 . 2010-09-06 22:03 315392 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410L.dll
+ 2012-01-09 21:14 . 2010-09-13 19:43 112128 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410I6.dll
+ 2012-01-09 21:14 . 2005-08-24 20:51 126976 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CFine2.dll
+ 2012-01-09 21:14 . 2008-11-05 15:10 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CAPS.dll
+ 2012-01-09 21:14 . 2009-11-26 16:32 118784 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\AG.dll
+ 2012-01-09 21:13 . 2010-10-26 10:20 286720 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURTW.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 470016 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURTR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 450048 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURTH.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 467968 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURSE.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 483328 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURRU.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 493568 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURPT.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 495104 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURPL.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 463872 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURNO.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 497664 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURNL.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 330752 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURKR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 324608 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURJ.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 510464 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURIT.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 494080 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURID.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 484352 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURHU.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 521728 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURGR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 517120 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURFR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 462848 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURFI.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 518144 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURES.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 477184 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURDK.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 508928 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURDE.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 474112 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURCZ.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 282112 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURCN.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 454144 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMURAR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 455680 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMUR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 889344 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSTMN.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 161792 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMSMOPT.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 205824 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMPV.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 670208 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMP_381.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 224768 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRTR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 192000 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRTH.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 222208 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRSE.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 233472 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRRU.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 241152 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRPT.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 251904 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRPL.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 222720 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRNO.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 250368 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRNL.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 122880 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRKR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 119296 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRJ.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 260608 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRIT.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 228864 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRID.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 231424 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRHU.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 269312 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRGR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 262144 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRFR.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 214016 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRFI.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 260608 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRES.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 231424 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRDK.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 266752 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRDE.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 226816 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRCZ.DLL
+ 2012-01-09 21:13 . 2010-10-26 10:20 209408 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLRAR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 215552 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLR.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 374784 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMLMON2.DLL
+ 2010-09-07 06:58 . 2010-09-07 06:58 248320 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMIU6.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 407552 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMDUMP5.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 733184 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMDRV.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 308736 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMBR381.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 102912 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNM_0381.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 324608 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMURJ.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 518144 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMURES.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 455680 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMUR.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 889344 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMSTMN.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 161792 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMSMOPT.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 205824 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMPV.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 670208 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMP_381.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 119296 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMLRJ.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 260608 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMLRES.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 215552 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMLR.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 374784 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMLMON2.DLL
+ 2012-01-09 21:16 . 2010-09-07 10:58 248320 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMIU6.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 407552 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMDUMP5.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 733184 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMDRV.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 308736 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMBR381.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 102912 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNM_0381.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 228352 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXUI.DLL
+ 2012-01-09 21:16 . 2010-09-24 10:00 302080 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_f72527814a5da4aa\FXLM.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 228352 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXUI.DLL
+ 2012-01-09 21:13 . 2010-10-21 10:00 302080 c:\windows\system32\DriverStore\FileRepository\mx410f6.inf_amd64_neutral_409d8a4125ec157e\FXLM.DLL
+ 2012-01-09 21:15 . 2010-09-08 16:27 328192 c:\windows\system32\CNMN6PPM.DLL
+ 2010-09-07 06:58 . 2010-09-07 06:58 248320 c:\windows\system32\CNMIUAL.DLL
+ 2010-06-03 11:11 . 2010-06-03 11:11 103424 c:\windows\system32\CNC410O.dll
+ 2012-01-09 21:14 . 2010-09-07 10:56 105472 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstUS.dll
+ 2012-01-09 21:14 . 2010-09-03 13:55 105472 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstTW.dll
+ 2012-01-09 21:14 . 2010-09-03 17:29 109056 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstTR.dll
+ 2012-01-09 21:14 . 2010-09-03 14:09 105472 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstTH.dll
+ 2012-01-09 21:14 . 2010-09-03 17:19 109568 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstSE.dll
+ 2012-01-09 21:14 . 2010-09-03 17:32 111616 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstRU.dll
+ 2012-01-09 21:14 . 2010-08-23 22:05 112640 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstPT.dll
+ 2012-01-09 21:14 . 2010-08-23 22:17 116224 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstPL.dll
+ 2012-01-09 21:14 . 2010-09-03 17:22 108032 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstNO.dll
+ 2012-01-09 21:14 . 2010-09-03 17:25 117248 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstNL.dll
+ 2012-01-09 21:14 . 2010-09-03 14:01 105472 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstKR.dll
+ 2012-01-09 21:14 . 2010-08-23 22:08 118272 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstIT.dll
+ 2012-01-09 21:14 . 2010-09-03 14:06 110080 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstID.dll
+ 2012-01-09 21:14 . 2010-09-03 17:34 114688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstHU.dll
+ 2012-01-09 21:14 . 2010-08-23 22:10 128000 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstGR.dll
+ 2012-01-09 21:14 . 2010-08-23 22:10 119808 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstFR.dll
+ 2012-01-09 21:14 . 2010-08-12 21:56 107008 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstFI.dll
+ 2012-01-09 21:14 . 2010-08-23 17:07 120320 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstES.dll
+ 2012-01-09 21:14 . 2010-08-23 22:03 110592 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstDK.dll
+ 2012-01-09 21:14 . 2010-09-03 17:28 123392 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstDE.dll
+ 2012-01-09 21:14 . 2010-09-03 17:37 109056 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstCZ.dll
+ 2012-01-09 21:14 . 2010-09-03 13:50 105472 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstCN.dll
+ 2012-01-09 21:14 . 2010-08-23 22:13 105472 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\RES\DLL\IJInstAR.dll
+ 2012-01-09 21:14 . 2010-09-07 11:26 678816 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series\DelDrv64.exe
+ 2009-07-14 05:01 . 2012-01-09 21:22 435632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-05 16:38 435632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-09 21:22 . 2012-01-09 21:22 436400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-01-09 21:14 . 2008-12-26 15:56 1168896 c:\windows\twain_32\MX410 series\SGCFLTR6.dll
+ 2012-01-09 21:14 . 2008-12-26 15:57 1159168 c:\windows\twain_32\MX410 series\SGCFLTR.dll
+ 2012-01-09 21:14 . 2010-09-27 22:42 1253376 c:\windows\twain_32\MX410 series\SG_IMG.dll
+ 2012-01-09 21:14 . 2010-09-27 22:45 1093632 c:\windows\twain_32\MX410 series\SCNUI.dll
+ 2012-01-09 21:14 . 2010-04-05 23:17 1355776 c:\windows\twain_32\MX410 series\IB.dll
+ 2012-01-09 21:14 . 2010-08-03 19:03 2102320 c:\windows\twain_32\MX410 series\CNC410R.DAT
+ 2009-07-14 04:54 . 2012-01-09 20:45 1146880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-09 21:13 . 2010-09-20 10:00 3475968 c:\windows\system32\spool\drivers\x64\3\CNMUIAL.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 2308608 c:\windows\system32\spool\drivers\x64\3\CNMCBAL.DLL
+ 2012-01-09 21:16 . 2008-12-26 15:56 1168896 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SGCFLTR6.dll
+ 2012-01-09 21:16 . 2008-12-26 15:57 1159168 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SGCFLTR.dll
+ 2012-01-09 21:16 . 2010-09-27 22:42 1253376 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SG_IMG.dll
+ 2012-01-09 21:16 . 2010-09-27 22:45 1093632 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\SCNUI.dll
+ 2012-01-09 21:16 . 2010-04-05 23:17 1355776 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\IB.dll
+ 2012-01-09 21:16 . 2010-08-03 19:03 2102320 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410R.DAT
+ 2012-01-09 21:16 . 2010-09-13 19:43 1368064 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_5ac54006bcf650d1\CNC410C6.dll
+ 2012-01-09 21:14 . 2008-12-26 15:56 1168896 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SGCFLTR6.dll
+ 2012-01-09 21:14 . 2008-12-26 15:57 1159168 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SGCFLTR.dll
+ 2012-01-09 21:14 . 2010-09-27 22:42 1253376 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SG_IMG.dll
+ 2012-01-09 21:14 . 2010-09-27 22:45 1093632 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\SCNUI.dll
+ 2012-01-09 21:14 . 2010-04-05 23:17 1355776 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\IB.dll
+ 2012-01-09 21:14 . 2010-08-03 19:03 2102320 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410R.DAT
+ 2012-01-09 21:14 . 2010-09-13 19:43 1368064 c:\windows\system32\DriverStore\FileRepository\mx410sc.inf_amd64_neutral_3b0992796a681504\CNC410C6.dll
+ 2012-01-09 21:13 . 2010-09-20 10:00 3475968 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMUI.DLL
+ 2012-01-09 21:13 . 2010-09-20 10:00 2308608 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_a02c69515c6d6a93\CNMPCOM2.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 3475968 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMUI.DLL
+ 2012-01-09 21:16 . 2010-09-20 10:00 2308608 c:\windows\system32\DriverStore\FileRepository\mx410p6.inf_amd64_neutral_140194aab3c7d799\CNMPCOM2.DLL
+ 2011-02-01 22:05 . 2012-01-09 21:22 43306916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3322105531-2836566735-1377234858-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{623D9D18-52B9-438A-AE92-EF1C85D09309}]
2011-06-28 12:45 1544192 ----a-w- c:\program files (x86)\TVonPC8000 Full 18+\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{FF83939A-D480-4018-9A28-BE7C4F533036}"= "c:\program files (x86)\TVonPC8000 Full 18+\Toolbar.dll" [2011-06-28 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{ff83939a-d480-4018-9a28-be7c4f533036}]
[HKEY_CLASSES_ROOT\FCTB000061301.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{76297F77-07FB-4782-AA22-91ACF9E83F50}]
[HKEY_CLASSES_ROOT\FCTB000061301.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
TowMagic.lnk - c:\program files (x86)\BeaconSoftware\TowMagic\TowMagic.exe [2007-11-28 1372160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 135664]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 135664]
R3 Normandy;Normandy SR2; [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-10-01 131072]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-14 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120105.001\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 11:28]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 11:28]
.
2011-11-07 c:\windows\Tasks\TowMagic Updates.job
- c:\windows\Installer\TowMagic Updates for All Users.lnk [2010-06-14 20:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\sunnyside\AppData\Roaming\Mozilla\Firefox\Profiles\tigw4dw1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{FF83939A-D480-4018-9A28-BE7C4F533036} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3322105531-2836566735-1377234858-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3322105531-2836566735-1377234858-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3322105531-2836566735-1377234858-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3322105531-2836566735-1377234858-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-10 07:32:28
ComboFix-quarantined-files.txt 2012-01-10 12:32
ComboFix2.txt 2012-01-09 12:44
.
Pre-Run: 229,488,640,000 bytes free
Post-Run: 229,419,089,920 bytes free
.
- - End Of File - - 309E4850C8B6861A08E036E6B937BF5A

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 10 January 2012 - 09:43 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 10 January 2012 - 10:56 AM

Gringo,

I just like to say thanks for all of your efforts and continuing help with my issues. Is there someway to donate?

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-10 10:34:34
-----------------------------
10:34:34.668 OS Version: Windows x64 6.1.7601 Service Pack 1
10:34:34.668 Number of processors: 2 586 0x170A
10:34:34.668 ComputerName: PGDISPATCH UserName: sunnyside
10:34:35.884 Initialize success
10:35:50.922 AVAST engine defs: 12011000
10:44:21.277 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:44:21.277 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
10:44:21.324 Disk 0 MBR read successfully
10:44:21.324 Disk 0 MBR scan
10:44:21.324 Disk 0 Windows 7 default MBR code
10:44:21.324 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:44:21.339 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 81920
10:44:21.355 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295109 MB offset 286720
10:44:21.386 Disk 0 Partition 4 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 604670535
10:44:21.402 Service scanning
10:44:22.868 Modules scanning
10:44:22.868 Disk 0 trace - called modules:
10:44:22.868 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:44:22.868 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027c65d0]
10:44:22.884 3 CLASSPNP.SYS[fffff88001b8a43f] -> nt!IofCallDriver -> [0xfffffa80022f0520]
10:44:22.884 5 ACPI.sys[fffff88000e1a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80022e8680]
10:44:23.711 AVAST engine scan C:\Windows
10:44:24.881 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
10:44:26.706 AVAST engine scan C:\Windows\system32
10:45:58.340 AVAST engine scan C:\Windows\system32\drivers
10:46:07.903 AVAST engine scan C:\Users\sunnyside
10:50:12.668 AVAST engine scan C:\ProgramData
10:51:39.201 Scan finished successfully
10:53:20.586 Disk 0 MBR has been saved successfully to "C:\Users\sunnyside\Desktop\MBR.dat"
10:53:20.586 The log file has been saved successfully to "C:\Users\sunnyside\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 10 January 2012 - 12:21 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 10 January 2012 - 01:11 PM

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7
Apple Application Support
Apple Software Update
Brother MFL-Pro Suite
BufferChm
C4500
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.1
Canon MX410 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
CleanUp!
Copy
D3DX10
DAUpdateSetup
Destinations
DeviceDiscovery
Dispatch Anywhere
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
File Secure Pro Viewer
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Google Update Helper
GoToMeeting 4.5.0.416
GPBaseService2
HiJackThis
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Image Optimizer 3.0
Java Auto Updater
Java™ 6 Update 26
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton 360
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.2
PrimoPDF -- brought to you by Nitro PDF Software
PS_AIO_04_C4500_Software_Min
QuickBooks
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SmartWebPrinting
Snapshot Viewer
SolutionCenter
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
Status
SupportSoft Assisted Service
Toolbox
TowMagic
TrayApp
TVonPC8000 Full 18+
UnloadSupport
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.00 (32-bit)
Xvid Video Codec

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 10 January 2012 - 01:26 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.7
Java™ 6 Update 26


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 10 January 2012 - 02:42 PM

No problems incurred here are the reports

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sunnyside :: PGDISPATCH [administrator]

Protection: Enabled

1/10/2012 2:25:10 PM
mbam-log-2012-01-10 (14-25-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220570
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:54 PM, on 1/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: FCTBPos00Pos - {623D9D18-52B9-438A-AE92-EF1C85D09309} - C:\Program Files (x86)\TVonPC8000 Full 18+\Toolbar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: TVonPC8000 Full 18+ - {FF83939A-D480-4018-9A28-BE7C4F533036} - C:\Program Files (x86)\TVonPC8000 Full 18+\Toolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKUS\S-1-5-21-3322105531-2836566735-1377234858-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3322105531-2836566735-1377234858-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TowMagic.lnk = C:\Program Files (x86)\BeaconSoftware\TowMagic\TowMagic.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10695 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 10 January 2012 - 06:38 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
      O4 - HKUS\S-1-5-21-3322105531-2836566735-1377234858-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3322105531-2836566735-1377234858-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: TowMagic.lnk = C:\Program Files (x86)\BeaconSoftware\TowMagic\TowMagic.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 11 January 2012 - 08:22 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71ddb70473fd1e4e9bbfc5af6a2919d4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-11 01:19:54
# local_time=2012-01-11 08:19:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 17312105 17312105 0 0
# compatibility_mode=3589 16777213 100 80 897109 76859890 0 0
# compatibility_mode=5893 16776574 100 94 16099355 77827244 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=154740
# found=0
# cleaned=0
# scan_time=4202




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users