TechSpot

Computer Won't Run the 8 Steps in Normal Mode

By simpsonrul
Oct 14, 2010
  1. I have been having computer troubles for the last week, and I think it might be a startup issue.

    In normal mode, I cannot run add/remove programs, msconfig, fire fox, internet explorer, the my computer folder, network connections, and many more. I can open chrome and almost all other folders.

    I was unable to run malwarebytes, gmer, dds, or hijackthis in normal mode, but I could run all but gmer in safe mode. Attached are the logs.

    What additional useful information can I provide?

    Thanks in advance,
    Joseph
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the problems.
    Questions:
    1. Can you give me some history on this problem please.
    2. What did you do before the problem started that makes you think it's a startup issue?
    3. What happens when you boot into Normal Mode> does the system boot okay?
    4. What happens when you try and then fail to open a system folder? Message? What?
    5. How much RAM do you have?

    Let's try to clean up some things.
    1. There are processes for 3 antivirus programs running: Avast, McAfee and AVG v7.5 which is outdated. You need to remove two of those. Multiple AV programs make a system more vulnerable.
    2. You have 8 versions of Java> all old. Another vulnerability. The current version is v6u21. For now, uninstall all the old versions in Add/Remove Programs and when you get back online safely, I'll direct you to the download site.
    3. It looks like you've done 2 recent System Restores:
    10/7/2010 3:54:41 PM - Restore Operation
    RP2198: 10/10/2010 10:15:09 PM - Restore Operation

    Please don't do any more while I'm helping you.
    4. You can uninstall HijackThis. It's an outdated version. I'll have you run it later and will give you the link to the current version.

    It could be helpful to act on this Error Event now:
    The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:
    Click on Start> Control Panel> System> Tools> Error Checking> Check both boxes in the screen that comes up> Make sure Volume G is set> OK> Close the message that comes up and Reboot. Let the checking finish. It may take a while if you don't do it regularly. the system will reboot when through.

    Let me know the status after this, along with answers to my questions.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. simpsonrul

    simpsonrul TS Rookie Topic Starter

    First of all, thank you for responding. In answer to your questions:

    1. About 12 days ago I got a few BSODs while trying to connect to MLB.tv. I am not sure if that is relevant. Last Thursday, I noticed that I could not connect to a VPN, which I could access the day before that. This was the tipoff that network connections would not open, and I then started looking for other problems.

    I spent the next several days trying to fix the computer myself on and off. First, I tried to correct a few of the problems individual, but I had no success. Then, I downloaded a few more programs (CCleaner, AVG antispyware 7.5, etc.) in the hopes of finding a problem that I could fix.

    I should also mention that I changed the registry to allow windows installer to operate in safe mode.

    2. The reason I think that it is a startup issue is because hijackthis freezes on 04 (which checks the startup folder) when I run it in normal mode.

    3. When I boot in normal mode, Windows loads, but I cannot access all of the Windows processes. Examples include: add/remove programs is blank and does not try to populate; msconfig will not open; in task manager in the processes tab, the user name column is blank (aside from system idle process).

    On the other hand, I cannot shut down from normal mode. It freezes on the saving settings part.

    4. When I open up most folders, there is no problem. When I open up "my computer," Windows displays the flashlight implying that it is searching for what is in this folder, but it never displays any icons. It usually does not freeze here. Conversely, when I try to open "network connections," it does not open anything, and I have to force close the "control panel" folder.

    5. I cannot click on system properties right now, but I know that I have a lot of RAM.

    6. As soon as I post this message, I will restart my computer in safe mode and try to uninstall some of these. The McAfee stuff must be very old, and I think the AVG program is just the anti-spyware part, but I will remove it.

    7. I already uninstalled all of the old versions of java a couple of days ago, and I don't see it on my programs list.

    8. I tried to do the system restores as a part of trying to fix the problem myself, but I don't know if the system restore executed correctly. I was unable to access system restore in normal mode, and after I tried it in safe mode, the restart did not fully open windows.

    9. I will uninstall hijackthis in safe mode.

    10. I cannot access control panel > system in normal mode, but I will do this in safe mode.

    Thanks again,
    Joseph
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The problems you state can be a malware infection. Interestingly enough, the only entry found in Mbam was Adware.TryMedia. since you mention the problem beginning after you tried to access MLBTv, one has to wonder if it came from there.

    My bad about AVG v7.5- yes, it is just the antispyware, but I don't think v7.5 is supported any more. McAfee is a file I can move later. this was mainly if you had them all installed and running.

    For #10:
    See if you can get into the Error Check using Windows explorer: Windows key + E> click on My Computer> right click on Local Drive> Properties> then continue with Tools and the directions for Error Checking.
     
  5. simpsonrul

    simpsonrul TS Rookie Topic Starter

    Okay, I have finished the above steps. I could not find McAfee or Java in the program files list, but I got rid of AVG spyware and hijackthis.

    I also was unable to reach the error checking through windows explorer, but I was able to do it in safe mode. It told me to restart, which I did, and the check ran before windows started up again.

    Also, I forgot that I had run a previous, partial malwarebytes scan. It picked up and deleted three infected registry keys. I have pasted the details of this below.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94118c19-b178-4e43-bbe8-0efdbb391bdb} (Trojan.Dialer) -> Quarantined and deleted successfully.


    What would you like me to do next?
     
  6. simpsonrul

    simpsonrul TS Rookie Topic Starter

    I also recently installed a Linksys wireless adapter. I am not sure exactly when, but it was in the last couple of weeks.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Use a flash drive to download
    Download the HijackThis Installer and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.>>>> Save this log

    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)Adobe Reader acro helper
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
    O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB}
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -


    Close all Windows except HijackThis and click on "Fix Checked."
    (The last 5 entries in the HJT log above all relate to the Java programs you have installed)

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Open Internet Explorer> Tools> Manage add-ons> there are 2 sections available in the dialog box> one if addons currently on system, the other is add-ons previously on the system> check both sections Look for any of the following and highlight> Disable:
    SysWebTelecom and any entries related to 'adult dialer', dialer'
    All Java plugins
    Josie

    When through> Apply> OK> Reboot

    Do a new scan with HijackThis and paste the log in the next reply.

    See if you can run an antivirus scan.
     
  8. simpsonrul

    simpsonrul TS Rookie Topic Starter

    Okay, I have done everything.
    1. I downloaded hijackthis and installed it. I when I try to run it in normal mode it freezes after
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    I was able to run it in safe mode (FYI the next item on the safe mode log is O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Joseph\App), and I fixed/removed the suggested items. Attached as "hijackthis_safe mode1.txt" is that, pre-fix log.

    2. I could not find SysWebTelecom, 'adult dialer', dialer', Java plugins, or Josit in IE, but I did uninstall all of the Java stuff from Firefox. Is it a problem that I could not find the other add-ons?

    3. I restarted and reran hijackthis. Once again, it froze in normal mode, but I ran it in safe mode. That log is attached as "hijackthis_safe mode2.txt".

    4. When I tried to scan in normal mode using Avast, it froze on file "C:\WINDOWS\system32\drivers\A3AB.sys". I then explored that folder and noticed that only two items in there have been recently modified. They are "C:\WINDOWS\system32\drivers\lvuvc.hs" and "C:\WINDOWS\system32\drivers\logiflt.iad". They were modified just one minute apart this morning, which seems suspicious. A quick google search did not yield much information about these files.

    5. The avast scan in safe mode looks like it will take several hours, so I stopped it short to report that it found a suspected trojan at "C:\DELL\ATAPI.EXE". I have quarantined it, and I am restarting the scanner. I will update this post if any more problems are found.
     

    Attached Files:

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    C:\WINDOWS\system32\drivers\A3AB.sys This is the driver for your wireless network card from D-Link. It is possible you may have a bad NIC card or router

    The following 2 entries seems to be found together. Will remove.
    C:\WINDOWS\system32\drivers\lvuvc.hs
    C:\WINDOWS\system32\drivers\logiflt.iad

    C:\DELL\ATAPI.EXE
    What is ATAPI.EXE?
    ATAPI.EXE has a file size of 28,672 bytes, and is most commonly found under the directory "dell" with a creation date of August 30, 2005. This is not a known spyware, adware, or trojan executable.

    The following Domains should be removed from the Trusted Zone> they are a security risk here where there is lower security settings:
    O15 - Trusted Zone: *.att.net
    O15 - Trusted Zone: http://*.att.net
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net


    See my Reply #7 for HijackThis removals- they are still in the logs.
    I don't understand what you mean when you say 'froze at' because I see the entire logs. Please remove the entries I set up.
    =======================================
    Please run this and don't do anything else except the HJT removals until I see it.

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
     
  10. simpsonrul

    simpsonrul TS Rookie Topic Starter

    Hi Bibbye,
    You did it! But first let me respond in order.

    1. What do you suggest I do about A3AB.sys?

    2. Should I delete the following files?
    C:\WINDOWS\system32\drivers\lvuvc.hs
    C:\WINDOWS\system32\drivers\logiflt.iad

    3. For hijackthis, when I run in normal mode, it stops running when the top part says "04 - registry & Start Menu autoruns." If I click on it, then a message pops up saying "This action cannot be completed because the other application is busy. Chose 'Switch To' to activate the busy program and correct the problem." Once it starts doing this, the scan ceases to progress, and I have to force close the program.
    The hijackthis logs I posted all came from running the program in safe mode.

    4. I removed those domains from the trusted zone.

    5. The avast scan from before finished. It found four more threats!?!?
    One is "C\:System Volume Informatio\_restore{...}...EXE
    The other three are HPZipm12.exe files, which appear to be legit files for my printer.
    I have quarantined all of them.

    6. I ran ComboFix in safe mode. It has now reloaded in normal mode, and everything appears to be working correctly!!! The computer is running slowly, though. Maybe when I restart again it will be perfect. The ComboFix file is attached.
    What do you suppose the problem was?

    Thanks again,
    Simpsonrul

    PS You are amazing.
     

    Attached Files:

  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    #1 The driver for A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys shows date of 8/25/2005.
    Currently Stopped, Run on Demand. Should restart when you reboot.
    #2> do nothing for now.
    #3. Remove the HJT entries in Safe Mode.
    #5. Do not be bothered by the Avast entries now. System Volume is in the restore points. I will have you drop them at the end and set new clean one. This is not active in the system. The HP entries are for the printer. I will have you run an online AV scan so I can see the full entries.-In the meantime, stop quarantining entries! You're going to end up locking yourself out of the system!

    Joseph, please be advised that we are using our discretion on whether to review logs that are attached and not pasted: It takes us too long to have to copy and paste any entry we need to identify, rather than search from the browser. You can use multiple posts for the logs is needed.
    ====================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\dllcache\OLDA3C.tmp
    c:\windows\system32\dllcache\OLD877.tmp
    c:\windows\system32\dllcache\OLD6F1.tmp
    c:\windows\system32\dllcache\OLD534.tmp
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    Extra::
    File::
    c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    Firefox::
    Firefox-: - Profile - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\g8jj51lf.Default User\
    DDS::
    mCustomizeSearch = 
    BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    =======================Reboot the Computer========================

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Of course I'm amazing- I'm a Libra!:rolleyes:
     
  12. simpsonrul

    simpsonrul TS Rookie Topic Starter

    Hi,

    So I have followed your instructions again, and here are the results. The ComboFix logfile is as follows:


    ComboFix 10-10-16.03 - Joseph 10/17/2010 8:24.2.4 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.3027 [GMT -5:00]
    Running from: c:\documents and settings\Joseph\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Joseph\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\program files\Mozilla Firefox\plugins\npViewpoint.dll"
    "c:\windows\system32\dllcache\OLD534.tmp"
    "c:\windows\system32\dllcache\OLD6F1.tmp"
    "c:\windows\system32\dllcache\OLD877.tmp"
    "c:\windows\system32\dllcache\OLDA3C.tmp"
    "c:\windows\TEMP\logishrd\LVPrcInj01.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    c:\windows\system32\dllcache\OLD534.tmp
    c:\windows\system32\dllcache\OLD6F1.tmp
    c:\windows\system32\dllcache\OLD877.tmp
    c:\windows\system32\dllcache\OLDA3C.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
    .

    2010-10-17 01:32 . 2010-10-17 01:32 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-16 02:00 . 2004-05-26 19:53 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
    2010-10-16 02:00 . 2004-05-07 18:47 79616 ----a-w- c:\windows\system32\rt2500usb.sys
    2010-10-16 02:00 . 2004-04-24 03:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
    2010-10-16 02:00 . 2004-01-07 22:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
    2010-10-15 21:40 . 2010-10-15 21:40 388096 ----a-r- c:\documents and settings\Joseph\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-15 21:40 . 2010-10-15 21:40 -------- d-----w- c:\program files\Trend Micro
    2010-10-14 15:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-14 15:55 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-14 15:49 . 2010-10-14 15:49 -------- dc----w- c:\documents and settings\Joseph\Application Data\Malwarebytes
    2010-10-14 15:49 . 2010-10-14 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-11 20:43 . 2010-10-11 20:45 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-10-11 12:57 . 2010-10-11 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
    2010-10-11 03:22 . 2010-10-11 03:22 -------- d-----w- C:\BJPrinter
    2010-10-10 23:03 . 2010-10-10 23:49 -------- d-----w- c:\program files\CCleaner
    2010-10-10 22:41 . 2008-04-14 03:05 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
    2010-10-10 22:40 . 2001-08-17 18:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
    2010-10-10 22:39 . 2001-08-17 18:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
    2010-10-10 22:38 . 2001-08-17 18:28 488383 ----a-w- c:\windows\system32\dllcache\OLDA40.tmp
    2010-10-10 22:37 . 2001-08-17 17:12 28062 ----a-w- c:\windows\system32\dllcache\OLD87B.tmp
    2010-10-10 22:36 . 2001-08-18 03:37 73216 ----a-w- c:\windows\system32\dllcache\OLD6DD.tmp
    2010-10-10 22:35 . 2001-08-17 17:11 20160 ----a-w- c:\windows\system32\dllcache\OLD538.tmp
    2010-10-07 21:22 . 2010-10-07 21:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-07 20:17 . 2001-08-18 03:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-10-07 20:16 . 2001-08-18 03:36 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
    2010-10-07 20:15 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
    2010-10-07 20:14 . 2010-04-28 02:25 2189952 ----a-w- c:\windows\system32\dllcache\OLD27.tmp
    2010-10-05 02:59 . 2004-05-07 18:47 79616 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
    2010-10-05 02:59 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
    2010-10-05 02:59 . 2003-09-26 04:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
    2010-10-05 02:59 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
    2010-10-05 02:59 . 2010-10-16 02:00 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
    "WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]

    c:\documents and settings\Joseph\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Joseph\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    1 [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    2005-11-30 14:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    2002-09-11 02:26 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
    2005-12-14 19:56 2711552 ----a-w- c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
    2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    2007-12-14 16:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2003-07-02 12:38 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Joseph\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "g:\\Program Files\\StarNet\\X-Win32 2010\\xwin32.exe"=
    "g:\\Program Files\\StarNet\\X-Win32 2010\\esd.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2500usb.sys [10/4/2010 9:59 PM 79616]
    S1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [9/1/2010 7:54 AM 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [9/1/2010 7:54 AM 17744]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [8/25/2005 2:00 PM 466880]
    S3 ATWPKT;ATWPKT;c:\windows\SYSTEM32\DRIVERS\atwpkt.sys [8/5/2003 12:20 PM 19140]
    S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [10/2/2009 12:37 AM 47624]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\SYSTEM32\DRIVERS\RsFx0102.sys [7/10/2008 2:49 AM 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.dellnet.com
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: c:\progra~1\COMMON~1\BTLINK\btlink.dll//iemenu
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - c:\program files\royalvegasMPP\MPPoker.exe
    Trusted Zone: att.net
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Greenback Bayou by pogo.com - hxxp://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\g8jj51lf.Default User\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\documents and settings\Joseph\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\Joseph\Application Data\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\Joseph\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    Completion time: 2010-10-17 08:39:13
    ComboFix-quarantined-files.txt 2010-10-17 13:39

    Pre-Run: 12,921,286,656 bytes free
    Post-Run: 12,858,241,024 bytes free

    - - End Of File - - 7C18AFA9DEDA0CE8544211C38AABB034



    I ran Eset as well, but it did not save a log file. In short, there was one suspicious file that it removed, but I did not write down what that file was.

    Also, since my computer is now operating correctly again, I reinstalled the wireless device that I had gotten rid of, and I restored the quarantined printer files.


    What do you think caused the problem?

    Thanks,
    Joseph
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run the Eset scan again, save the log and paste it in next reply.
    And observe this line in the instructions:
    Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

    =================================
    Please run this in Normal Mode

    Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    Extra::
    File::
    Firefox::
    Firefox-: - Profile - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\g8jj51lf.Default User\
    Firefox-: prefs.js - SEARCH.DEFAULTURL-
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    You should remove these from the Trusted zone. The security is lower in that zone and you don't need anything to be in it:
    Control Panel or Tools in IE> Internet Options> security tab> Trusted Sites> Sites> type each Domain in as follows, one at a time> Remove:
    *. att.net
    *. sbcglobal.net
    *. yahoo.com

    When finished> click on OK> Apply> OK.
    ====================================
    Please do not move any more files unless I instruct you to.
     
  14. simpsonrul

    simpsonrul TS Rookie Topic Starter

    Here is the lone Eset threat:
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2198\A0313856.exe Win32/Adware.WBug.A application

    I removed the items from the trusted zone, I installed a new printer, and I ran ComboFix in normal mode. Here is the log:

    ComboFix 10-10-18.06 - Joseph 10/19/2010 18:01:34.3.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2709 [GMT -5:00]
    Running from: c:\documents and settings\Joseph\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Joseph\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
    .

    2010-10-19 19:56 . 2010-10-19 19:56 -------- d-----w- c:\program files\ESET
    2010-10-19 19:47 . 2010-10-19 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
    2010-10-19 19:47 . 2010-10-19 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
    2010-10-19 19:43 . 2009-10-19 21:29 307200 ----a-w- c:\windows\system32\CNC340L.dll
    2010-10-19 19:43 . 2009-10-05 23:09 1310720 ----a-w- c:\windows\system32\CNC340C.dll
    2010-10-19 19:43 . 2009-10-05 23:08 110592 ----a-w- c:\windows\system32\CNC340I.dll
    2010-10-19 19:43 . 2009-10-05 23:05 102400 ----a-w- c:\windows\system32\CNC340U.dll
    2010-10-19 19:43 . 2008-08-25 23:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2010-10-19 19:42 . 2009-06-23 18:40 38224 ------w- c:\windows\system32\IJRMF.exe
    2010-10-19 19:26 . 2010-10-19 19:47 -------- d-----w- c:\program files\Canon
    2010-10-17 01:32 . 2010-10-17 01:32 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-16 02:00 . 2004-05-26 19:53 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
    2010-10-16 02:00 . 2004-05-07 18:47 79616 ----a-w- c:\windows\system32\rt2500usb.sys
    2010-10-16 02:00 . 2004-04-24 03:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
    2010-10-16 02:00 . 2004-01-07 22:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
    2010-10-15 21:40 . 2010-10-15 21:40 388096 ----a-r- c:\documents and settings\Joseph\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-15 21:40 . 2010-10-15 21:40 -------- d-----w- c:\program files\Trend Micro
    2010-10-14 15:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-14 15:55 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-14 15:49 . 2010-10-14 15:49 -------- dc----w- c:\documents and settings\Joseph\Application Data\Malwarebytes
    2010-10-14 15:49 . 2010-10-14 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-11 20:43 . 2010-10-11 20:45 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-10-11 12:57 . 2010-10-11 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
    2010-10-11 03:22 . 2010-10-11 03:22 -------- d-----w- C:\BJPrinter
    2010-10-10 23:03 . 2010-10-10 23:49 -------- d-----w- c:\program files\CCleaner
    2010-10-10 22:41 . 2008-04-14 03:05 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
    2010-10-10 22:40 . 2001-08-17 18:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
    2010-10-10 22:39 . 2001-08-17 18:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
    2010-10-10 22:38 . 2001-08-17 18:28 488383 ----a-w- c:\windows\system32\dllcache\OLDA40.tmp
    2010-10-10 22:37 . 2001-08-17 17:12 28062 ----a-w- c:\windows\system32\dllcache\OLD87B.tmp
    2010-10-10 22:36 . 2001-08-18 03:37 73216 ----a-w- c:\windows\system32\dllcache\OLD6DD.tmp
    2010-10-10 22:35 . 2001-08-17 17:11 20160 ----a-w- c:\windows\system32\dllcache\OLD538.tmp
    2010-10-07 21:22 . 2010-10-07 21:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-07 20:17 . 2001-08-18 03:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-10-07 20:16 . 2001-08-18 03:36 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
    2010-10-07 20:15 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
    2010-10-07 20:14 . 2010-04-28 02:25 2189952 ----a-w- c:\windows\system32\dllcache\OLD27.tmp
    2010-10-05 02:59 . 2004-05-07 18:47 79616 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
    2010-10-05 02:59 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
    2010-10-05 02:59 . 2003-09-26 04:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
    2010-10-05 02:59 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
    2010-10-05 02:59 . 2010-10-16 02:00 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-17_13.34.17 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-19 19:43 . 2009-11-06 14:33 94208 c:\windows\TWAIN_32\MX340 series\SG_THA.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 73728 c:\windows\TWAIN_32\MX340 series\SG_KOR.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 73728 c:\windows\TWAIN_32\MX340 series\SG_JPN.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 65536 c:\windows\TWAIN_32\MX340 series\SG_CHT.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 61440 c:\windows\TWAIN_32\MX340 series\SG_CHS.dll
    + 2010-10-19 19:43 . 2009-07-08 15:58 86016 c:\windows\TWAIN_32\MX340 series\rstcol.dll
    + 2010-10-19 19:43 . 2009-03-09 22:56 98304 c:\windows\TWAIN_32\MX340 series\MC2Plus.dll
    + 2010-10-19 19:43 . 2007-12-06 18:46 73728 c:\windows\TWAIN_32\MX340 series\IJFSHLIB.dll
    + 2010-10-19 19:43 . 2007-11-09 13:48 53248 c:\windows\TWAIN_32\MX340 series\HSL.DLL
    + 2010-10-19 19:43 . 2008-11-19 18:31 73728 c:\windows\TWAIN_32\MX340 series\DDT.dll
    + 2010-10-19 19:34 . 2009-08-28 10:24 94208 c:\windows\TWAIN_32\MX340 series\cncisco3.dll
    + 2010-10-19 19:43 . 2009-06-16 20:38 30720 c:\windows\TWAIN_32\MX340 series\CNC340.DAT
    + 2010-10-19 19:43 . 2005-04-15 20:34 57344 c:\windows\TWAIN_32\MX340 series\BaLCo.dll
    + 2010-10-19 19:34 . 2009-10-09 15:01 11264 c:\windows\SYSTEM32\STRING\CNMNPPRCUS.DLL
    + 2010-10-19 19:34 . 2009-10-09 15:01 11776 c:\windows\SYSTEM32\STRING\CNMNPPRCIT.DLL
    + 2010-10-19 19:34 . 2009-10-09 15:01 12288 c:\windows\SYSTEM32\STRING\CNMNPPRCFR.DLL
    + 2010-10-19 19:34 . 2009-10-09 15:01 12288 c:\windows\SYSTEM32\STRING\CNMNPPRCES.DLL
    + 2010-10-19 19:34 . 2009-10-09 15:01 12800 c:\windows\SYSTEM32\STRING\CNMNPPRCDE.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 70656 c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPPA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 27136 c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPDA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 12288 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMW3A5.DLL
    + 2010-10-19 19:44 . 2009-12-09 15:54 60240 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMVSA5.EXE
    + 2010-10-19 19:44 . 2009-12-08 10:00 14336 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMVSA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 78336 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMSRA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 89600 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMSQA5.DLL
    + 2010-10-19 19:44 . 2009-12-09 15:54 18768 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMSEA5.EXE
    + 2010-10-19 19:44 . 2009-12-08 10:00 93696 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMSDA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 12288 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMPIA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 05:00 30320 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMP2A5.DAT
    + 2010-10-19 19:44 . 2009-12-08 05:00 27140 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMP1A5.DAT
    + 2010-10-19 19:44 . 2009-12-08 05:00 23280 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMP0A5.DAT
    + 2010-10-19 19:44 . 2009-12-08 10:00 27648 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMOPA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 62976 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMLHA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 86016 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMICA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 57856 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMEIA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 13824 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMBU3A5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 35840 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMBS3A5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 13824 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMBM3A5.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:24 62976 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkUS.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:55 65536 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkTW.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkTR.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:55 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkTH.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkSE.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkRU.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkPT.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkPL.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkNO.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkNL.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 65536 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkKR.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:24 58368 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkJP.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkIT.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkID.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkHU.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkGR.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:52 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkFR.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkFI.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 77824 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkES.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkDK.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:52 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkDE.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkCZ.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:55 65536 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkCN.DLL
    + 2010-10-19 19:44 . 2009-11-25 20:54 69632 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkAR.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:29 52736 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCF2Mk.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 12288 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMW3A5.DLL
    + 2010-10-19 19:34 . 2009-12-09 15:54 60240 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMVSA5.EXE
    + 2010-10-19 19:34 . 2009-12-08 10:00 14336 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMVSA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 78336 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMSRA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 89600 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMSQA5.DLL
    + 2010-10-19 19:34 . 2009-12-09 15:54 18768 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMSEA5.EXE
    + 2010-10-19 19:34 . 2009-12-08 10:00 93696 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMSDA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 12288 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMPIA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 05:00 30320 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMP2A5.DAT
    + 2010-10-19 19:34 . 2009-12-08 05:00 27140 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMP1A5.DAT
    + 2010-10-19 19:34 . 2009-12-08 05:00 23280 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMP0A5.DAT
    + 2010-10-19 19:34 . 2009-12-08 10:00 27648 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMOPA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 62976 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMLHA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 86016 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMICA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 57856 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMEIA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 13824 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMBU3A5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 35840 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMBS3A5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 13824 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMBM3A5.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:24 62976 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkUS.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:55 65536 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkTW.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkTR.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:55 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkTH.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkSE.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkRU.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkPT.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkPL.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkNO.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkNL.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 65536 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkKR.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:24 58368 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkJP.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkIT.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkID.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkHU.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkGR.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:52 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkFR.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkFI.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 77824 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkES.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkDK.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:52 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkDE.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 73728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkCZ.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:55 65536 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkCN.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 69632 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFCkAR.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:29 52736 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCF2Mk.DLL
    + 2010-10-19 19:34 . 2009-08-28 10:24 94208 c:\windows\SYSTEM32\CNC340O.dll
    + 2010-10-19 19:34 . 2009-09-10 08:59 74752 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstJP.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 94208 c:\windows\LastGood\twain_32\MX340 series\SG_THA.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 73728 c:\windows\LastGood\twain_32\MX340 series\SG_KOR.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 73728 c:\windows\LastGood\twain_32\MX340 series\SG_JPN.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 65536 c:\windows\LastGood\twain_32\MX340 series\SG_CHT.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 61440 c:\windows\LastGood\twain_32\MX340 series\SG_CHS.dll
    + 2010-10-19 19:46 . 2009-07-08 15:58 86016 c:\windows\LastGood\twain_32\MX340 series\rstcol.dll
    + 2010-10-19 19:46 . 2009-03-09 22:56 98304 c:\windows\LastGood\twain_32\MX340 series\MC2Plus.dll
    + 2010-10-19 19:46 . 2007-12-06 18:46 73728 c:\windows\LastGood\twain_32\MX340 series\IJFSHLIB.dll
    + 2010-10-19 19:46 . 2007-11-09 13:48 53248 c:\windows\LastGood\twain_32\MX340 series\HSL.DLL
    + 2010-10-19 19:46 . 2008-11-19 18:31 73728 c:\windows\LastGood\twain_32\MX340 series\DDT.dll
    + 2010-10-19 19:46 . 2009-08-28 10:24 94208 c:\windows\LastGood\twain_32\MX340 series\cncisco3.dll
    + 2010-10-19 19:46 . 2009-06-16 20:38 30720 c:\windows\LastGood\twain_32\MX340 series\CNC340.DAT
    + 2010-10-19 19:46 . 2005-04-15 20:34 57344 c:\windows\LastGood\twain_32\MX340 series\BaLCo.dll
    + 2010-10-19 19:45 . 2009-12-08 10:00 70656 c:\windows\LastGood\System32\spool\PRTPROCS\W32X86\CNMPPA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 27136 c:\windows\LastGood\System32\spool\PRTPROCS\W32X86\CNMPDA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 12288 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMW3A5.DLL
    + 2010-10-19 19:45 . 2009-12-09 15:54 60240 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMVSA5.EXE
    + 2010-10-19 19:45 . 2009-12-08 10:00 14336 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMVSA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 78336 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMSRA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 89600 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMSQA5.DLL
    + 2010-10-19 19:45 . 2009-12-09 15:54 18768 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMSEA5.EXE
    + 2010-10-19 19:45 . 2009-12-08 10:00 93696 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMSDA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 12288 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMPIA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 05:00 30320 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMP2A5.DAT
    + 2010-10-19 19:45 . 2009-12-08 05:00 27140 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMP1A5.DAT
    + 2010-10-19 19:45 . 2009-12-08 05:00 23280 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMP0A5.DAT
    + 2010-10-19 19:45 . 2009-12-08 10:00 27648 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMOPA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 62976 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMLHA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 86016 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMICA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 57856 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMEIA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 13824 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMBU3A5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 35840 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMBS3A5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 13824 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMBM3A5.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:24 62976 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkUS.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:55 65536 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkTW.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkTR.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:55 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkTH.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkSE.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkRU.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkPT.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkPL.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkNO.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkNL.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 65536 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkKR.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:24 58368 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkJP.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkIT.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkID.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkHU.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkGR.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:52 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkFR.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkFI.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 77824 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkES.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkDK.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:52 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkDE.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 73728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkCZ.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:55 65536 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkCN.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 69632 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFCkAR.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:29 52736 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCF2Mk.DLL
    + 2010-10-19 19:46 . 2008-08-25 23:02 15872 c:\windows\LastGood\System32\CNHMCA.dll
    + 2010-10-19 19:43 . 2009-06-02 23:06 6157 c:\windows\TWAIN_32\MX340 series\SCNDB.DAT
    + 2010-10-19 19:43 . 2009-09-25 15:55 9040 c:\windows\TWAIN_32\MX340 series\CNC340T.DAT
    + 2010-10-19 19:34 . 2009-10-09 15:01 9216 c:\windows\SYSTEM32\STRING\CNMNPPRCJP.DLL
    + 2010-10-19 19:34 . 2009-10-09 15:01 8192 c:\windows\SYSTEM32\STRING\CNMNPPRCCN.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 8704 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNML2A5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 9728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMFUA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 8704 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNML2A5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 9728 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMFUA5.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:24 3072 c:\windows\SYSTEM32\CNCFLkUS.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:55 2560 c:\windows\SYSTEM32\CNCFLkTW.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3072 c:\windows\SYSTEM32\CNCFLkTR.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:55 3072 c:\windows\SYSTEM32\CNCFLkTH.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3584 c:\windows\SYSTEM32\CNCFLkSE.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3584 c:\windows\SYSTEM32\CNCFLkRU.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3584 c:\windows\SYSTEM32\CNCFLkPT.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3584 c:\windows\SYSTEM32\CNCFLkPL.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3072 c:\windows\SYSTEM32\CNCFLkNO.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3584 c:\windows\SYSTEM32\CNCFLkNL.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3072 c:\windows\SYSTEM32\CNCFLkKR.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:24 2560 c:\windows\SYSTEM32\CNCFLkJP.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3584 c:\windows\SYSTEM32\CNCFLkIT.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3584 c:\windows\SYSTEM32\CNCFLkID.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3072 c:\windows\SYSTEM32\CNCFLkHU.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3584 c:\windows\SYSTEM32\CNCFLkGR.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:52 3584 c:\windows\SYSTEM32\CNCFLkFR.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3584 c:\windows\SYSTEM32\CNCFLkFI.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3584 c:\windows\SYSTEM32\CNCFLkES.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3072 c:\windows\SYSTEM32\CNCFLkDK.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:52 3584 c:\windows\SYSTEM32\CNCFLkDE.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:53 3072 c:\windows\SYSTEM32\CNCFLkCZ.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:55 2560 c:\windows\SYSTEM32\CNCFLkCN.DLL
    + 2010-10-19 19:34 . 2009-11-25 20:54 3072 c:\windows\SYSTEM32\CNCFLkAR.DLL
    + 2010-10-19 19:46 . 2009-06-02 23:06 6157 c:\windows\LastGood\twain_32\MX340 series\SCNDB.DAT
    + 2010-10-19 19:46 . 2009-09-25 15:55 9040 c:\windows\LastGood\twain_32\MX340 series\CNC340T.DAT
    + 2010-10-19 19:45 . 2009-12-08 10:00 8704 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNML2A5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 9728 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMFUA5.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:24 3072 c:\windows\LastGood\System32\CNCFLkUS.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:55 2560 c:\windows\LastGood\System32\CNCFLkTW.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3072 c:\windows\LastGood\System32\CNCFLkTR.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:55 3072 c:\windows\LastGood\System32\CNCFLkTH.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3584 c:\windows\LastGood\System32\CNCFLkSE.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3584 c:\windows\LastGood\System32\CNCFLkRU.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3584 c:\windows\LastGood\System32\CNCFLkPT.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3584 c:\windows\LastGood\System32\CNCFLkPL.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3072 c:\windows\LastGood\System32\CNCFLkNO.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3584 c:\windows\LastGood\System32\CNCFLkNL.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3072 c:\windows\LastGood\System32\CNCFLkKR.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:24 2560 c:\windows\LastGood\System32\CNCFLkJP.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3584 c:\windows\LastGood\System32\CNCFLkIT.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3584 c:\windows\LastGood\System32\CNCFLkID.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3072 c:\windows\LastGood\System32\CNCFLkHU.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3584 c:\windows\LastGood\System32\CNCFLkGR.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:52 3584 c:\windows\LastGood\System32\CNCFLkFR.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3584 c:\windows\LastGood\System32\CNCFLkFI.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3584 c:\windows\LastGood\System32\CNCFLkES.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3072 c:\windows\LastGood\System32\CNCFLkDK.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:52 3584 c:\windows\LastGood\System32\CNCFLkDE.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:53 3072 c:\windows\LastGood\System32\CNCFLkCZ.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:55 2560 c:\windows\LastGood\System32\CNCFLkCN.DLL
    + 2010-10-19 19:45 . 2009-11-25 20:54 3072 c:\windows\LastGood\System32\CNCFLkAR.DLL
    + 2010-10-19 19:43 . 2009-03-11 21:20 487424 c:\windows\TWAIN_32\MX340 series\usip.dll
    + 2010-10-19 19:43 . 2009-10-27 20:45 241664 c:\windows\TWAIN_32\MX340 series\TPM.dll
    + 2010-10-19 19:43 . 2009-09-17 18:58 139264 c:\windows\TWAIN_32\MX340 series\TDGLIB.dll
    + 2010-10-19 19:43 . 2009-01-21 16:41 122880 c:\windows\TWAIN_32\MX340 series\softfare.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 102400 c:\windows\TWAIN_32\MX340 series\SG_TRK.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 106496 c:\windows\TWAIN_32\MX340 series\SG_SVE.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 110592 c:\windows\TWAIN_32\MX340 series\SG_RUS.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 110592 c:\windows\TWAIN_32\MX340 series\SG_PTB.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 110592 c:\windows\TWAIN_32\MX340 series\SG_PLK.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 102400 c:\windows\TWAIN_32\MX340 series\SG_NOR.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 114688 c:\windows\TWAIN_32\MX340 series\SG_NLD.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 118784 c:\windows\TWAIN_32\MX340 series\SG_ITA.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 106496 c:\windows\TWAIN_32\MX340 series\SG_IND.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 110592 c:\windows\TWAIN_32\MX340 series\SG_HUN.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 114688 c:\windows\TWAIN_32\MX340 series\SG_FRA.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 106496 c:\windows\TWAIN_32\MX340 series\SG_FIN.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 114688 c:\windows\TWAIN_32\MX340 series\SG_ESP.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 102400 c:\windows\TWAIN_32\MX340 series\SG_ENU.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 114688 c:\windows\TWAIN_32\MX340 series\SG_ELL.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 114688 c:\windows\TWAIN_32\MX340 series\SG_DEU.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 106496 c:\windows\TWAIN_32\MX340 series\SG_DAN.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 106496 c:\windows\TWAIN_32\MX340 series\SG_CSY.dll
    + 2010-10-19 19:43 . 2009-11-06 14:33 102400 c:\windows\TWAIN_32\MX340 series\SG_ARA.dll
    + 2010-10-19 19:43 . 2007-07-02 16:04 114688 c:\windows\TWAIN_32\MX340 series\scrprmvl.dll
    + 2010-10-19 19:43 . 2009-07-08 16:00 118784 c:\windows\TWAIN_32\MX340 series\SCRPRMV.DLL
    + 2010-10-19 19:43 . 2009-10-27 20:47 139264 c:\windows\TWAIN_32\MX340 series\SCNIF.dll
    + 2010-10-19 19:43 . 2009-10-27 20:46 335872 c:\windows\TWAIN_32\MX340 series\SCNFLW.dll
    + 2010-10-19 19:43 . 2009-10-27 20:45 208896 c:\windows\TWAIN_32\MX340 series\SCNDB.dll
    + 2010-10-19 19:43 . 2008-01-23 21:45 454656 c:\windows\TWAIN_32\MX340 series\RACSLIB.dll
    + 2010-10-19 19:43 . 2009-01-22 16:09 139264 c:\windows\TWAIN_32\MX340 series\MC2.dll
    + 2010-10-19 19:43 . 2004-06-07 17:58 290816 c:\windows\TWAIN_32\MX340 series\libBLC.dll
    + 2010-10-19 19:43 . 2008-11-07 19:20 176128 c:\windows\TWAIN_32\MX340 series\CUBS.dll
    + 2010-10-19 19:34 . 2009-08-28 10:24 103424 c:\windows\TWAIN_32\MX340 series\cncisco6.dll
    + 2010-10-19 19:43 . 2009-06-30 20:53 148344 c:\windows\TWAIN_32\MX340 series\CNC340P.DAT
    + 2010-10-19 19:43 . 2005-08-24 20:51 126976 c:\windows\TWAIN_32\MX340 series\CFine2.dll
    + 2010-10-19 19:43 . 2008-11-05 15:10 118784 c:\windows\TWAIN_32\MX340 series\CAPS.dll
    + 2010-10-19 19:43 . 2009-10-23 00:22 118784 c:\windows\TWAIN_32\MX340 series\AG.dll
    + 2010-10-19 19:44 . 2009-12-08 10:00 423936 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMURA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 308736 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMUBA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 802816 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMSMA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 670208 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMSBA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 182784 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMPVA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 190976 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMLRA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 585216 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMDRA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 337408 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMD5A5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 103424 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMCPA5.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:24 128000 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFIMk.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:27 623104 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFDLk.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:29 238592 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCF2Uk.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:29 101376 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCF2Gk.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:25 260096 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAWSk.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:27 634368 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAPFk.EXE
    + 2010-10-19 19:44 . 2009-10-22 16:26 381440 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAMGk.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:26 631808 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAAIk.DLL
    + 2010-10-19 19:44 . 2009-10-22 16:27 260608 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAABk.EXE
    + 2010-10-19 19:34 . 2009-12-08 10:00 423936 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMURA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 308736 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMUBA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 802816 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMSMA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 670208 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMSBA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 182784 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMPVA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 190976 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMLRA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 585216 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMDRA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 337408 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMD5A5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 103424 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMCPA5.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:24 128000 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFIMk.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:27 623104 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCFDLk.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:29 238592 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCF2Uk.dll
    + 2010-10-19 19:34 . 2009-10-22 16:29 101376 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCF2Gk.dll
    + 2010-10-19 19:34 . 2009-10-22 16:25 260096 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCAWSk.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:27 634368 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCAPFk.EXE
    + 2010-10-19 19:34 . 2009-10-22 16:26 381440 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCAMGk.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:26 631808 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCAAIk.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:27 260608 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNCAABk.EXE
    + 2010-10-19 19:34 . 2009-10-09 15:01 137216 c:\windows\SYSTEM32\CNMNPUI.DLL
    + 2010-10-19 19:34 . 2009-10-09 15:01 354816 c:\windows\SYSTEM32\CNMNPPM.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 276992 c:\windows\SYSTEM32\CNMLMA5.DLL
    + 2010-10-19 19:34 . 2009-09-10 09:00 179200 c:\windows\SYSTEM32\CNMIUA5.DLL
    + 2010-10-19 19:34 . 2009-10-22 16:24 168448 c:\windows\SYSTEM32\CNCFMSk.EXE
    + 2010-10-19 19:34 . 2009-10-22 16:30 296960 c:\windows\SYSTEM32\CNCF2Lk.DLL
    + 2010-10-19 19:34 . 2009-09-10 08:59 101376 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstUS.dll
    + 2010-10-19 19:34 . 2009-09-23 09:12 101376 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstTW.dll
    + 2010-10-19 19:34 . 2009-10-01 16:21 104960 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstTR.dll
    + 2010-10-19 19:34 . 2009-09-23 15:42 101376 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstTH.dll
    + 2010-10-19 19:34 . 2009-10-01 16:20 104960 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstSE.dll
    + 2010-10-19 19:34 . 2009-10-01 16:18 107008 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstRU.dll
    + 2010-10-19 19:34 . 2009-10-01 16:17 108032 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstPT.dll
    + 2010-10-19 19:34 . 2009-10-01 16:15 111104 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstPL.dll
    + 2010-10-19 19:34 . 2009-10-01 16:14 103424 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstNO.dll
    + 2010-10-19 19:34 . 2009-10-01 16:12 112640 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstNL.dll
    + 2010-10-19 19:34 . 2009-09-23 08:30 101376 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstKR.dll
    + 2010-10-19 19:34 . 2009-10-01 16:09 113152 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstIT.dll
    + 2010-10-19 19:34 . 2009-09-23 09:18 105984 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstID.dll
    + 2010-10-19 19:34 . 2009-10-01 16:07 109568 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstHU.dll
    + 2010-10-19 19:34 . 2009-10-01 16:07 122880 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstGR.dll
    + 2010-10-19 19:34 . 2009-10-01 16:06 114688 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstFR.dll
    + 2010-10-19 19:34 . 2009-10-01 16:00 102912 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstFI.dll
    + 2010-10-19 19:34 . 2009-10-01 15:57 115200 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstES.dll
    + 2010-10-19 19:34 . 2009-10-01 15:55 106496 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstDK.dll
    + 2010-10-19 19:34 . 2009-10-01 15:54 118784 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstDE.dll
    + 2010-10-19 19:34 . 2009-10-01 15:52 104960 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstCZ.dll
    + 2010-10-19 19:34 . 2009-09-23 09:01 101376 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstCN.dll
    + 2010-10-19 19:34 . 2009-10-01 15:51 101376 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\RES\DLL\IJInstAR.dll
    + 2010-10-19 19:34 . 2009-09-10 09:11 457560 c:\windows\SYSTEM32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\DelDrv.exe
     
  15. simpsonrul

    simpsonrul TS Rookie Topic Starter

    I had to split the log. Continued below.


    + 2010-10-19 19:46 . 2009-03-11 21:20 487424 c:\windows\LastGood\twain_32\MX340 series\usip.dll
    + 2010-10-19 19:46 . 2009-10-27 20:45 241664 c:\windows\LastGood\twain_32\MX340 series\TPM.dll
    + 2010-10-19 19:46 . 2009-09-17 18:58 139264 c:\windows\LastGood\twain_32\MX340 series\TDGLIB.dll
    + 2010-10-19 19:46 . 2009-01-21 16:41 122880 c:\windows\LastGood\twain_32\MX340 series\softfare.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 102400 c:\windows\LastGood\twain_32\MX340 series\SG_TRK.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 106496 c:\windows\LastGood\twain_32\MX340 series\SG_SVE.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 110592 c:\windows\LastGood\twain_32\MX340 series\SG_RUS.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 110592 c:\windows\LastGood\twain_32\MX340 series\SG_PTB.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 110592 c:\windows\LastGood\twain_32\MX340 series\SG_PLK.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 102400 c:\windows\LastGood\twain_32\MX340 series\SG_NOR.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 114688 c:\windows\LastGood\twain_32\MX340 series\SG_NLD.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 118784 c:\windows\LastGood\twain_32\MX340 series\SG_ITA.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 106496 c:\windows\LastGood\twain_32\MX340 series\SG_IND.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 110592 c:\windows\LastGood\twain_32\MX340 series\SG_HUN.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 114688 c:\windows\LastGood\twain_32\MX340 series\SG_FRA.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 106496 c:\windows\LastGood\twain_32\MX340 series\SG_FIN.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 114688 c:\windows\LastGood\twain_32\MX340 series\SG_ESP.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 102400 c:\windows\LastGood\twain_32\MX340 series\SG_ENU.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 114688 c:\windows\LastGood\twain_32\MX340 series\SG_ELL.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 114688 c:\windows\LastGood\twain_32\MX340 series\SG_DEU.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 106496 c:\windows\LastGood\twain_32\MX340 series\SG_DAN.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 106496 c:\windows\LastGood\twain_32\MX340 series\SG_CSY.dll
    + 2010-10-19 19:46 . 2009-11-06 14:33 102400 c:\windows\LastGood\twain_32\MX340 series\SG_ARA.dll
    + 2010-10-19 19:46 . 2007-07-02 16:04 114688 c:\windows\LastGood\twain_32\MX340 series\scrprmvl.dll
    + 2010-10-19 19:46 . 2009-07-08 16:00 118784 c:\windows\LastGood\twain_32\MX340 series\SCRPRMV.DLL
    + 2010-10-19 19:46 . 2009-10-27 20:47 139264 c:\windows\LastGood\twain_32\MX340 series\SCNIF.dll
    + 2010-10-19 19:46 . 2009-10-27 20:46 335872 c:\windows\LastGood\twain_32\MX340 series\SCNFLW.dll
    + 2010-10-19 19:46 . 2009-10-27 20:45 208896 c:\windows\LastGood\twain_32\MX340 series\SCNDB.dll
    + 2010-10-19 19:46 . 2008-01-23 21:45 454656 c:\windows\LastGood\twain_32\MX340 series\RACSLIB.dll
    + 2010-10-19 19:46 . 2009-01-22 16:09 139264 c:\windows\LastGood\twain_32\MX340 series\MC2.dll
    + 2010-10-19 19:46 . 2004-06-07 17:58 290816 c:\windows\LastGood\twain_32\MX340 series\libBLC.dll
    + 2010-10-19 19:46 . 2008-11-07 19:20 176128 c:\windows\LastGood\twain_32\MX340 series\CUBS.dll
    + 2010-10-19 19:46 . 2009-08-28 10:24 103424 c:\windows\LastGood\twain_32\MX340 series\cncisco6.dll
    + 2010-10-19 19:46 . 2009-06-30 20:53 148344 c:\windows\LastGood\twain_32\MX340 series\CNC340P.DAT
    + 2010-10-19 19:46 . 2005-08-24 20:51 126976 c:\windows\LastGood\twain_32\MX340 series\CFine2.dll
    + 2010-10-19 19:46 . 2008-11-05 15:10 118784 c:\windows\LastGood\twain_32\MX340 series\CAPS.dll
    + 2010-10-19 19:46 . 2009-10-23 00:22 118784 c:\windows\LastGood\twain_32\MX340 series\AG.dll
    + 2010-10-19 19:45 . 2009-12-08 10:00 423936 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMURA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 308736 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMUBA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 802816 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMSMA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 670208 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMSBA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 182784 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMPVA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 190976 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMLRA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 585216 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMDRA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 337408 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMD5A5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 103424 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMCPA5.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:24 128000 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFIMk.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:27 623104 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCFDLk.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:29 238592 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCF2Uk.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:29 101376 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCF2Gk.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:25 260096 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAWSk.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:27 634368 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAPFk.EXE
    + 2010-10-19 19:45 . 2009-10-22 16:26 381440 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAMGk.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:26 631808 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAAIk.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:27 260608 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series_fa4f0a\CNCAABk.EXE
    + 2010-10-19 19:45 . 2009-12-08 10:00 276992 c:\windows\LastGood\System32\CNMLMA5.DLL
    + 2010-10-19 19:45 . 2009-09-10 09:00 179200 c:\windows\LastGood\System32\CNMIUA5.DLL
    + 2010-10-19 19:45 . 2009-10-22 16:24 168448 c:\windows\LastGood\System32\CNCFMSk.EXE
    + 2010-10-19 19:45 . 2009-10-22 16:30 296960 c:\windows\LastGood\System32\CNCF2Lk.DLL
    + 2010-10-19 19:46 . 2009-10-05 23:05 102400 c:\windows\LastGood\System32\CNC340U.dll
    + 2010-10-19 19:46 . 2009-10-19 21:29 307200 c:\windows\LastGood\System32\CNC340L.dll
    + 2010-10-19 19:46 . 2009-10-05 23:08 110592 c:\windows\LastGood\System32\CNC340I.dll
    + 2010-10-19 19:43 . 2008-12-26 15:57 1159168 c:\windows\TWAIN_32\MX340 series\SGCFLTR.dll
    + 2010-10-19 19:43 . 2009-10-27 20:51 1245184 c:\windows\TWAIN_32\MX340 series\SG_IMG.dll
    + 2010-10-19 19:43 . 2009-10-27 20:51 1081344 c:\windows\TWAIN_32\MX340 series\SCNUI.dll
    + 2010-10-19 19:43 . 2009-04-30 13:45 1875968 c:\windows\TWAIN_32\MX340 series\FDP.dll
    + 2010-10-19 19:43 . 2009-06-16 20:40 2102320 c:\windows\TWAIN_32\MX340 series\CNC340R.DAT
    + 2010-10-19 19:44 . 2009-12-08 10:00 2914816 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMUIA5.DLL
    + 2010-10-19 19:44 . 2009-12-08 10:00 2308608 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\canonmx340_series43ab\CNMCBA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 2914816 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMUIA5.DLL
    + 2010-10-19 19:34 . 2009-12-08 10:00 2308608 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMCBA5.DLL
    + 2010-10-19 19:46 . 2008-12-26 15:57 1159168 c:\windows\LastGood\twain_32\MX340 series\SGCFLTR.dll
    + 2010-10-19 19:46 . 2009-10-27 20:51 1245184 c:\windows\LastGood\twain_32\MX340 series\SG_IMG.dll
    + 2010-10-19 19:46 . 2009-10-27 20:51 1081344 c:\windows\LastGood\twain_32\MX340 series\SCNUI.dll
    + 2010-10-19 19:46 . 2009-04-30 13:45 1875968 c:\windows\LastGood\twain_32\MX340 series\FDP.dll
    + 2010-10-19 19:46 . 2009-06-16 20:40 2102320 c:\windows\LastGood\twain_32\MX340 series\CNC340R.DAT
    + 2010-10-19 19:45 . 2009-12-08 10:00 2914816 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMUIA5.DLL
    + 2010-10-19 19:45 . 2009-12-08 10:00 2308608 c:\windows\LastGood\System32\spool\DRIVERS\W32X86\canonmx340_series43ab\CNMCBA5.DLL
    + 2010-10-19 19:46 . 2009-10-05 23:09 1310720 c:\windows\LastGood\System32\CNC340C.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]

    c:\documents and settings\Joseph\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Joseph\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    1 [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    2005-11-30 14:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    2002-09-11 02:26 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-11-02 01:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
    2005-12-14 19:56 2711552 ----a-w- c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
    2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    2007-12-14 16:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
    2009-09-28 22:56 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2003-07-02 12:38 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv4]
    2004-04-19 14:19 24576 ----a-w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Joseph\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "g:\\Program Files\\StarNet\\X-Win32 2010\\xwin32.exe"=
    "g:\\Program Files\\StarNet\\X-Win32 2010\\esd.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [9/1/2010 7:54 AM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [9/1/2010 7:54 AM 17744]
    R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2500usb.sys [10/4/2010 9:59 PM 79616]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [8/25/2005 2:00 PM 466880]
    S3 ATWPKT;ATWPKT;c:\windows\SYSTEM32\DRIVERS\atwpkt.sys [8/5/2003 12:20 PM 19140]
    S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [10/2/2009 12:37 AM 47624]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\SYSTEM32\DRIVERS\RsFx0102.sys [7/10/2008 2:49 AM 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - GTNDIS5
    *NewlyCreated* - IJPLMSVC
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.dellnet.com
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: c:\progra~1\COMMON~1\BTLINK\btlink.dll//iemenu
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - c:\program files\royalvegasMPP\MPPoker.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Greenback Bayou by pogo.com - hxxp://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\g8jj51lf.Default User\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe


    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1748)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-10-19 18:16:18
    ComboFix-quarantined-files.txt 2010-10-19 23:16
    ComboFix2.txt 2010-10-17 13:39

    Pre-Run: 9,407,213,568 bytes free
    Post-Run: 9,374,322,688 bytes free

    - - End Of File - - F3531F63395A750B40B22B3BEAEDAEA8
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, the entry for System Volume in Eset is a restore point. It isn't active in the system and will be removed in a bit. Sorry you got the long 'snapshot' from Combofix- the Combofix log looks pretty good- just a few removals>> please disable the security before running the script:

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\dllcache\OLDA40.tmp
    c:\windows\system32\dllcache\OLD87B.tmp
    c:\windows\system32\dllcache\OLD6DD.tmp
    c:\windows\system32\dllcache\OLD538.tmp
    c:\windows\system32\dllcache\OLD27.tmp
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Download the HijackThis Installer and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  17. simpsonrul

    simpsonrul TS Rookie Topic Starter

    ComboFix 10-10-20.04 - Joseph 10/21/2010 18:05:30.4.4 - x86
    Running from: c:\documents and settings\Joseph\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Joseph\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\windows\system32\dllcache\OLD27.tmp"
    "c:\windows\system32\dllcache\OLD538.tmp"
    "c:\windows\system32\dllcache\OLD6DD.tmp"
    "c:\windows\system32\dllcache\OLD87B.tmp"
    "c:\windows\system32\dllcache\OLDA40.tmp"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\dllcache\OLD27.tmp
    c:\windows\system32\dllcache\OLD538.tmp
    c:\windows\system32\dllcache\OLD6DD.tmp
    c:\windows\system32\dllcache\OLD87B.tmp
    c:\windows\system32\dllcache\OLDA40.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
    .

    2010-10-21 22:58 . 2010-10-21 22:58 388096 ----a-r- c:\documents and settings\Joseph\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-21 04:05 . 2004-05-26 19:53 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
    2010-10-21 04:05 . 2004-05-07 18:47 79616 ----a-w- c:\windows\system32\rt2500usb.sys
    2010-10-21 04:05 . 2004-04-24 03:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
    2010-10-21 04:05 . 2004-01-07 22:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
    2010-10-19 19:47 . 2010-10-19 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
    2010-10-19 19:47 . 2010-10-19 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
    2010-10-19 19:43 . 2009-10-19 21:29 307200 ----a-w- c:\windows\system32\CNC340L.dll
    2010-10-19 19:43 . 2009-10-05 23:09 1310720 ----a-w- c:\windows\system32\CNC340C.dll
    2010-10-19 19:43 . 2009-10-05 23:08 110592 ----a-w- c:\windows\system32\CNC340I.dll
    2010-10-19 19:43 . 2009-10-05 23:05 102400 ----a-w- c:\windows\system32\CNC340U.dll
    2010-10-19 19:43 . 2008-08-25 23:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2010-10-19 19:26 . 2010-10-19 19:47 -------- d-----w- c:\program files\Canon
    2010-10-17 01:32 . 2010-10-17 01:32 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-15 21:40 . 2010-10-15 21:40 -------- d-----w- c:\program files\Trend Micro
    2010-10-14 15:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-14 15:55 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-14 15:49 . 2010-10-14 15:49 -------- dc----w- c:\documents and settings\Joseph\Application Data\Malwarebytes
    2010-10-14 15:49 . 2010-10-14 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-11 20:43 . 2010-10-11 20:45 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-10-11 12:57 . 2010-10-11 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
    2010-10-11 03:22 . 2010-10-11 03:22 -------- d-----w- C:\BJPrinter
    2010-10-10 23:03 . 2010-10-10 23:49 -------- d-----w- c:\program files\CCleaner
    2010-10-10 22:41 . 2008-04-14 03:05 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
    2010-10-10 22:40 . 2001-08-17 18:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
    2010-10-10 22:39 . 2001-08-17 18:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
    2010-10-10 22:38 . 2001-08-17 18:28 73279 ----a-w- c:\windows\system32\dllcache\OLDA38.tmp
    2010-10-10 22:37 . 2008-04-14 05:09 206976 ----a-w- c:\windows\system32\dllcache\OLD86B.tmp
    2010-10-10 22:36 . 2001-08-18 03:37 244224 ----a-w- c:\windows\system32\dllcache\OLD6E5.tmp
    2010-10-10 22:35 . 2001-08-18 03:36 61440 ----a-w- c:\windows\system32\dllcache\OLD530.tmp
    2010-10-07 21:22 . 2010-10-07 21:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-07 20:17 . 2001-08-18 03:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-10-07 20:16 . 2001-08-18 03:36 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
    2010-10-07 20:15 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
    2010-10-05 02:59 . 2004-05-07 18:47 79616 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
    2010-10-05 02:59 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
    2010-10-05 02:59 . 2003-09-26 04:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
    2010-10-05 02:59 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
    2010-10-05 02:59 . 2010-10-21 04:05 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-10-19_23.09.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2002-09-03 14:05 . 2010-10-20 19:21 346608 c:\windows\SYSTEM32\FNTCACHE.DAT
    + 2010-10-21 22:58 . 2010-10-21 22:58 1094656 c:\windows\Installer\126a7ca.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
    "WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]

    c:\documents and settings\Joseph\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Joseph\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    1 [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    2005-11-30 14:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    2002-09-11 02:26 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-11-02 01:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
    2005-12-14 19:56 2711552 ----a-w- c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
    2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    2007-12-14 16:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
    2009-09-28 22:56 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2003-07-02 12:38 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Joseph\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "g:\\Program Files\\StarNet\\X-Win32 2010\\xwin32.exe"=
    "g:\\Program Files\\StarNet\\X-Win32 2010\\esd.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [9/1/2010 7:54 AM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [9/1/2010 7:54 AM 17744]
    R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2500usb.sys [10/4/2010 9:59 PM 79616]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [8/25/2005 2:00 PM 466880]
    S3 ATWPKT;ATWPKT;c:\windows\SYSTEM32\DRIVERS\atwpkt.sys [8/5/2003 12:20 PM 19140]
    S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [10/2/2009 12:37 AM 47624]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\SYSTEM32\DRIVERS\RsFx0102.sys [7/10/2008 2:49 AM 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - GTNDIS5
    *NewlyCreated* - MDC8021X
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.dellnet.com
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: c:\progra~1\COMMON~1\BTLINK\btlink.dll//iemenu
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - c:\program files\royalvegasMPP\MPPoker.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Greenback Bayou by pogo.com - hxxp://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\g8jj51lf.Default User\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\documents and settings\Joseph\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\Joseph\Application Data\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\Joseph\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    Completion time: 2010-10-21 18:20:37
    ComboFix-quarantined-files.txt 2010-10-21 23:20
    ComboFix2.txt 2010-10-19 23:16
    ComboFix3.txt 2010-10-17 13:39

    Pre-Run: 10,685,263,872 bytes free
    Post-Run: 10,647,511,040 bytes free

    - - End Of File - - D021091EE49B8F295566C3FA160D1259
     
  18. simpsonrul

    simpsonrul TS Rookie Topic Starter

    The first was the ComboFix log, and the below is the HijackThis log.
    Thanks

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:48:20 PM, on 10/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
    C:\Documents and Settings\Joseph\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Joseph\Application Data\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166575499328
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
    O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 9746 bytes
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This will remve all the Java- otherwise you'll have to remove them all in addons.

    Please download JavaRa and unzip it to your desktop.

    Important!
    ***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.

    Then download and install then most current version and update of Java Runtime
    Environment (JRE)
    HERE.

    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -


    Close all windows except HijackThis and click on "Fix Checked."

    I also found the McAfee entry in addons, Go back and check both sections and remove it.

    I'll be back after dinner for the Combofix.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please give me the status on your system now, Are you working in Normal Mode? What problems, if any, remain?
     
  21. simpsonrul

    simpsonrul TS Rookie Topic Starter

    The status of my computer is that it is working. I have been working in Normal Mode for some time, but residual problems remain. The biggest is that my computer takes an extremely long time to fully startup windows (5+ minutes). Until it is full started, I have the same problems that I complained about at the top of the thread, but it does eventually startup.

    I have also run JavaRa and deleted the HijackTHis entries that I could find. Here is the JavaRa log.


    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Oct 23 18:52:21 2010

    Found and removed: C:\Program Files\Java\j2re1.4.2_04

    Found and removed: C:\Documents and Settings\Joseph\Application Data\Sun\Java\jre1.6.0_10

    Found and removed: C:\Documents and Settings\Joseph\Application Data\Sun\Java\jre1.6.0_11

    Found and removed: C:\Documents and Settings\Joseph\Application Data\Sun\Java\jre1.6.0_13

    Found and removed: C:\Documents and Settings\Joseph\Application Data\Sun\Java\jre1.6.0_15

    Found and removed: C:\Documents and Settings\Joseph\Application Data\Sun\Java\jre1.6.0_17

    Found and removed: Software\JavaSoft\Java2D\1.5.0_02

    Found and removed: Software\JavaSoft\Java2D\1.5.0_05

    Found and removed: Software\JavaSoft\Java2D\1.5.0_06

    Found and removed: Software\JavaSoft\Java2D\1.5.0_09

    Found and removed: Software\JavaSoft\Java2D\1.5.0_10

    Found and removed: Software\JavaSoft\Java2D\1.5.0_11

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\JavaPlugin.142_04

    Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\JavaPlugin.160_02

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\JavaSoft\Java2D\1.6.0_01

    Found and removed: Software\JavaSoft\Java2D\1.6.0_02

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Oct 23 18:52:47 2010

    ------------------------------------

    Finished reporting.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Since you can now access the System Properties, check and see how much 'a lot of RAM' is!
    Control Panel> System> On the System Properties screen, you will see an entry that tells you how much RAM is installed. Find that and post it for me please.

    Going by all the outdated, left over, files I saw, I'm thinking you aren't doing regular maintenance on the system: Here are some basics:

    Basic Maintenance for the Computer System

    1. Error Checking (CHKDSK) This checks your hard drive for errors. With Windows XP, you will need to restart your computer after selecting this task for it to run.

    2. Disk defrag, This takes all of the bits of data on your hard drive and puts them in order. If you use your computer a lot, you can have data scattered all over your hard drive. It makes you computer run slower when it is looking for this information.

    3. Deleting temporary internet files, Each time you go to a site, a temporary file is placed on you computer's hard drive. These can add up to a lot of space if not deleted regularly.

    4. Deleting cookies, These are small files web site put on your hard drive to identify you and track your surfing habits. If you have a password save for a certain web site, deleting your cookies will delete that as well. Over the years there have been some lively debates about how often to do this. I don't very often, others do it daily. It is really up to each person.
    5. Delete History- This is similar to temporary internet files. But when you delete History, it deletes the URLs in the Address box drop-down menu.

    6. Uninstall unused programs or apps you don't use. Note how many old Java files were removed!

    7. Keep Startup simple: you only need the AV program, third party firewall if you have one, touchpad process if on laptop, network process if using a home network program. You don't need the printer, scanner, camera, media players on Satrtup.
    ===============================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any questions.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...