pc acting weird..

  1. 10-02-2010  #1
    j-brown
    j-brown is offline Newbie

    pc acting weird..

    hi guys,

    problems are,can't connect to some web sites using ie8 or firefox, including firefox add-ons.
    sites have always worked before like (currys uk, firefox add-ons).pc just crashes completely and i have to switch it off at the wall socket.
    sometimes it's just the cursor that freezes then just judders across the screen but wont click on anything.
    i have already run the following programs, some found a couple of "probable" trojans and removed them.programs are:spybot s+d--malwarebytes--superantispyware--avg free--eset online scanner--kaspersky online scanner.
    i am using windows xp home sp3 which has all the latest updates.
    thankyou
    hope you can help guys.

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 21:50:34, on 10/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Belkin\F5D8055\v1\Belkinwcui.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing UK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Search Marketing UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [F5D8055v1] C:\Program Files\Belkin\F5D8055\v1\Belkinwcui.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 6429 bytes
  2. 11-02-2010  #2
    broni
    broni is offline Senior Member
    Please download ComboFix from Here or Here to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. 11-02-2010  #3
    j-brown
    j-brown is offline Newbie
    hi mate,
    thanks for quick reply.
    my son has installed "avira" anti virus instead of "avg"(he doesn't like avg?).
    he has also installed his canon printer,so i have included a new hjt log.
    hope it hasn't caused you any trouble.

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 14:07:15, on 11/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Belkin\F5D8055\v1\Belkinwcui.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing UK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Search Marketing UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [F5D8055v1] C:\Program Files\Belkin\F5D8055\v1\Belkinwcui.exe
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 6650 bytes

    ComboFix 10-02-10.05 - HP_Owner 11/02/2010 14:10:33.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.620 [GMT 0:00]
    Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
    .

    2010-02-11 14:00 . 2010-02-11 14:00 -------- d-----w- c:\windows\LastGood
    2010-02-11 14:00 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-02-11 14:00 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-02-11 14:00 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-02-11 14:00 . 2010-02-11 14:00 -------- d-----w- c:\program files\Avira
    2010-02-11 14:00 . 2010-02-11 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-02-11 12:51 . 2010-02-11 12:51 -------- d-----w- c:\windows\Sun
    2010-02-11 12:32 . 2010-02-11 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
    2010-02-11 12:32 . 2009-10-23 15:01 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    2010-02-11 12:32 . 2006-11-29 14:44 161976 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
    2010-02-11 12:32 . 2010-02-11 12:32 -------- d-----w- c:\program files\Zylom Games
    2010-02-10 23:35 . 2008-07-14 20:20 95744 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP620 series Printer\LanguageModules\0407\CNMsr9D.dll
    2010-02-10 23:31 . 2010-02-10 23:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2010-02-10 23:30 . 2008-10-08 20:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9D. DLL
    2010-02-10 23:30 . 2008-10-08 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9D. DLL
    2010-02-10 23:30 . 2008-10-08 20:00 230912 ----a-w- c:\windows\system32\CNMLM9D.DLL
    2010-02-10 23:30 . 2010-02-10 23:30 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2010-02-10 23:30 . 2008-05-30 00:27 270336 ----a-w- c:\windows\system32\CNC620L.DLL
    2010-02-10 23:30 . 2008-04-07 05:58 1339392 ----a-w- c:\windows\system32\CNC620C.DLL
    2010-02-10 23:30 . 2008-04-07 05:58 98304 ----a-w- c:\windows\system32\CNC620I.DLL
    2010-02-10 23:30 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC620O.DLL
    2010-02-10 23:29 . 2010-02-10 23:29 -------- d--h--w- c:\program files\CanonBJ
    2010-02-10 23:29 . 2007-05-14 06:49 142336 ----a-w- c:\windows\system32\CNMNPUI.DLL
    2010-02-10 23:29 . 2007-05-14 06:49 362496 ----a-w- c:\windows\system32\CNMNPPM.DLL
    2010-02-10 23:28 . 2010-02-10 23:38 -------- d-----w- c:\program files\Canon
    2010-02-10 16:07 . 2010-02-10 16:07 -------- d-----w- c:\program files\AVG
    2010-02-10 01:23 . 2010-02-10 01:23 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-10 01:23 . 2010-02-10 01:23 -------- d-----w- c:\program files\TrendMicro
    2010-02-09 22:45 . 2010-02-09 23:06 -------- d-----w- c:\documents and settings\HP_Owner\DoctorWeb
    2010-02-09 18:23 . 2010-02-09 18:23 -------- d-----w- c:\program files\WOT
    2010-02-09 00:22 . 2010-02-11 00:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\wsInspector
    2010-02-09 00:19 . 2010-02-09 00:20 -------- d-----w- c:\program files\Startup Inspector for Windows
    2010-02-08 21:13 . 2010-02-08 21:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-02-08 21:13 . 2010-02-08 21:13 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-02-08 21:13 . 2008-07-30 15:44 619136 ----a-w- c:\windows\system32\drivers\rt2870.sys
    2010-02-08 21:13 . 2008-06-23 16:20 4096 ------w- c:\windows\system32\drivers\RT2870.bin
    2010-02-08 21:13 . 2008-05-20 17:23 200704 ------w- c:\windows\system32\UpdateDriver.exe
    2010-02-08 21:12 . 2010-02-08 21:12 -------- d-----w- c:\program files\Belkin
    2010-02-08 21:12 . 2010-02-08 21:12 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\InstallShield
    2010-02-08 00:43 . 2010-02-08 00:43 -------- d-----w- c:\program files\MRU-Blaster
    2010-02-08 00:28 . 2010-02-08 00:28 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Ahead
    2010-02-08 00:24 . 2010-02-08 00:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Ahead
    2010-02-08 00:24 . 2010-02-08 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
    2010-02-08 00:22 . 2010-02-08 00:23 -------- d-----w- c:\program files\Common Files\Ahead
    2010-02-08 00:22 . 2010-02-08 00:22 -------- d-----w- c:\program files\Nero
    2010-02-08 00:22 . 2010-02-08 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2010-02-07 23:53 . 2010-02-07 23:54 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-02-07 12:34 . 2010-02-07 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2010-02-07 12:34 . 2010-02-07 12:34 -------- d-----w- c:\program files\DVD Shrink
    2010-02-07 00:57 . 2010-02-07 00:57 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Thunderbird
    2010-02-07 00:57 . 2010-02-07 00:57 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Thunderbird
    2010-02-07 00:57 . 2010-02-10 18:56 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-02-07 00:52 . 2010-02-07 00:52 18296 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-07 00:47 . 2010-02-07 00:48 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-07 00:44 . 2010-02-07 00:44 -------- d-----w- c:\program files\RocketDock
    2010-02-07 00:43 . 2010-02-07 00:43 -------- d-----w- c:\program files\CCleaner
    2010-02-07 00:42 . 2010-02-07 00:42 -------- d-----w- c:\program files\7-Zip
    2010-02-07 00:30 . 2010-02-07 00:30 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c6bcf-n\msvcp71.dll
    2010-02-07 00:30 . 2010-02-07 00:30 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c6bcf-n\jmc.dll
    2010-02-07 00:30 . 2010-02-07 00:30 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c6bcf-n\msvcr71.dll
    2010-02-07 00:30 . 2010-02-07 00:30 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-5d1d9c4b-n\decora-sse.dll
    2010-02-07 00:30 . 2010-02-07 00:30 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-5d1d9c4b-n\decora-d3d.dll
    2010-02-07 00:27 . 2010-02-07 00:27 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll
    2010-02-06 22:02 . 2010-02-06 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2010-02-06 22:02 . 2010-02-06 22:02 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
    2010-02-06 22:02 . 2010-02-06 22:02 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2010-02-06 22:02 . 2010-02-06 22:02 171552 ----a-w- c:\windows\system32\guard32.dll
    2010-02-06 22:02 . 2010-02-06 22:02 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2010-02-06 22:02 . 2010-02-06 22:02 -------- d-----w- c:\program files\COMODO
    2010-02-06 22:00 . 2010-02-06 22:00 -------- d-----w- c:\windows\Internet Logs
    2010-02-06 21:57 . 2010-02-06 21:57 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\AOL
    2010-02-06 21:57 . 2003-08-27 10:29 65536 ----a-w- c:\windows\wanmpsvc.exe
    2010-02-06 18:18 . 2010-02-06 18:18 -------- d-----w- c:\program files\LSI SoftModem
    2010-02-06 18:12 . 2010-02-06 18:12 -------- d-----w- c:\windows\system32\XPSViewer
    2010-02-06 18:12 . 2010-02-06 18:12 -------- d-----w- c:\program files\MSBuild
    2010-02-06 18:12 . 2010-02-06 18:12 -------- d-----w- c:\program files\Reference Assemblies
    2010-02-06 18:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
    2010-02-06 18:11 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
    2010-02-06 18:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-02-06 18:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-02-06 18:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-02-06 18:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
    2010-02-06 18:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
    2010-02-06 18:11 . 2010-02-06 18:12 -------- d-----w- C:\80972ee0b99bd0d1d2
    2010-02-06 18:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-02-06 18:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-02-06 18:07 . 2010-02-06 18:07 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-02-06 18:06 . 2010-02-09 01:14 -------- d-----w- c:\windows\system32\LogFiles
    2010-02-06 18:06 . 2010-02-06 18:06 -------- d-----w- c:\windows\system32\drivers\UMDF
    2010-02-06 18:05 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
    2010-02-06 18:05 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
    2010-02-06 18:05 . 2008-04-14 00:12 363520 ----a-w- c:\windows\system32\PsisDecd.dll
    2010-02-06 18:05 . 2008-04-14 00:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
    2010-02-06 18:05 . 2008-04-13 18:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
    2010-02-06 18:05 . 2008-04-13 18:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
    2010-02-06 16:43 . 2010-02-11 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-02-06 16:43 . 2010-02-06 16:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-02-06 15:44 . 2010-02-07 00:29 -------- d-----w- c:\program files\SpywareGuard
    2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IObit
    2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\program files\IObit
    2010-02-06 15:02 . 2010-02-06 15:02 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
    2010-02-06 14:27 . 2010-02-06 14:27 -------- d-sh--w- c:\documents and settings\HP_Owner\PrivacIE
    2010-02-06 14:25 . 2010-02-06 14:25 -------- d-sh--w- c:\documents and settings\HP_Owner\IECompatCache
    2010-02-06 14:23 . 2010-02-06 14:23 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
    2010-02-06 14:23 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-06 14:23 . 2010-02-06 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-06 14:23 . 2010-02-06 14:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-06 14:23 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-06 14:21 . 2010-02-06 14:21 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
    2010-02-06 14:21 . 2010-02-09 15:34 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
    2010-02-06 14:21 . 2010-02-06 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-02-06 14:20 . 2010-02-06 14:21 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-02-06 14:20 . 2010-02-06 14:20 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
    2010-02-06 14:20 . 2010-02-06 14:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-02-06 05:13 . 2010-02-11 13:58 249 ----a-w- c:\windows\system\hpsysdrv.dat
    2010-02-06 05:12 . 2010-02-05 22:34 -------- d-----w- c:\windows\I386
    2010-02-05 23:48 . 2010-02-05 23:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-02-05 23:43 . 2010-02-05 23:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-02-05 23:43 . 2010-02-05 23:43 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\CheckPoint
    2010-02-05 23:43 . 2010-02-06 22:00 -------- d-----w- c:\program files\CheckPoint
    2010-02-05 23:43 . 2010-02-05 23:43 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2010-02-05 23:40 . 2010-02-05 23:40 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache
    2010-02-05 23:36 . 2010-02-05 23:36 -------- d-----w- c:\program files\MSXML 4.0
    2010-02-05 23:34 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-05 23:34 . 2010-02-06 18:18 -------- d-----w- c:\windows\ie8updates

    combo fix
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-02-10 23:35 . 2010-02-10 23:35 -------- d-----w- c:\program files\Common Files\CANON
    2010-02-08 21:13 . 2005-01-01 16:12 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-07 00:29 . 2005-01-01 15:50 -------- d-----w- c:\program files\Java
    2010-02-05 23:11 . 2010-02-05 23:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\ bin\jsharpde\pchapi.dll
    2010-02-05 22:31 . 2005-01-01 16:24 -------- d-----w- c:\program files\Easy Internet signup
    2010-02-05 22:25 . 2010-02-05 22:25 -------- d-----w- c:\program files\Learn2.com
    2010-02-05 22:25 . 2010-02-05 22:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\You've Got Pictures Screensaver
    2010-02-05 22:25 . 2010-02-05 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-02-05 22:25 . 2010-02-05 22:24 -------- d-----w- c:\program files\Common Files\aolshare
    2010-02-05 22:25 . 2010-02-05 22:25 -------- d-----w- c:\program files\Common Files\Nullsoft
    2010-02-05 22:22 . 2010-02-05 22:22 1900 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PX632AA-ABU t3049.uk_YC_0Pavi_QCZB518_E52GBheBLF2_47_IGrouper_ SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXH2_L409_M1024_J200_7Int el_8Pentium 4_93_#050607_N10EC8139_Z11C1048C_G10025B60.MRK
    2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-22 05:20 . 2009-12-22 05:20 81920 ------w- c:\windows\system32\ieencode.dll
    2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
    2009-12-16 18:43 . 2004-08-04 12:00 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26 . 2004-08-04 11:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2004-08-04 18:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-12-04 18:22 . 2004-08-04 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-11-27 17:11 . 2004-08-04 18:00 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 16:07 . 2004-08-04 18:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07 . 2004-08-04 18:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2005-06-09 17:30 . 2010-02-06 05:13 22 --sha-w- c:\windows\SMINST\HPCD.SYS
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-02-09_15.54.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 20:54 . 2009-07-11 20:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
    + 2009-07-11 20:32 . 2009-07-11 20:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
    + 2009-07-12 01:07 . 2009-07-12 01:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
    + 2009-07-12 01:19 . 2009-07-12 01:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
    + 2009-07-11 19:41 . 2009-07-11 19:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    + 2010-02-10 23:37 . 2007-09-11 05:21 86016 c:\windows\twain_32\MP620 series_001E8F70888F\RSTCOL.DLL
    + 2010-02-10 23:37 . 2008-02-12 06:42 90112 c:\windows\twain_32\MP620 series_001E8F70888F\MC2Plus.dll
    + 2010-02-10 23:37 . 2008-04-17 04:20 94208 c:\windows\twain_32\MP620 series_001E8F70888F\JPRCV.dll
    + 2010-02-10 23:37 . 2008-05-06 23:37 38362 c:\windows\twain_32\MP620 series_001E8F70888F\IPM.DAT
    + 2010-02-10 23:37 . 2007-12-06 04:46 73728 c:\windows\twain_32\MP620 series_001E8F70888F\IJFSHLIB.DLL
    + 2010-02-10 23:37 . 2007-11-08 23:48 53248 c:\windows\twain_32\MP620 series_001E8F70888F\HSL.DLL
    + 2010-02-10 23:37 . 2008-02-12 06:42 73728 c:\windows\twain_32\MP620 series_001E8F70888F\DDT.dll
    + 2010-02-10 23:37 . 2008-04-15 04:55 30720 c:\windows\twain_32\MP620 series_001E8F70888F\CNC620.DAT
    + 2010-02-10 23:37 . 2007-11-05 11:14 14848 c:\windows\twain_32\MP620 series_001E8F70888F\caddisnt.dll
    + 2010-02-10 23:37 . 2005-04-15 06:34 57344 c:\windows\twain_32\MP620 series_001E8F70888F\BaLCo.dll
    + 2010-02-10 23:30 . 2007-09-11 05:21 86016 c:\windows\twain_32\MP620 series\RSTCOL.DLL
    + 2010-02-10 23:30 . 2008-02-12 06:42 90112 c:\windows\twain_32\MP620 series\MC2Plus.dll
    + 2010-02-10 23:30 . 2008-04-17 04:20 94208 c:\windows\twain_32\MP620 series\JPRCV.dll
    + 2010-02-10 23:30 . 2008-05-06 23:37 38362 c:\windows\twain_32\MP620 series\IPM.DAT
    + 2010-02-10 23:30 . 2007-12-06 04:46 73728 c:\windows\twain_32\MP620 series\IJFSHLIB.DLL
    + 2010-02-10 23:30 . 2007-11-08 23:48 53248 c:\windows\twain_32\MP620 series\HSL.DLL
    + 2010-02-10 23:30 . 2008-02-12 06:42 73728 c:\windows\twain_32\MP620 series\DDT.dll
    + 2010-02-10 23:30 . 2008-04-15 04:55 30720 c:\windows\twain_32\MP620 series\CNC620.DAT
    + 2010-02-10 23:30 . 2007-11-05 11:14 14848 c:\windows\twain_32\MP620 series\caddisnt.dll
    + 2010-02-10 23:30 . 2005-04-15 06:34 57344 c:\windows\twain_32\MP620 series\BaLCo.dll
    + 2010-02-10 23:30 . 2008-10-08 20:00 11264 c:\windows\system32\spool\drivers\w32x86\3\CNMW39D .DLL
    + 2010-02-10 23:30 . 2008-10-08 15:38 51024 c:\windows\system32\spool\drivers\w32x86\3\CNMVS9D .EXE
    + 2010-02-10 23:30 . 2008-10-08 20:00 13824 c:\windows\system32\spool\drivers\w32x86\3\CNMVS9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 77312 c:\windows\system32\spool\drivers\w32x86\3\CNMSR9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 44032 c:\windows\system32\spool\drivers\w32x86\3\CNMSQ9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 15:38 18768 c:\windows\system32\spool\drivers\w32x86\3\CNMSE9D .EXE
    + 2010-02-10 23:30 . 2008-10-08 20:00 47616 c:\windows\system32\spool\drivers\w32x86\3\CNMSD9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 12288 c:\windows\system32\spool\drivers\w32x86\3\CNMPI9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 15:00 30320 c:\windows\system32\spool\drivers\w32x86\3\CNMP29D .DAT
    + 2010-02-10 23:30 . 2008-10-08 15:00 27140 c:\windows\system32\spool\drivers\w32x86\3\CNMP19D .DAT
    + 2010-02-10 23:30 . 2008-10-08 15:00 23280 c:\windows\system32\spool\drivers\w32x86\3\CNMP09D .DAT
    + 2010-02-10 23:30 . 2008-10-08 20:00 25088 c:\windows\system32\spool\drivers\w32x86\3\CNMOP9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 59904 c:\windows\system32\spool\drivers\w32x86\3\CNMLH9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 10240 c:\windows\system32\spool\drivers\w32x86\3\CNMFU9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 29184 c:\windows\system32\spool\drivers\w32x86\3\CNMEI9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 93184 c:\windows\system32\spool\drivers\w32x86\3\CNMCP9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 11264 c:\windows\system32\spool\drivers\w32x86\3\CNMBU9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 33280 c:\windows\system32\spool\drivers\w32x86\3\CNMBS9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 11264 c:\windows\system32\spool\drivers\w32x86\3\CNMBM9D .DLL
    + 2010-02-06 18:08 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
    - 2010-02-05 22:39 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys
    + 2010-02-11 14:00 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys
    + 2004-08-04 18:00 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
    + 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
    + 2004-08-04 18:00 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
    + 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
    + 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
    + 2010-02-10 23:30 . 2008-02-14 02:56 49664 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstUS. dll
    + 2010-02-10 23:30 . 2008-02-03 07:45 49664 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstTW. dll
    + 2010-02-10 23:30 . 2008-02-11 01:26 50688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstTR. dll
    + 2010-02-10 23:30 . 2008-02-03 07:58 49664 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstTH. dll
    + 2010-02-10 23:30 . 2008-02-11 01:26 50176 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstSE. dll
    + 2010-02-10 23:30 . 2008-02-11 01:26 52736 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstRU. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 51712 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstPT. dll
    + 2010-02-10 23:30 . 2008-02-18 00:56 53760 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstPL. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 50176 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstNO. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 53760 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstNL. dll
    + 2010-02-10 23:30 . 2008-02-03 07:52 49664 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstKR. dll
    + 2010-02-10 23:30 . 2008-02-14 02:56 38912 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstJP. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 54272 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstIT. dll
    + 2010-02-10 23:30 . 2008-02-03 08:13 51200 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstID. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 51712 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstHU. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 57344 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstGR. dll
    + 2010-02-10 23:30 . 2008-02-18 00:56 54784 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstFR. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 50688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstFI. dll
    + 2010-02-10 23:30 . 2008-02-19 01:46 54784 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstES. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 50688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstDK. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 57344 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstDE. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 50688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstCZ. dll
    + 2010-02-10 23:30 . 2008-02-03 07:30 49664 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstCN. dll
    + 2010-02-10 23:30 . 2008-02-11 01:25 49664 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\RES\DLL\IJInstAR. dll
    + 2010-02-11 14:00 . 2009-11-25 11:19 56816 c:\windows\LastGood\system32\DRIVERS\avgntflt.sys
    + 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
    + 2010-02-10 23:37 . 2007-11-27 01:18 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESUS.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4096 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESTW.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESTR.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESTH.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESSE.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESRU.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESPT.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESPL.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESNO.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESNL.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4096 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESKR.DLL
    + 2010-02-10 23:37 . 2007-11-27 01:18 4096 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESJP.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESIT.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESID.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESHU.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESGR.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESFR.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESFI.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESES.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESDK.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESDE.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESCZ.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4096 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESCN.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series_001E8F70888F\USDRESAR.DLL
    + 2010-02-10 23:30 . 2007-11-27 01:18 4608 c:\windows\twain_32\MP620 series\USDRESUS.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4096 c:\windows\twain_32\MP620 series\USDRESTW.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESTR.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESTH.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESSE.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series\USDRESRU.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESPT.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESPL.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESNO.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESNL.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4096 c:\windows\twain_32\MP620 series\USDRESKR.DLL
    + 2010-02-10 23:30 . 2007-11-27 01:18 4096 c:\windows\twain_32\MP620 series\USDRESJP.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESIT.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESID.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESHU.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESGR.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series\USDRESFR.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series\USDRESFI.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 5120 c:\windows\twain_32\MP620 series\USDRESES.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESDK.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESDE.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESCZ.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4096 c:\windows\twain_32\MP620 series\USDRESCN.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:28 4608 c:\windows\twain_32\MP620 series\USDRESAR.DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 9216 c:\windows\system32\spool\drivers\w32x86\3\CNML29D .DLL
    + 2010-02-10 23:36 . 2001-08-17 13:53 6784 c:\windows\system32\drivers\serscan.sys
    + 2004-08-04 18:00 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
    + 2010-02-10 23:36 . 2001-08-17 13:53 6784 c:\windows\system32\dllcache\serscan.sys
    + 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
    + 2009-07-12 01:12 . 2009-07-12 01:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    + 2009-07-12 01:09 . 2009-07-12 01:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    + 2009-07-12 01:08 . 2009-07-12 01:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
    + 2010-02-10 23:37 . 2007-12-18 10:20 221184 c:\windows\twain_32\MP620 series_001E8F70888F\USIP.DLL
    + 2010-02-10 23:37 . 2008-05-23 06:03 532480 c:\windows\twain_32\MP620 series_001E8F70888F\TPM.DLL
    + 2010-02-10 23:37 . 2007-12-03 08:33 102400 c:\windows\twain_32\MP620 series_001E8F70888F\softfare.dll
    + 2010-02-10 23:37 . 2007-07-02 02:04 114688 c:\windows\twain_32\MP620 series_001E8F70888F\SCRPRMVL.DLL
    + 2010-02-10 23:37 . 2005-02-02 09:34 118784 c:\windows\twain_32\MP620 series_001E8F70888F\SCRPRMV.DLL
    + 2010-02-10 23:37 . 2008-05-23 06:02 151552 c:\windows\twain_32\MP620 series_001E8F70888F\SCANINTF.DLL
    + 2010-02-10 23:37 . 2008-01-23 07:45 454656 c:\windows\twain_32\MP620 series_001E8F70888F\RACSLIB.dll
    + 2010-02-10 23:37 . 2008-01-24 01:33 139264 c:\windows\twain_32\MP620 series_001E8F70888F\MC2.DLL
    + 2010-02-10 23:37 . 2004-06-07 03:58 290816 c:\windows\twain_32\MP620 series_001E8F70888F\libBLC.dll
    + 2010-02-10 23:37 . 2008-05-23 06:04 151552 c:\windows\twain_32\MP620 series_001E8F70888F\IPM.DLL
    + 2010-02-10 23:37 . 2008-05-23 06:03 188416 c:\windows\twain_32\MP620 series_001E8F70888F\IOP.DLL
    + 2010-02-10 23:37 . 2008-05-08 06:04 172032 c:\windows\twain_32\MP620 series_001E8F70888F\CUBS.DLL
    + 2010-02-10 23:37 . 2008-04-23 07:45 158016 c:\windows\twain_32\MP620 series_001E8F70888F\CNC620P.DAT
    + 2010-02-10 23:37 . 2005-08-24 06:51 126976 c:\windows\twain_32\MP620 series_001E8F70888F\CFine2.dll
    + 2010-02-10 23:37 . 2008-03-19 07:36 118784 c:\windows\twain_32\MP620 series_001E8F70888F\CAPS.DLL
    + 2010-02-10 23:37 . 2007-10-24 04:36 118784 c:\windows\twain_32\MP620 series_001E8F70888F\AG.DLL
    + 2010-02-10 23:30 . 2007-12-18 10:20 221184 c:\windows\twain_32\MP620 series\USIP.DLL
    + 2010-02-10 23:30 . 2008-05-23 06:03 532480 c:\windows\twain_32\MP620 series\TPM.DLL
    + 2010-02-10 23:30 . 2007-12-03 08:33 102400 c:\windows\twain_32\MP620 series\softfare.dll
    + 2010-02-10 23:30 . 2007-07-02 02:04 114688 c:\windows\twain_32\MP620 series\SCRPRMVL.DLL
    + 2010-02-10 23:30 . 2005-02-02 09:34 118784 c:\windows\twain_32\MP620 series\SCRPRMV.DLL
    + 2010-02-10 23:30 . 2008-05-23 06:02 151552 c:\windows\twain_32\MP620 series\SCANINTF.DLL
    + 2010-02-10 23:30 . 2008-01-23 07:45 454656 c:\windows\twain_32\MP620 series\RACSLIB.dll
    + 2010-02-10 23:30 . 2008-01-24 01:33 139264 c:\windows\twain_32\MP620 series\MC2.DLL
    + 2010-02-10 23:30 . 2004-06-07 03:58 290816 c:\windows\twain_32\MP620 series\libBLC.dll
    + 2010-02-10 23:30 . 2008-05-23 06:04 151552 c:\windows\twain_32\MP620 series\IPM.DLL
    + 2010-02-10 23:30 . 2008-05-23 06:03 188416 c:\windows\twain_32\MP620 series\IOP.DLL
    + 2010-02-10 23:30 . 2008-05-08 06:04 172032 c:\windows\twain_32\MP620 series\CUBS.DLL
    + 2010-02-10 23:30 . 2008-04-23 07:45 158016 c:\windows\twain_32\MP620 series\CNC620P.DAT
    + 2010-02-10 23:30 . 2005-08-24 06:51 126976 c:\windows\twain_32\MP620 series\CFine2.dll
    + 2010-02-10 23:30 . 2008-03-19 07:36 118784 c:\windows\twain_32\MP620 series\CAPS.DLL
    + 2010-02-10 23:30 . 2007-10-24 04:36 118784 c:\windows\twain_32\MP620 series\AG.DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 393216 c:\windows\system32\spool\drivers\w32x86\3\CNMUR9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 636928 c:\windows\system32\spool\drivers\w32x86\3\CNMUB9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 444928 c:\windows\system32\spool\drivers\w32x86\3\CNMSM9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 848384 c:\windows\system32\spool\drivers\w32x86\3\CNMSB9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 102912 c:\windows\system32\spool\drivers\w32x86\3\CNMPV9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 166912 c:\windows\system32\spool\drivers\w32x86\3\CNMLR9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 552448 c:\windows\system32\spool\drivers\w32x86\3\CNMDR9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 243200 c:\windows\system32\spool\drivers\w32x86\3\CNMD59D .DLL
    - 2004-08-04 12:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
    + 2004-08-04 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
    + 2010-02-05 22:38 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
    + 2009-01-07 18:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
    - 2009-01-07 18:20 . 2009-01-07 18:20 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
    + 2010-02-05 22:38 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
    + 2010-02-10 23:30 . 2008-02-14 03:07 598872 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\DelDrv.exe
    + 2010-02-10 16:07 . 2010-02-10 16:07 424448 c:\windows\Installer\3423f.msi
    + 2010-02-09 18:23 . 2010-02-09 18:23 279552 c:\windows\Installer\17b39.msi
    + 2010-02-05 22:38 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2009-07-11 20:46 . 2009-07-11 20:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
    + 2009-07-11 20:46 . 2009-07-11 20:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
    + 2010-02-10 23:37 . 2008-05-23 06:04 1232896 c:\windows\twain_32\MP620 series_001E8F70888F\SGUI.DLL
    + 2010-02-10 23:37 . 2008-05-23 06:02 1912832 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_US.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:26 1875968 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_TW.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:23 1912832 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_TR.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:20 1908736 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_TH.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:20 1916928 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_SE.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:20 1921024 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_RU.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:20 1925120 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_PT.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:20 1921024 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_PL.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:20 1916928 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_NO.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:20 1925120 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_NL.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:21 1888256 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_KR.DLL
    + 2010-02-10 23:37 . 2008-05-23 06:02 1888256 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_JP.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:22 1929216 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_IT.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:26 1916928 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_ID.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1921024 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_HU.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1929216 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_GR.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1925120 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_FR.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1916928 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_FI.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1929216 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_ES.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1916928 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_DK.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1925120 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_DE.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1916928 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_CZ.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:25 1875968 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_CN.DLL
    + 2010-02-10 23:37 . 2008-04-22 05:26 1912832 c:\windows\twain_32\MP620 series_001E8F70888F\SGRES_AR.DLL
    + 2010-02-10 23:37 . 2008-04-03 05:53 1159168 c:\windows\twain_32\MP620 series_001E8F70888F\SGCFLTR.DLL
    + 2010-02-10 23:37 . 2008-01-29 06:46 2102320 c:\windows\twain_32\MP620 series_001E8F70888F\CNC620R.DAT
    + 2010-02-10 23:30 . 2008-05-23 06:04 1232896 c:\windows\twain_32\MP620 series\SGUI.DLL
    + 2010-02-10 23:30 . 2008-05-23 06:02 1912832 c:\windows\twain_32\MP620 series\SGRES_US.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:26 1875968 c:\windows\twain_32\MP620 series\SGRES_TW.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:23 1912832 c:\windows\twain_32\MP620 series\SGRES_TR.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:20 1908736 c:\windows\twain_32\MP620 series\SGRES_TH.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:20 1916928 c:\windows\twain_32\MP620 series\SGRES_SE.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:20 1921024 c:\windows\twain_32\MP620 series\SGRES_RU.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:20 1925120 c:\windows\twain_32\MP620 series\SGRES_PT.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:20 1921024 c:\windows\twain_32\MP620 series\SGRES_PL.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:20 1916928 c:\windows\twain_32\MP620 series\SGRES_NO.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:20 1925120 c:\windows\twain_32\MP620 series\SGRES_NL.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:21 1888256 c:\windows\twain_32\MP620 series\SGRES_KR.DLL
    + 2010-02-10 23:30 . 2008-05-23 06:02 1888256 c:\windows\twain_32\MP620 series\SGRES_JP.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:22 1929216 c:\windows\twain_32\MP620 series\SGRES_IT.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:26 1916928 c:\windows\twain_32\MP620 series\SGRES_ID.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1921024 c:\windows\twain_32\MP620 series\SGRES_HU.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1929216 c:\windows\twain_32\MP620 series\SGRES_GR.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1925120 c:\windows\twain_32\MP620 series\SGRES_FR.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1916928 c:\windows\twain_32\MP620 series\SGRES_FI.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1929216 c:\windows\twain_32\MP620 series\SGRES_ES.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1916928 c:\windows\twain_32\MP620 series\SGRES_DK.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1925120 c:\windows\twain_32\MP620 series\SGRES_DE.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1916928 c:\windows\twain_32\MP620 series\SGRES_CZ.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:25 1875968 c:\windows\twain_32\MP620 series\SGRES_CN.DLL
    + 2010-02-10 23:30 . 2008-04-22 05:26 1912832 c:\windows\twain_32\MP620 series\SGRES_AR.DLL
    + 2010-02-10 23:30 . 2008-04-03 05:53 1159168 c:\windows\twain_32\MP620 series\SGCFLTR.DLL
    + 2010-02-10 23:30 . 2008-01-29 06:46 2102320 c:\windows\twain_32\MP620 series\CNC620R.DAT
    + 2010-02-10 23:30 . 2008-10-08 20:00 2626560 c:\windows\system32\spool\drivers\w32x86\3\CNMUI9D .DLL
    + 2010-02-10 23:30 . 2008-10-08 20:00 1599488 c:\windows\system32\spool\drivers\w32x86\3\CNMCB9D .DLL
    + 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
    - 2010-02-05 22:42 . 2009-08-04 20:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2010-02-05 22:42 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2010-02-05 22:42 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2010-02-05 22:42 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2009-02-07 19:02 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2009-02-07 19:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2010-02-05 22:42 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2010-02-05 22:42 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2010-02-10 01:23 . 2010-02-10 01:23 1093632 c:\windows\Installer\ad04eb.msi
    - 2010-02-05 22:42 . 2009-08-04 20:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2010-02-05 22:42 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    - 2010-02-05 22:42 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2010-02-05 22:42 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2009-02-07 19:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2009-02-07 19:02 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2010-02-05 22:42 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2010-02-05 22:42 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2010-02-05 23:31 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-06 1800464]
    "F5D8055v1"="c:\program files\Belkin\F5D8055\v1\Belkinwcui.exe" [2008-10-27 1654784]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "NBService"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "iPodService"=3 (0x3)
    "Ati HotKey Poller"=2 (0x2)
    "AgereModemAudio"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1265493429\\ee\\aolsoftware.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [06/02/2010 22:02 134344]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [06/02/2010 22:02 25160]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/02/2010 14:00 108289]
    R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [26/01/2007 10:42 2831232]
    S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [01/01/2005 15:55 24544]
    S3 rt2870;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [08/02/2010 21:13 619136]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ANTIVIRSCHEDULERSERVICE
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-05 c:\windows\Tasks\Easy Internet Sign-up.job
    - c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/webhp
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavi lion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavi lion&pf=desktop
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\f24mhqkb.default\
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-02-11 14:14
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose, ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(768)
    c:\windows\system32\guard32.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(828)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'explorer.exe'(3360)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-02-11 14:16:59
    ComboFix-quarantined-files.txt 2010-02-11 14:16

    Pre-Run: 179,132,801,024 bytes free
    Post-Run: 179,107,594,240 bytes free

    - - End Of File - - 3176557F2532A2767ACC2F91C6CC9D97
    thanks again mate.
  4. 11-02-2010  #4
    broni
    broni is offline Senior Member
    My instructions clearly say:
    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Please, stick to the rules.

    I assume, you're running Comodo firewall only?

    Delete following folder:
    c:\program files\AVG

    Combofix doesn't show any issues.

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2.
    Post fresh HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Last edited by broni; 11-02-2010 at 10:59 PM.
  5. 11-02-2010  #5
    j-brown
    j-brown is offline Newbie
    sorry for the screw up mate.
    only "comodo" firewall used.
    here is new hjt log and malwarebytes log.

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 22:38:46, on 11/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Belkin\F5D8055\v1\Belkinwcui.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing UK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Search Marketing UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [F5D8055v1] C:\Program Files\Belkin\F5D8055\v1\Belkinwcui.exe
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 6555 bytes

    Malwarebytes' Anti-Malware 1.44
    Database version: 3727
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/02/2010 22:32:29
    mbam-log-2010-02-11 (22-32-29).txt

    Scan type: Quick Scan
    Objects scanned: 112520
    Time elapsed: 3 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    thanks for the help.
  6. 11-02-2010  #6
    broni
    broni is offline Senior Member
    Malware-wise, your computer is clean, so you may want to repost your issues at Windows section.
  7. 11-02-2010  #7
    j-brown
    j-brown is offline Newbie
    will do that.

    thanks for your help anyway broni.
  8. 11-02-2010  #8
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    You're very welcome
+ Reply to Thread
« Google Search linked have been hijacked? | Log check please »