• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
vicvalis

Looks like I picked up some buggies... - 2 Topics Merged...

32 posts in this topic

So at this point my Thinkpad T22 is behaving pretty normally after doubling the ram, but I've gone to some sites that might have exposed the laptop to viruses and trojans and/or all sorts of cooties. I remember the last time this happed some years ago I didn't realize the bad stuff was happening until it was almost too late (though I pulled my home computer back from the edge with the help of the forum). I've got good virus protection thanks to my workplace wireless network, use ad-aware, etc, but figure it can't hurt to run my computer's innards past y'all to see if it looks clean or not. So here we go, my hijackthis log and the AVG Anti-Spyware report:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:33:44 AM, on 5/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {43DE05EB-4F4B-4ED9-BE0D-09F3EA6B3936} - C:\WINDOWS\system32\hgghgfe.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5688D2CD-5CF1-4C93-845B-A480359ECD5A} - C:\WINDOWS\system32\xxwtt.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [boostSpeed] "C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe" /Q

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177679059457

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O20 - Winlogon Notify: hgghgfe - C:\WINDOWS\SYSTEM32\hgghgfe.dll

O20 - Winlogon Notify: xxwtt - C:\WINDOWS\system32\xxwtt.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

--

End of file - 9963 bytes

 

 

And:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 3:28:49 AM 5/20/2007

 

+ Scan result:

 

 

 

Nothing found.

 

 

 

::Report end

 

 

Which sounds better than it is, as I could not connect to the work server to update it. The only toolbars i want are yahoo and google; any other toolbars are uninvited guests (and not visible on my browsers). Lemme know what you think. Thanks!

 

vic

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Either I got lazy or they got more clever (probably a little of both) but in the last few days I've noticed a few problems with my laptop. Part may be due to the installation of Office 2007 (which I'm pplaning on getting rid of, as 2003 is more useful to me). I managed to clean up a few problems, among some of the things Spybot and ad-aware helpped me (I hope) get rid of were:

 

smitfraud-C toolbar

win32.agent.azt

adware.purityscan

statcounter

 

...and others. At some point in the next week or two I'm going to be swapping the old laptop hard drive for a bigger one. As the laptop is new to me and I have nothing really important on it, I always have the option of swapping the drive and reformatting it. But before I do this, figured I post my latest logs and see if anyone can find any problems. One thing: i notice in my WinXP system tray a little shield-shaped icon, red with a white "X" in it, and when I hover the curser over it I get a message that reads something like "problems detected." (I lost my note, and the laptop is at home while I am at work as I write this). If Iclick on it, it attempts to download something called "RegisteryCleanerSetup.exe." I obviously don't like this, as I'm not sure which program the icon or the .exe is associated with. Any advice is greatly appreciated! Thanks,

 

jeff

 

Logfile of HijackThis v1.99.1

Scan saved at 8:56:00 PM, on 5/30/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\spoolvq0.exe

C:\WINDOWS\system32\ipmon.exe

C:\WINDOWS\system32\ipmon.exe

C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.303\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [svcManager] spoolvq0.exe

O4 - HKLM\..\Run: [ipmon] ipmon.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [boostSpeed] "C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe" /Q

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177679059457

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 10:41:29 PM 5/30/2007

 

+ Scan result:

 

 

 

C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\BigFix Enterprise\BES Client\__BESData\BES Support\KILL.EXE -> Trojan.KillApp.A : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{D46C45C2-E6BE-497F-8627-18D90129F831}\RP100\A0016364.EXE -> Trojan.KillApp.A : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{D46C45C2-E6BE-497F-8627-18D90129F831}\RP97\A0015967.EXE -> Trojan.KillApp.A : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{D46C45C2-E6BE-497F-8627-18D90129F831}\RP98\A0016072.EXE -> Trojan.KillApp.A : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{D46C45C2-E6BE-497F-8627-18D90129F831}\RP98\A0016203.EXE -> Trojan.KillApp.A : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{D46C45C2-E6BE-497F-8627-18D90129F831}\RP99\A0016265.EXE -> Trojan.KillApp.A : Cleaned with backup (quarantined).

 

 

::Report end

Share this post


Link to post
Share on other sites

Hi,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [svcManager] spoolvq0.exe

O4 - HKLM\..\Run: [ipmon] ipmon.exe

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete these files in bold if found.

C:\WINDOWS\system32\spoolvq0.exe

C:\WINDOWS\system32\ipmon.exe

 

Restart the computer normally to reset the registry.

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Let me know what problem remains.

Share this post


Link to post
Share on other sites

Okay, went through with the process. One note: ipmon was hard to get rid of, and I didn't get it deleted until fter te first run through the instructions. I was able to delete it whilin safe mode, then went through the instuctions a second time. So here are TWO logs for the price of one! First log before I got rid of ipmon, second one after.

 

 

SDFix: Version 1.85

 

Run by Administrator - Fri 06/01/2007 - 4:02:15.16

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing Security Center Service

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\-99520~1 - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win59.tmp.exe - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win51.tmp.exe - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win55.tmp.exe - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win5B.tmp.exe - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win5D.tmp.exe - Deleted

C:\Program Files\Setup.exe - Deleted

C:\WINDOWS\Temp\win*.tmp - Deleted

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win*.tmp - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"c:\\windows\\system32\\spoolvq0.exe"="c:\\windows\\system32\\spoolvq0.exe:*:Enabled:spoolvq0"

"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win4F.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win4F.tmp.exe:*:Enabled:win4F.tmp"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Checking For Files with Hidden Attributes:

 

C:\WINDOWS\system32\xxwtt.dll

C:\WINDOWS\system32\ttwxx.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL2974.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL2314.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL1751.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL3156.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL3467.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL3264.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL0003.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL2468.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL0005.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Drugs in hollywood, drink, et al\~WRL1981.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL1342.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL1093.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2734.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2636.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0797.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2065.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL1071.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0004.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2280.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0716.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL3772.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL3112.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2923.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0855.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0254.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0262.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL3915.tmp

 

Finished

 

 

 

SDFix: Version 1.85

 

Run by Administrator - Fri 06/01/2007 - 6:42:27.66

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

No Trojan Files Found

 

C:\WINDOWS\Temp\win*.tmp - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"c:\\windows\\system32\\spoolvq0.exe"="c:\\windows\\system32\\spoolvq0.exe:*:Enabled:spoolvq0"

"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win4F.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win4F.tmp.exe:*:Enabled:win4F.tmp"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

 

Checking For Files with Hidden Attributes:

 

C:\WINDOWS\system32\xxwtt.dll

C:\WINDOWS\system32\ttwxx.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL2974.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL2314.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL1751.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL3156.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\~WRL3467.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL3264.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL0003.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL2468.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\~WRL0005.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Drugs in hollywood, drink, et al\~WRL1981.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL1342.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL1093.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2734.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2636.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0797.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2065.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL1071.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0004.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2280.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0716.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL3772.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL3112.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL2923.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0855.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0254.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL0262.tmp

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\~WRL3915.tmp

 

Finished

Share this post


Link to post
Share on other sites

  • Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

Then delete the files in bold.

 

C:\WINDOWS\system32\xxwtt.dll

C:\WINDOWS\system32\ttwxx.tmp

 

Delete the files from these folders not the folders unless you do not need them anymore.

 

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Drugs in hollywood, drink, et al\

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\

 

Submit a fresh HijackThis log and let me know what problem remains.

Share this post


Link to post
Share on other sites

I'll give it a shot tonight and let you know what happens. I need:

 

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\hurricanes\

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Carthay Circle\

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Drugs in hollywood, drink, et al\

C:\Documents and Settings\Administrator\My Documents\colleen moore 2\Scrapbooks\

 

At least until I back them up to CD. Once they're backed up I'll delete them. Thanks for the help so far, much appreciated!

 

jeff

Share this post


Link to post
Share on other sites

Well I haven't been able to delete xxwtt.dll... every time I try I get a message that it's in use even when I turn everything off. And it's not visible in c:\windows\system32 when I try top delete it while in safe mode (I don't know how to make it visible). However I don't see it on the hijackthis log, which follows:

 

Logfile of HijackThis v1.99.1

Scan saved at 2:00:49 AM, on 6/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

c:\program files\lenovo\system update\suservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [boostSpeed] "C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe" /Q

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177679059457

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

Share this post


Link to post
Share on other sites

1. Please download The Avenger by Swandog46 to your Desktop.

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text in Bold contained in the code box below (including the first line, which is a command to the tool Files to delete: to your Clipboard by highlighting it and pressing (Ctrl+C):

 

Files to Delete:

 

C:\WINDOWS\system32\xxwtt.dll

C:\WINDOWS\system32\ttwxx.tmp

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HijackThis log by using Add/Reply.

 

Let me know what problem remains.

Share this post


Link to post
Share on other sites

Okay, here we go:

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\bnvvkhfi

 

*******************

 

Script file located at: cqjoglrf

 

Could not open script file! Error

 

Could not open script file! Status: 0xc000003b Abort!

 

 

And:

 

Logfile of HijackThis v1.99.1

Scan saved at 6:49:10 PM, on 6/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [boostSpeed] "C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe" /Q

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177679059457

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

Jeff

Share this post


Link to post
Share on other sites

And a followup: AVG antispyware has popped up with a warning that malware C:\WINDOWS\System32\hgghgfe.dll has been detected, and while AVG recommends I ignore it, the AVG screen keeps popping up until I clean it... and even then pops up again after a few minutes. This is the first time I've had the laptop connected to a wireless network for a while, so that might have something to do with it.

 

jeff

Share this post


Link to post
Share on other sites

And now in addition: C:\WINDOWS\System32\winkzr.dll. It recommends I clean it, which I do, and AVG pops right back up with the same warning... although as i write this it hasn't popped up in a while... the previous warning continues though. Symantec has a removal tool I will try.

 

jeff

Share this post


Link to post
Share on other sites

Download this file - combofix.exe

 

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

 

"%userprofile%\desktop\combofix.exe"

 

Boot into safe mode by tapping the F8 key just before Windows starts to load.

 

go to start --> run and copy/paste in the following:

 

"%userprofile%\desktop\combofix.exe"

 

When finished, it shall produce a log for you. Save it and post that log in your next reply.

 

Note:

 

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next post, please include

  • new hijackthis log
  • combofix log

 

*use separate posts to ensure the logs don't get cut off!

 

 

Submit a fresh HijackThis log.

 

Share this post


Link to post
Share on other sites

I'll do that this evening. The Symantec fix did not detect it, was going to post that info and then I saw your reply.

 

jeff

Share this post


Link to post
Share on other sites

Okay, here's one report:

 

"Administrator" - 2007-06-03 1:02:37 Service Pack 2 [sAFE MODE]

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Administrator\Desktop\"

 

 

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\pmnkkhi.dll

C:\WINDOWS\system32\iifedda.dll

C:\WINDOWS\system32\opnnklk.dll

C:\WINDOWS\system32\gebxyvu.dll

C:\WINDOWS\system32\pmnnnmn.dll

C:\WINDOWS\system32\ssqqpqo.dll

C:\WINDOWS\system32\efcaxvv.dll

C:\WINDOWS\system32\fcccbbx.dll

C:\WINDOWS\system32\awtrqqq.dll

C:\WINDOWS\system32\ttwxx.ini

C:\WINDOWS\system32\ttwxx.tmp

C:\WINDOWS\system32\ttwxx.bak1

C:\WINDOWS\system32\ttwxx.bak2

C:\WINDOWS\system32\ttwxx.ini2

C:\WINDOWS\system32\ttwxx.ini

C:\WINDOWS\system32\ttwxx.tmp

C:\WINDOWS\system32\ttwxx.bak1

C:\WINDOWS\system32\ttwxx.bak2

C:\WINDOWS\system32\ttwxx.ini2

C:\WINDOWS\system32\ttwxx.ini

C:\WINDOWS\system32\ttwxx.tmp

C:\WINDOWS\system32\ttwxx.bak1

C:\WINDOWS\system32\ttwxx.bak2

C:\WINDOWS\system32\ttwxx.ini2

C:\WINDOWS\system32\xxwtt.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))

 

 

2007-06-02 19:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll

2007-06-02 18:39 <DIR> d-------- C:\avenger

2007-06-01 04:16 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-06-01 04:16 <DIR> d-------- C:\WINDOWS\srchasst

2007-06-01 04:16 <DIR> d-------- C:\WINDOWS\msagent

2007-06-01 04:16 <DIR> d-------- C:\Program Files\msn gaming zone

2007-06-01 04:16 <DIR> d-------- C:\Program Files\movie maker

2007-06-01 04:16 <DIR> d-------- C:\Program Files\microsoft frontpage

2007-06-01 04:16 <DIR> d-------- C:\Program Files\Common Files\speechengines

2007-05-30 20:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-30 17:40 <DIR> d-------- C:\Program Files\BitTornado

2007-05-28 21:52 43,473 --a------ C:\ecri.exe

2007-05-28 21:47 61,088 C:\WINDOWS\system32\xpdx.sys

2007-05-28 21:47 48,128 --a------ C:\tcjlicw.exe

2007-05-28 21:46 1,536 --a------ C:\cwainda.exe

2007-05-28 21:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFix

2007-05-28 08:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2007-05-28 08:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet

2007-05-25 05:36 1,835,008 --a------ C:\Documents and Settings\Administrator\ntuser.dat

2007-05-25 05:36 1,835,008 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat

2007-05-15 08:36 <DIR> d-------- C:\Program Files\Microsoft Works

2007-05-15 08:31 <DIR> d-------- C:\Program Files\Microsoft.NET

2007-05-15 08:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

2007-05-15 02:41 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2007-05-15 02:40 <DIR> d-------- C:\Program Files\Norton Ghost

2007-05-15 02:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

2007-05-15 02:37 <DIR> d-------- C:\Program Files\Support

2007-05-15 02:37 <DIR> d-------- C:\Program Files\Driver Validation

2007-05-11 19:22 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-05 20:01 <DIR> d-------- C:\Program Files\AusLogics BoostSpeed

2007-05-05 18:54 <DIR> d-------- C:\Program Files\iTunes

2007-05-05 18:54 <DIR> d-------- C:\Program Files\iPod

2007-05-05 18:51 <DIR> d-------- C:\Program Files\QuickTime

2007-05-05 18:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2012-12-21 11:00:00 994,304 ----a-w C:\WINDOWS\system32\msgina.dll

2012-12-21 11:00:00 99,840 ----a-w C:\WINDOWS\system32\mprmsg.dll

2012-12-21 11:00:00 99,328 ----a-w C:\WINDOWS\system32\winscard.dll

2012-12-21 11:00:00 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll

2012-12-21 11:00:00 984,576 ----a-w C:\WINDOWS\system32\syssetub.dll

2012-12-21 11:00:00 983,552 ----a-w C:\WINDOWS\system32\setupapi.dll

2012-12-21 11:00:00 98,304 ----a-w C:\WINDOWS\system32\verifier.exe

2012-12-21 11:00:00 98,304 ----a-w C:\WINDOWS\system32\slbiop.dll

2012-12-21 11:00:00 98,304 ----a-w C:\WINDOWS\system32\rtm.dll

2012-12-21 11:00:00 98,304 ----a-w C:\WINDOWS\system32\cscript.exe

2012-12-21 11:00:00 98,304 ----a-w C:\WINDOWS\system32\ahui.exe

2012-12-21 11:00:00 97,965 ----a-w C:\WINDOWS\system32\eventquery.vbs

2012-12-21 11:00:00 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll

2012-12-21 11:00:00 97,280 ----a-w C:\WINDOWS\system32\loadperf.dll

2012-12-21 11:00:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll

2012-12-21 11:00:00 96,768 ----a-w C:\WINDOWS\system32\psbase.dll

2012-12-21 11:00:00 96,768 ----a-w C:\WINDOWS\system32\dpcdll.dll

2012-12-21 11:00:00 96,256 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys

2012-12-21 11:00:00 95,744 ----a-w C:\WINDOWS\system32\scardsvr.exe

2012-12-21 11:00:00 95,360 ----a-w C:\WINDOWS\system32\drivers\atapi.sys

2012-12-21 11:00:00 94,784 ----a-w C:\WINDOWS\twain.dll

2012-12-21 11:00:00 94,208 ----a-w C:\WINDOWS\system32\pskill.exe

2012-12-21 11:00:00 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll

2012-12-21 11:00:00 937,984 ----a-w C:\WINDOWS\system32\winbrand.dll

2012-12-21 11:00:00 93,696 ----a-w C:\WINDOWS\system32\tscfgwmi.dll

2012-12-21 11:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40.dll

2012-12-21 11:00:00 92,672 ----a-w C:\WINDOWS\system32\wlnotify.dll

2012-12-21 11:00:00 92,224 ----a-w C:\WINDOWS\system32\krnl386.exe

2012-12-21 11:00:00 92,168 ----a-w C:\WINDOWS\system32\rdpdd.dll

2012-12-21 11:00:00 92,032 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys

2012-12-21 11:00:00 91,776 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2012-12-21 11:00:00 91,648 ----a-w C:\WINDOWS\system32\xactsrv.dll

2012-12-21 11:00:00 91,136 ----a-w C:\WINDOWS\system32\ntprint.dll

2012-12-21 11:00:00 90,624 ----a-w C:\WINDOWS\system32\mydocs.dll

2012-12-21 11:00:00 90,112 ----a-w C:\WINDOWS\system32\rsvpsp.dll

2012-12-21 11:00:00 90,112 ----a-w C:\WINDOWS\system32\mycomput.dll

2012-12-21 11:00:00 9,936 ----a-w C:\WINDOWS\system32\lzexpand.dll

2012-12-21 11:00:00 9,728 ----a-w C:\WINDOWS\system32\sprestrt.exe

2012-12-21 11:00:00 9,728 ----a-w C:\WINDOWS\system32\sfc.exe

2012-12-21 11:00:00 9,728 ----a-w C:\WINDOWS\system32\reset.exe

2012-12-21 11:00:00 9,728 ----a-w C:\WINDOWS\system32\label.exe

2012-12-21 11:00:00 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2012-12-21 11:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2012-12-21 11:00:00 9,344 ----a-w C:\WINDOWS\system32\vga.dll

2012-12-21 11:00:00 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\wshatm.dll

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\winfax.dll

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\wifeman.dll

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\subst.exe

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\print.exe

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\lprmonui.dll

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\iissuba.dll

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\find.exe

2012-12-21 11:00:00 9,216 ----a-w C:\WINDOWS\system32\diskcomp.com

2012-12-21 11:00:00 9,029 ----a-w C:\WINDOWS\system32\ansi.sys

2012-12-21 11:00:00 9,008 ----a-w C:\WINDOWS\system32\ver.dll

2012-12-21 11:00:00 89,600 ----a-w C:\WINDOWS\system32\smlogsvc.exe

2012-12-21 11:00:00 89,088 ----a-w C:\WINDOWS\system32\rasauto.dll

2012-12-21 11:00:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

2012-12-21 11:00:00 882 ----a-w C:\WINDOWS\system32\share.exe

2012-12-21 11:00:00 882 ----a-w C:\WINDOWS\system32\fastopen.exe

2012-12-21 11:00:00 88,064 ----a-w C:\WINDOWS\system32\p2pnetsh.dll

2012-12-21 11:00:00 875,008 ----a-w C:\WINDOWS\system32\netplwiz.dll

2012-12-21 11:00:00 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2012-12-21 11:00:00 87,040 ----a-w C:\WINDOWS\system32\mprapi.dll

2012-12-21 11:00:00 86,528 ----a-w C:\WINDOWS\system32\iassam.dll

2012-12-21 11:00:00 86,016 ----a-w C:\WINDOWS\system32\p2pgasvc.dll

2012-12-21 11:00:00 86,016 ----a-w C:\WINDOWS\system32\msapsspc.dll

2012-12-21 11:00:00 858,624 ----a-w C:\WINDOWS\system32\tapi3.dll

2012-12-21 11:00:00 85,504 ----a-w C:\WINDOWS\system32\makecab.exe

2012-12-21 11:00:00 85,504 ----a-w C:\WINDOWS\system32\diantz.exe

2012-12-21 11:00:00 85,504 ----a-w C:\WINDOWS\system32\catsrvps.dll

2012-12-21 11:00:00 84,992 ----a-w C:\WINDOWS\system32\avifil32.dll

2012-12-21 11:00:00 84,480 ----a-w C:\WINDOWS\system32\mciavi32.dll

2012-12-21 11:00:00 84,480 ----a-w C:\WINDOWS\system32\cabview.dll

2012-12-21 11:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll

2012-12-21 11:00:00 83,456 ----a-w C:\WINDOWS\system32\olepro32.dll

2012-12-21 11:00:00 83,456 ----a-w C:\WINDOWS\system32\dpvsetup.exe

2012-12-21 11:00:00 825,344 ----a-w C:\WINDOWS\system32\d3dim700.dll

2012-12-21 11:00:00 82,944 ----a-w C:\WINDOWS\system32\ws2_32.dll

2012-12-21 11:00:00 82,944 ----a-w C:\WINDOWS\system32\olecli.dll

2012-12-21 11:00:00 82,432 ----a-w C:\WINDOWS\system32\ufat.dll

2012-12-21 11:00:00 82,432 ----a-w C:\WINDOWS\system32\dmscript.dll

2012-12-21 11:00:00 817 ----a-w C:\WINDOWS\system32\mscdexnt.exe

2012-12-21 11:00:00 815,104 ----a-w C:\WINDOWS\system32\mmc.exe

2012-12-21 11:00:00 81,408 ----a-w C:\WINDOWS\system32\fsusd.dll

2012-12-21 11:00:00 80,896 ----a-w C:\WINDOWS\system32\netui0.dll

2012-12-21 11:00:00 80,384 ----a-w C:\WINDOWS\system32\iccvid.dll

2012-12-21 11:00:00 80,384 ----a-w C:\WINDOWS\system32\faultrep.dll

2012-12-21 11:00:00 80,384 ----a-w C:\WINDOWS\system32\autodisc.dll

2012-12-21 11:00:00 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2012-12-21 11:00:00 8,832 ----a-w C:\WINDOWS\system32\drivers\rasacd.sys

2012-12-21 11:00:00 8,704 ----a-w C:\WINDOWS\system32\eventvwr.exe

2012-12-21 11:00:00 8,704 ----a-w C:\WINDOWS\system32\dciman32.dll

2012-12-21 11:00:00 8,704 ----a-w C:\WINDOWS\system32\batt.dll

2012-12-21 11:00:00 8,424 ----a-w C:\WINDOWS\system32\exe2bin.exe

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\streamci.dll

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\smbinst.exe

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\ntlsapi.dll

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\mountvol.exe

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\mciole16.dll

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\igmpagnt.dll

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\d3d8thk.dll

2012-12-21 11:00:00 8,192 ----a-w C:\WINDOWS\system32\control.exe

2012-12-21 11:00:00 8,192 ----a-r C:\WINDOWS\system32\kbdhept.dll

2012-12-21 11:00:00 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2012-12-21 11:00:00 792,064 ----a-w C:\WINDOWS\system32\comres.dll

2012-12-21 11:00:00 79,744 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2012-12-21 11:00:00 78,848 ----a-w C:\WINDOWS\system32\tapiui.dll

2012-12-21 11:00:00 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe

2012-12-21 11:00:00 78,336 ----a-w C:\WINDOWS\system32\browsewm.dll

2012-12-21 11:00:00 77,824 ----a-w C:\WINDOWS\system32\shrpubw.exe

2012-12-21 11:00:00 77,824 ----a-w C:\WINDOWS\system32\eventtriggers.exe

2012-12-21 11:00:00 77,824 ----a-w C:\WINDOWS\system32\cliconfg.dll

2012-12-21 11:00:00 77,312 ----a-w C:\WINDOWS\system32\sdbinst.exe

2012-12-21 11:00:00 77,312 ----a-w C:\WINDOWS\system32\browser.dll

2012-12-21 11:00:00 76,800 ----a-w C:\WINDOWS\system32\gcdef.dll

2012-12-21 11:00:00 75,776 ----a-w C:\WINDOWS\system32\wiascr.dll

2012-12-21 11:00:00 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll

2012-12-21 11:00:00 75,264 ----a-w C:\WINDOWS\system32\locator.exe

2012-12-21 11:00:00 75,264 ----a-w C:\WINDOWS\system32\inetpp.dll

2012-12-21 11:00:00 74,752 ----a-w C:\WINDOWS\system32\spoolss.dll

2012-12-21 11:00:00 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll

2012-12-21 11:00:00 74,752 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2012-12-21 11:00:00 74,752 ----a-w C:\WINDOWS\system32\cryptdlg.dll

2012-12-21 11:00:00 74,240 ----a-w C:\WINDOWS\system32\unimdmat.dll

2012-12-21 11:00:00 74,240 ----a-w C:\WINDOWS\system32\dhcpsapi.dll

2012-12-21 11:00:00 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2012-12-21 11:00:00 73,802 ----a-w C:\WINDOWS\system32\msrclr40.dll

2012-12-21 11:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll

2012-12-21 11:00:00 73,728 ----a-w C:\WINDOWS\system32\fdeploy.dll

2012-12-21 11:00:00 73,728 ----a-w C:\WINDOWS\system32\csseqchk.dll

2012-12-21 11:00:00 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2012-12-21 11:00:00 723,456 ----a-w C:\WINDOWS\system32\userenv.dll

2012-12-21 11:00:00 72,704 ----a-w C:\WINDOWS\system32\msw3prt.dll

2012-12-21 11:00:00 72,192 ----a-w C:\WINDOWS\system32\tasklist.exe

2012-12-21 11:00:00 72,192 ----a-w C:\WINDOWS\system32\taskkill.exe

2012-12-21 11:00:00 713,728 ----a-w C:\WINDOWS\system32\opengl32.dll

2012-12-21 11:00:00 71,680 ----a-w C:\WINDOWS\system32\ssdpsrv.dll

2012-12-21 11:00:00 71,680 ----a-w C:\WINDOWS\system32\msacm32.dll

2012-12-21 11:00:00 71,680 ----a-w C:\WINDOWS\system32\dsdmoprp.dll

2012-12-21 11:00:00 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2012-12-21 11:00:00 71,040 ----a-w C:\WINDOWS\system32\drivers\dxg.sys

2012-12-21 11:00:00 708,096 ----a-w C:\WINDOWS\system32\ntdll.dll

2012-12-21 11:00:00 707 ----a-w C:\WINDOWS\_default.pif

2012-12-21 11:00:00 701,440 ----a-w C:\WINDOWS\system32\msxml2.dll

2012-12-21 11:00:00 70,656 ----a-w C:\WINDOWS\system32\mmcbase.dll

2012-12-21 11:00:00 70,656 ----a-w C:\WINDOWS\system32\ifsutil.dll

2012-12-21 11:00:00 70,656 ----a-w C:\WINDOWS\system32\amstream.dll

2012-12-21 11:00:00 70,144 ----a-w C:\WINDOWS\system32\sigverif.exe

2012-12-21 11:00:00 7,936 ----a-w C:\WINDOWS\system32\drivers\fs_rec.sys

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\vcdex.dll

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\ncxpnt.dll

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\mciole32.dll

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\kbdsmsfi.dll

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\kbdcan.dll

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\hostname.exe

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\drivers\mcd.sys

2012-12-21 11:00:00 7,680 ----a-w C:\WINDOWS\system32\chcp.com

2012-12-21 11:00:00 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\wshnetbs.dll

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\recover.exe

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\mscat32.dll

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\kbdukx.dll

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\kbdno1.dll

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\kbdfi1.dll

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\forcedos.exe

2012-12-21 11:00:00 7,168 ----a-w C:\WINDOWS\system32\diskcopy.com

2012-12-21 11:00:00 7,168 ----a-r C:\WINDOWS\system32\kbdcz.dll

2012-12-21 11:00:00 7,052 ----a-w C:\WINDOWS\system32\nlsfunc.exe

2012-12-21 11:00:00 7,040 ----a-w C:\WINDOWS\system32\kdcom.dll

2012-12-21 11:00:00 69,632 ----a-w C:\WINDOWS\system32\scarddlg.dll

2012-12-21 11:00:00 69,632 ----a-w C:\WINDOWS\system32\raschap.dll

2012-12-21 11:00:00 69,632 ----a-w C:\WINDOWS\system32\odbcconf.exe

2012-12-21 11:00:00 69,584 ----a-w C:\WINDOWS\system32\avicap.dll

2012-12-21 11:00:00 69,120 ----a-w C:\WINDOWS\system32\olethk32.dll

2012-12-21 11:00:00 69,120 ----a-w C:\WINDOWS\system32\notepad.exe

2012-12-21 11:00:00 69,120 ----a-w C:\WINDOWS\system32\mprddm.dll

2012-12-21 11:00:00 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE

2012-12-21 11:00:00 68,768 ----a-w C:\WINDOWS\system32\mmsystem.dll

2012-12-21 11:00:00 68,608 ----a-w C:\WINDOWS\system32\digest.dll

2012-12-21 11:00:00 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2012-12-21 11:00:00 68,096 ----a-w C:\WINDOWS\system32\systeminfo.exe

2012-12-21 11:00:00 68,096 ----a-w C:\WINDOWS\system32\shgina.dll

2012-12-21 11:00:00 68,096 ----a-w C:\WINDOWS\system32\adsmsext.dll

2012-12-21 11:00:00 673,088 ----a-w C:\WINDOWS\system32\mlang.dat

2012-12-21 11:00:00 67,584 ----a-w C:\WINDOWS\system32\sti.dll

2012-12-21 11:00:00 67,584 ----a-w C:\WINDOWS\system32\srclient.dll

2012-12-21 11:00:00 67,584 ----a-w C:\WINDOWS\system32\osuninst.dll

2012-12-21 11:00:00 67,584 ----a-w C:\WINDOWS\system32\openfiles.exe

2012-12-21 11:00:00 67,584 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys

2012-12-21 11:00:00 67,584 ------w C:\WINDOWS\system32\webclnt.dll

2012-12-21 11:00:00 67,072 ----a-w C:\WINDOWS\system32\rdshost.exe

2012-12-21 11:00:00 67,072 ----a-w C:\WINDOWS\system32\ntdsapi.dll

2012-12-21 11:00:00 66,560 ----a-w C:\WINDOWS\system32\console.dll

2012-12-21 11:00:00 66,560 ------w C:\WINDOWS\system32\mtxclu.dll

2012-12-21 11:00:00 66,176 ----a-w C:\WINDOWS\system32\drivers\udfs.sys

2012-12-21 11:00:00 657,920 ----a-w C:\WINDOWS\system32\rasdlg.dll

2012-12-21 11:00:00 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll

2012-12-21 11:00:00 65,536 ----a-w C:\WINDOWS\system32\wshext.dll

2012-12-21 11:00:00 65,536 ----a-w C:\WINDOWS\system32\wextract.exe

2012-12-21 11:00:00 65,536 ----a-w C:\WINDOWS\system32\shimeng.dll

2012-12-21 11:00:00 65,536 ----a-w C:\WINDOWS\system32\odbccu32.dll

2012-12-21 11:00:00 65,536 ----a-w C:\WINDOWS\system32\odbccr32.dll

2012-12-21 11:00:00 65,024 ----a-w C:\WINDOWS\system32\msaudite.dll

2012-12-21 11:00:00 65,024 ----a-w C:\WINDOWS\system32\asycfilt.dll

2012-12-21 11:00:00 640,000 ----a-w C:\WINDOWS\system32\dbghelp.dll

2012-12-21 11:00:00 64,896 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2012-12-21 11:00:00 64,512 ----a-w C:\WINDOWS\system32\acctres.dll

2012-12-21 11:00:00 64,000 ----a-w C:\WINDOWS\system32\samlib.dll

2012-12-21 11:00:00 64,000 ----a-w C:\WINDOWS\system32\avicap32.dll

2012-12-21 11:00:00 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys

2012-12-21 11:00:00 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2012-12-21 11:00:00 63,488 ----a-w C:\WINDOWS\system32\cryptnet.dll

2012-12-21 11:00:00 63,488 ----a-w C:\WINDOWS\system32\cmstp.exe

2012-12-21 11:00:00 63,488 ----a-w C:\WINDOWS\system32\browselc.dll

2012-12-21 11:00:00 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll

2012-12-21 11:00:00 622,080 ----a-w C:\WINDOWS\system32\netcfgx.dll

2012-12-21 11:00:00 62,976 ----a-w C:\WINDOWS\system32\rsopprov.exe

2012-12-21 11:00:00 62,976 ----a-w C:\WINDOWS\system32\pautoenr.dll

2012-12-21 11:00:00 62,976 ----a-w C:\WINDOWS\system32\dsauth.dll

2012-12-21 11:00:00 62,464 ----a-w C:\WINDOWS\system32\rdpclip.exe

2012-12-21 11:00:00 62,464 ----a-w C:\WINDOWS\system32\iasnap.dll

2012-12-21 11:00:00 62,464 ----a-w C:\WINDOWS\system32\dpnmodem.dll

2012-12-21 11:00:00 62,464 ----a-w C:\WINDOWS\system32\authz.dll

2012-12-21 11:00:00 619,008 ----a-w C:\WINDOWS\system32\dx7vb.dll

2012-12-21 11:00:00 616,960 ----a-w C:\WINDOWS\system32\advapi32.dll

2012-12-21 11:00:00 614,912 ----a-w C:\WINDOWS\system32\h323msp.dll

2012-12-21 11:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll

2012-12-21 11:00:00 61,952 ----a-w C:\WINDOWS\system32\dpnwsock.dll

2012-12-21 11:00:00 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2012-12-21 11:00:00 61,440 ----a-w C:\WINDOWS\system32\rasman.dll

2012-12-21 11:00:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2012-12-21 11:00:00 61,440 ----a-w C:\WINDOWS\system32\dmcompos.dll

2012-12-21 11:00:00 61,168 ----a-w C:\WINDOWS\system32\msacm.dll

2012-12-21 11:00:00 602,624 ----a-w C:\WINDOWS\system32\autoconv.exe

2012-12-21 11:00:00 60,928 ----a-w C:\WINDOWS\system32\ocmanage.dll

2012-12-21 11:00:00 60,928 ----a-w C:\WINDOWS\system32\dpnhupnp.dll

2012-12-21 11:00:00 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2012-12-21 11:00:00 60,416 ----a-w C:\WINDOWS\system32\remotepg.dll

2012-12-21 11:00:00 60,416 ----a-w C:\WINDOWS\system32\cryptsvc.dll

2012-12-21 11:00:00 60,416 ----a-w C:\WINDOWS\system32\colbact.dll

2012-12-21 11:00:00 6,784 ----a-w C:\WINDOWS\system32\drivers\parvdm.sys

2012-12-21 11:00:00 6,656 ----a-w C:\WINDOWS\system32\sensapi.dll

2012-12-21 11:00:00 6,656 ----a-w C:\WINDOWS\system32\routetab.dll

2012-12-21 11:00:00 6,656 ----a-w C:\WINDOWS\system32\msidle.dll

2012-12-21 11:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdsg.dll

2012-12-21 11:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdla.dll

2012-12-21 11:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdinmal.dll

2012-12-21 11:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdinben.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdycl.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdsl1.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdsl.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdpl.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdhu.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdhela3.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdcz2.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdcz1.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\kbdcr.dll

2012-12-21 11:00:00 6,656 ----a-r C:\WINDOWS\system32\KBDAL.DLL

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\svcpack.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\msdtc.exe

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdusx.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdusr.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdusl.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdsw.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdsp.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdsf.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdpo.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdno.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdne.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdmlt48.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdmlt47.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdmac.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdinbe1.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdic.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdgr1.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdgr.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdfr.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdfo.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdfi.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdfc.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdes.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdda.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdca.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdbr.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdbene.dll

2012-12-21 11:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdbe.dll

2012-12-21 11:00:00 6,144 ----a-r C:\WINDOWS\system32\kbdtuq.dll

2012-12-21 11:00:00 6,144 ----a-r C:\WINDOWS\system32\kbdtuf.dll

2012-12-21 11:00:00 6,144 ----a-r C:\WINDOWS\system32\kbdlv1.dll

2012-12-21 11:00:00 6,144 ----a-r C:\WINDOWS\system32\kbdlv.dll

2012-12-21 11:00:00 6,144 ----a-r C:\WINDOWS\system32\kbdhela2.dll

2012-12-21 11:00:00 6,144 ----a-r C:\WINDOWS\system32\kbdgkl.dll

2012-12-21 11:00:00 6,144 ----a-r C:\WINDOWS\system32\kbdest.dll

2012-12-21 11:00:00 597,504 ----a-w C:\WINDOWS\system32\crypt32.dll

2012-12-21 11:00:00 596,992 ----a-w C:\WINDOWS\system32\wsecedit.dll

2012-12-21 11:00:00 590,336 ----a-w C:\WINDOWS\system32\d3dramp.dll

2012-12-21 11:00:00 59,904 ----a-w C:\WINDOWS\system32\mpr.dll

2012-12-21 11:00:00 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2012-12-21 11:00:00 59,904 ----a-w C:\WINDOWS\system32\devenum.dll

2012-12-21 11:00:00 59,904 ----a-w C:\WINDOWS\system32\cabinet.dll

2012-12-21 11:00:00 59,392 ----a-w C:\WINDOWS\system32\logman.exe

2012-12-21 11:00:00 59,392 ----a-w C:\WINDOWS\system32\iassvcs.dll

2012-12-21 11:00:00 589,312 ----a-w C:\WINDOWS\system32\wiashext.dll

2012-12-21 11:00:00 588,800 ----a-w C:\WINDOWS\system32\autochk.exe

2012-12-21 11:00:00 586,240 ----a-w C:\WINDOWS\system32\mlang.dll

2012-12-21 11:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll

2012-12-21 11:00:00 580,608 ----a-w C:\WINDOWS\system32\autofmt.exe

2012-12-21 11:00:00 58,880 ----a-w C:\WINDOWS\system32\resutils.dll

2012-12-21 11:00:00 58,880 ----a-w C:\WINDOWS\system32\rastapi.dll

2012-12-21 11:00:00 58,880 ----a-w C:\WINDOWS\system32\msdtclog.dll

2012-12-21 11:00:00 58,880 ----a-w C:\WINDOWS\system32\licwmi.dll

2012-12-21 11:00:00 58,880 ----a-w C:\WINDOWS\system32\atl.dll

2012-12-21 11:00:00 58,368 ----a-w C:\WINDOWS\system32\driverquery.exe

2012-12-21 11:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2012-12-21 11:00:00 57,856 ----a-w C:\WINDOWS\system32\ntlanui.dll

2012-12-21 11:00:00 57,856 ----a-w C:\WINDOWS\system32\clusapi.dll

2012-12-21 11:00:00 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys

2012-12-21 11:00:00 57,344 ----a-w C:\WINDOWS\system32\msasn1.dll

2012-12-21 11:00:00 57,344 ----a-w C:\WINDOWS\system32\gpupdate.exe

2012-12-21 11:00:00 57,344 ----a-w C:\WINDOWS\system32\dpwsockx.dll

2012-12-21 11:00:00 566,784 ----a-w C:\WINDOWS\system32\gpedit.dll

2012-12-21 11:00:00 565,760 ----a-w C:\WINDOWS\system32\msvcp50.dll

2012-12-21 11:00:00 562,176 ----a-w C:\WINDOWS\system32\qedit.dll

2012-12-21 11:00:00 560,640 ----a-w C:\WINDOWS\system32\printui.dll

2012-12-21 11:00:00 56,832 ----a-w C:\WINDOWS\system32\sol.exe

2012-12-21 11:00:00 56,832 ----a-w C:\WINDOWS\system32\rasphone.exe

2012-12-21 11:00:00 56,320 ----a-w C:\WINDOWS\system32\servdeps.dll

2012-12-21 11:00:00 56,320 ----a-w C:\WINDOWS\system32\fsutil.exe

2012-12-21 11:00:00 56,320 ----a-w C:\WINDOWS\system32\cipher.exe

2012-12-21 11:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll

2012-12-21 11:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll

2012-12-21 11:00:00 55,936 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2012-12-21 11:00:00 55,808 ----a-w C:\WINDOWS\system32\wmiscmgr.dll

2012-12-21 11:00:00 55,808 ----a-w C:\WINDOWS\system32\secur32.dll

2012-12-21 11:00:00 55,808 ----a-w C:\WINDOWS\system32\eventlog.dll

2012-12-21 11:00:00 55,296 ----a-w C:\WINDOWS\system32\sendmail.dll

2012-12-21 11:00:00 55,296 ----a-w C:\WINDOWS\system32\getmac.exe

2012-12-21 11:00:00 55,296 ----a-w C:\WINDOWS\system32\freecell.exe

2012-12-21 11:00:00 55,296 ----a-w C:\WINDOWS\system32\dvdplay.exe

2012-12-21 11:00:00 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll

2012-12-21 11:00:00 540,160 ----a-w C:\WINDOWS\system32\comuid.dll

2012-12-21 11:00:00 54,784 ----a-w C:\WINDOWS\system32\msvcirt.dll

2012-12-21 11:00:00 54,784 ----a-w C:\WINDOWS\system32\icmui.dll

2012-12-21 11:00:00 54,272 ----a-w C:\WINDOWS\system32\stclient.dll

2012-12-21 11:00:00 538,624 ----a-w C:\WINDOWS\system32\spider.exe

2012-12-21 11:00:00 53,840 ----a-w C:\WINDOWS\system32\dosx.exe

2012-12-21 11:00:00 53,760 ----a-w C:\WINDOWS\system32\winsta.dll

2012-12-21 11:00:00 53,760 ----a-w C:\WINDOWS\system32\cryptext.dll

2012-12-21 11:00:00 53,520 ----a-w C:\WINDOWS\system32\dpserial.dll

2012-12-21 11:00:00 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll

2012-12-21 11:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll

2012-12-21 11:00:00 53,248 ----a-w C:\WINDOWS\system32\ipv6.exe

2012-12-21 11:00:00 526,848 ----a-w C:\WINDOWS\system32\p2psvc.dll

2012-12-21 11:00:00 52,736 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2012-12-21 11:00:00 52,736 ----a-w C:\WINDOWS\system32\basesrv.dll

2012-12-21 11:00:00 52,224 ----a-w C:\WINDOWS\system32\tsappcmp.dll

2012-12-21 11:00:00 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll

2012-12-21 11:00:00 514,560 ----a-w C:\WINDOWS\system32\logonui.exe

2012-12-21 11:00:00 512,512 ----a-w C:\WINDOWS\system32\cryptui.dll

2012-12-21 11:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll

2012-12-21 11:00:00 51,712 ----a-w C:\WINDOWS\system32\wzcsapi.dll

2012-12-21 11:00:00 51,712 ----a-w C:\WINDOWS\system32\vdmredir.dll

2012-12-21 11:00:00 51,712 ----a-w C:\WINDOWS\system32\msident.dll

2012-12-21 11:00:00 51,456 ----a-w C:\WINDOWS\system32\vga256.dll

2012-12-21 11:00:00 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2012-12-21 11:00:00 51,200 ----a-w C:\WINDOWS\system32\dssec.dll

2012-12-21 11:00:00 506,368 ----a-w C:\WINDOWS\system32\msxml.dll

2012-12-21 11:00:00 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe

2012-12-21 11:00:00 50,688 ----a-w C:\WINDOWS\twain_32.dll

2012-12-21 11:00:00 50,688 ----a-w C:\WINDOWS\system32\wstdecod.dll

2012-12-21 11:00:00 50,688 ----a-w C:\WINDOWS\system32\smss.exe

2012-12-21 11:00:00 50,688 ----a-w C:\WINDOWS\system32\mmcshext.dll

2012-12-21 11:00:00 50,688 ----a-w C:\WINDOWS\system32\camocx.dll

2012-12-21 11:00:00 50,688 ----a-w C:\WINDOWS\system32\btpanui.dll

2012-12-21 11:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com

2012-12-21 11:00:00 50,176 ----a-w C:\WINDOWS\system32\xmlprovi.dll

2012-12-21 11:00:00 50,176 ----a-w C:\WINDOWS\system32\reg.exe

2012-12-21 11:00:00 50,176 ----a-w C:\WINDOWS\system32\mdhcp.dll

2012-12-21 11:00:00 50,176 ----a-w C:\WINDOWS\system32\loghours.dll

2012-12-21 11:00:00 50,176 ----a-w C:\WINDOWS\system32\eventcreate.exe

2012-12-21 11:00:00 5,888 ----a-w C:\WINDOWS\system32\drivers\rootmdm.sys

2012-12-21 11:00:00 5,888 ----a-w C:\WINDOWS\system32\drivers\dmload.sys

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\write.exe

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\winver.exe

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\tapiperf.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\softpub.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\security.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdus.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\kbduk.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdmaori.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdit142.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdit.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdir.dll

2012-12-21 11:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdgae.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdro.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdpl1.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdmon.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdlt1.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdlt.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdkyr.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdhu1.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdhe319.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdhe220.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdhe.dll

2012-12-21 11:00:00 5,632 ----a-r C:\WINDOWS\system32\kbdazel.dll

2012-12-21 11:00:00 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys

2012-12-21 11:00:00 5,120 ----a-w C:\WINDOWS\system32\winnls.dll

2012-12-21 11:00:00 5,120 ----a-w C:\WINDOWS\system32\shell.dll

2012-12-21 11:00:00 5,120 ----a-w C:\WINDOWS\system32\sfc.dll

2012-12-21 11:00:00 5,120 ----a-w C:\WINDOWS\system32\lodctr.exe

2012-12-21 11:00:00 5,120 ----a-w C:\WINDOWS\system32\kbddv.dll

2012-12-21 11:00:00 5,120 ----a-w C:\WINDOWS\system32\dcomcnfg.exe

2012-12-21 11:00:00 5,120 ----a-w C:\WINDOWS\system32\bootvrfy.exe

2012-12-21 11:00:00 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll

2012-12-21 11:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll

2012-12-21 11:00:00 49,680 ----a-w C:\WINDOWS\twunk_16.exe

2012-12-21 11:00:00 49,664 ----a-w C:\WINDOWS\system32\w32tm.exe

2012-12-21 11:00:00 49,664 ----a-w C:\WINDOWS\system32\regapi.dll

2012-12-21 11:00:00 49,664 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2012-12-21 11:00:00 49,536 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys

2012-12-21 11:00:00 49,179 ----a-w C:\WINDOWS\system32\sqlwoa.dll

2012-12-21 11:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll

2012-12-21 11:00:00 49,152 ----a-w C:\WINDOWS\system32\powercfg.exe

2012-12-21 11:00:00 49,152 ----a-w C:\WINDOWS\system32\mprdim.dll

2012-12-21 11:00:00 48,640 ----a-w C:\WINDOWS\system32\pnrpnsp.dll

2012-12-21 11:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys

2012-12-21 11:00:00 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2012-12-21 11:00:00 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2012-12-21 11:00:00 48,128 ----a-w C:\WINDOWS\system32\inetres.dll

2012-12-21 11:00:00 48,128 ----a-w C:\WINDOWS\system32\docprop2.dll

2012-12-21 11:00:00 47,872 ----a-w C:\WINDOWS\system32\user.exe

2012-12-21 11:00:00 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll

2012-12-21 11:00:00 47,616 ----a-w C:\WINDOWS\system32\d3dxof.dll

2012-12-21 11:00:00 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr

2012-12-21 11:00:00 47,104 ----a-w C:\WINDOWS\system32\mprui.dll

2012-12-21 11:00:00 47,104 ----a-w C:\WINDOWS\system32\cmdl32.exe

2012-12-21 11:00:00 463,360 ----a-w C:\WINDOWS\system32\wiadefui.dll

2012-12-21 11:00:00 46,592 ----a-w C:\WINDOWS\system32\pmspl.dll

2012-12-21 11:00:00 46,258 ----a-w C:\WINDOWS\system32\mib.bin

2012-12-21 11:00:00 46,080 ----a-w C:\WINDOWS\system32\docprop.dll

2012-12-21 11:00:00 457,728 ----a-w C:\WINDOWS\system32\certmgr.dll

2012-12-21 11:00:00 45,568 ----a-w C:\WINDOWS\system32\tcpmonui.dll

2012-12-21 11:00:00 45,568 ----a-w C:\WINDOWS\system32\tcpmon.dll

2012-12-21 11:00:00 45,568 ----a-w C:\WINDOWS\system32\extrac32.exe

2012-12-21 11:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2012-12-21 11:00:00 45,083 ----a-w C:\WINDOWS\system32\dispex.dll

2012-12-21 11:00:00 442,368 ----a-w C:\WINDOWS\system32\sqlsrv32.dll

2012-12-21 11:00:00 44,544 ----a-w C:\WINDOWS\system32\tscupgrd.exe

2012-12-21 11:00:00 44,032 ----a-w C:\WINDOWS\system32\twext.dll

2012-12-21 11:00:00 44,032 ----a-w C:\WINDOWS\system32\rtutils.dll

2012-12-21 11:00:00 44,032 ----a-w C:\WINDOWS\system32\ipsec6.exe

2012-12-21 11:00:00 44,032 ----a-w C:\WINDOWS\system32\dimap.dll

2012-12-21 11:00:00 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll

2012-12-21 11:00:00 438,272 ----a-w C:\WINDOWS\system32\shimgvw.dll

2012-12-21 11:00:00 436,224 ----a-w C:\WINDOWS\system32\d3dim.dll

2012-12-21 11:00:00 435,712 ----a-w C:\WINDOWS\system32\shellstyle.dll

2012-12-21 11:00:00 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe

2012-12-21 11:00:00 430,592 ----a-w C:\WINDOWS\system32\vssapi.dll

2012-12-21 11:00:00 43,520 ----a-w C:\WINDOWS\system32\pstorec.dll

2012-12-21 11:00:00 43,520 ----a-w C:\WINDOWS\system32\ntlanman.dll

2012-12-21 11:00:00 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2012-12-21 11:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll

2012-12-21 11:00:00 42,809 ----a-w C:\WINDOWS\system32\key01.sys

2012-12-21 11:00:00 42,768 ----a-w C:\WINDOWS\system32\dpwsock.dll

2012-12-21 11:00:00 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys

2012-12-21 11:00:00 42,496 ----a-w C:\WINDOWS\system32\wsnmp32.dll

2012-12-21 11:00:00 42,496 ----a-w C:\WINDOWS\system32\shmgrate.exe

2012-12-21 11:00:00 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2012-12-21 11:00:00 42,496 ----a-w C:\WINDOWS\system32\audiosrv.dll

2012-12-21 11:00:00 42,240 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys

2012-12-21 11:00:00 419,840 ----a-w C:\WINDOWS\system32\ntvdm.exe

2012-12-21 11:00:00 415,744 ----a-w C:\WINDOWS\system32\samsrv.dll

2012-12-21 11:00:00 414,208 ----a-w C:\WINDOWS\system32\setupdll.dll

2012-12-21 11:00:00 413,696 ----a-w C:\WINDOWS\system32\msvcp60.dll

2012-12-21 11:00:00 41,984 ----a-w C:\WINDOWS\system32\msports.dll

2012-12-21 11:00:00 41,984 ----a-w C:\WINDOWS\system32\htui.dll

2012-12-21 11:00:00 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys

2012-12-21 11:00:00 41,472 ----a-w C:\WINDOWS\system32\iasads.dll

2012-12-21 11:00:00 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll

2012-12-21 11:00:00 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2012-12-21 11:00:00 407,552 ----a-w C:\WINDOWS\system32\mstsc.exe

2012-12-21 11:00:00 407,040 ----a-w C:\WINDOWS\system32\netlogon.dll

2012-12-21 11:00:00 406,528 ----a-w C:\WINDOWS\system32\usp10.dll

2012-12-21 11:00:00 40,960 ----a-w C:\WINDOWS\system32\ntmsapi.dll

2012-12-21 11:00:00 40,448 ----a-w C:\WINDOWS\system32\osuninst.exe

2012-12-21 11:00:00 4,768 ----a-w C:\WINDOWS\system32\himem.sys

2012-12-21 11:00:00 4,736 ----a-w C:\WINDOWS\system32\drivers\usbd.sys

2012-12-21 11:00:00 4,656 ----a-w C:\WINDOWS\system32\ds16gt.dLL

2012-12-21 11:00:00 4,608 ----a-w C:\WINDOWS\system32\vjoy.dll

2012-12-21 11:00:00 4,608 ----a-w C:\WINDOWS\system32\regwiz.exe

2012-12-21 11:00:00 4,608 ----a-w C:\WINDOWS\system32\mssip32.dll

2012-12-21 11:00:00 4,608 ----a-w C:\WINDOWS\system32\msimg32.dll

2012-12-21 11:00:00 4,608 ----a-w C:\WINDOWS\system32\mchgrcoi.dll

2012-12-21 11:00:00 4,608 ----a-w C:\WINDOWS\system32\dllhst3g.exe

2012-12-21 11:00:00 4,608 ----a-w C:\WINDOWS\system32\bootok.exe

2012-12-21 11:00:00 4,569 ----a-w C:\WINDOWS\system32\secupd.dat

2012-12-21 11:00:00 4,463 ----a-w C:\WINDOWS\system32\oembios.dat

2012-12-21 11:00:00 4,352 ----a-w C:\WINDOWS\system32\drivers\wmilib.sys

2012-12-21 11:00:00 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys

2012-12-21 11:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\rdpcdd.sys

2012-12-21 11:00:00 4,208 ----a-w C:\WINDOWS\system32\storage.dll

2012-12-21 11:00:00 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2012-12-21 11:00:00 4,096 ----a-w C:\WINDOWS\system32\unlodctr.exe

2012-12-21 11:00:00 4,096 ----a-w C:\WINDOWS\system32\rdpcfgex.dll

2012-12-21 11:00:00 4,096 ----a-w C:\WINDOWS\system32\mtxex.dll

2012-12-21 11:00:00 4,096 ----a-w C:\WINDOWS\system32\iprtprio.dll

2012-12-21 11:00:00 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2012-12-21 11:00:00 4,096 ----a-w C:\WINDOWS\system32\actmovie.exe

2012-12-21 11:00:00 398,336 ----a-w C:\WINDOWS\system32\rpcss.dll

2012-12-21 11:00:00 397,824 ----a-w C:\WINDOWS\system32\regwizc.dll

2012-12-21 11:00:00 394,240 ----a-w C:\WINDOWS\system32\diactfrm.dll

2012-12-21 11:00:00 39,936 ----a-w C:\WINDOWS\system32\rshx32.dll

2012-12-21 11:00:00 39,936 ----a-w C:\WINDOWS\system32\perfctrs.dll

2012-12-21 11:00:00 39,936 ----a-w C:\WINDOWS\system32\cmutil.dll

2012-12-21 11:00:00 39,936 ----a-w C:\WINDOWS\system32\cmmon32.exe

2012-12-21 11:00:00 39,744 ----a-w C:\WINDOWS\system32\ole2.dll

2012-12-21 11:00:00 39,424 ----a-w C:\WINDOWS\system32\grpconv.exe

2012-12-21 11:00:00 39,424 ----a-w C:\WINDOWS\system32\esentutl.exe

2012-12-21 11:00:00 39,424 ----a-w C:\WINDOWS\system32\ddeml.dll

2012-12-21 11:00:00 39,274 ----a-w C:\WINDOWS\system32\mem.exe

2012-12-21 11:00:00 388,608 ----a-w C:\WINDOWS\system32\cmd.exe

2012-12-21 11:00:00 385,536 ----a-w C:\WINDOWS\system32\themeui.dll

2012-12-21 11:00:00 385,024 ----a-w C:\WINDOWS\system32\qdvd.dll

2012-12-21 11:00:00 384,000 ----a-w C:\WINDOWS\system32\ipsmsnap.dll

2012-12-21 11:00:00 382,976 ----a-w C:\WINDOWS\system32\fontext.dll

2012-12-21 11:00:00 380,957 ----a-w C:\WINDOWS\system32\expsrv.dll

2012-12-21 11:00:00 38,912 ----a-w C:\WINDOWS\system32\sens.dll

2012-12-21 11:00:00 38,912 ----a-w C:\WINDOWS\system32\cfgbkend.dll

2012-12-21 11:00:00 38,016 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2012-12-21 11:00:00 378,368 ----a-w C:\WINDOWS\system32\wzcdlg.dll

2012-12-21 11:00:00 375,296 ----a-w C:\WINDOWS\system32\dpnet.dll

2012-12-21 11:00:00 37,916 ----a-w C:\WINDOWS\system32\msxml2r.dll

2012-12-21 11:00:00 37,376 ----a-w C:\WINDOWS\system32\olecnv32.dll

2012-12-21 11:00:00 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2012-12-21 11:00:00 367,616 ----a-w C:\WINDOWS\system32\dsound.dll

2012-12-21 11:00:00 363,008 ----a-w C:\WINDOWS\system32\smlogcfg.dll

2012-12-21 11:00:00 362,496 ----a-w C:\WINDOWS\system32\jet500.dll

2012-12-21 11:00:00 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2012-12-21 11:00:00 36,864 ----a-w C:\WINDOWS\system32\ntsdexts.dll

2012-12-21 11:00:00 36,864 ----a-w C:\WINDOWS\system32\mscpxl32.dLL

2012-12-21 11:00:00 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2012-12-21 11:00:00 36,352 ----a-w C:\WINDOWS\system32\typeperf.exe

2012-12-21 11:00:00 36,352 ----a-w C:\WINDOWS\system32\ncobjapi.dll

2012-12-21 11:00:00 36,352 ----a-w C:\WINDOWS\system32\drivers\disk.sys

2012-12-21 11:00:00 36,224 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys

2012-12-21 11:00:00 36,096 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2012-12-21 11:00:00 359,936 ----a-w C:\WINDOWS\system32\wzcsvc.dll

2012-12-21 11:00:00 359,936 ----a-w C:\WINDOWS\system32\cards.dll

2012-12-21 11:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

2012-12-21 11:00:00 358,400 ----a-w C:\WINDOWS\system32\termmgr.dll

2012-12-21 11:00:00 352,256 ----a-w C:\WINDOWS\system32\drivers\atmuni.sys

2012-12-21 11:00:00 351,232 ----a-w C:\WINDOWS\system32\winhttp.dll

2012-12-21 11:00:00 350,208 ----a-w C:\WINDOWS\system32\d3drm.dll

2012-12-21 11:00:00 35,840 ----a-w C:\WINDOWS\system32\rcimlby.exe

2012-12-21 11:00:00 35,840 ----a-w C:\WINDOWS\system32\mssign32.dll

2012-12-21 11:00:00 35,840 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2012-12-21 11:00:00 35,840 ----a-w C:\WINDOWS\system32\dmloader.dll

2012-12-21 11:00:00 35,755 ----a-w C:\WINDOWS\system32\prncnfg.vbs

2012-12-21 11:00:00 35,648 ----a-w C:\WINDOWS\system32\ntio411.sys

2012-12-21 11:00:00 35,424 ----a-w C:\WINDOWS\system32\ntio412.sys

2012-12-21 11:00:00 35,328 ----a-w C:\WINDOWS\system32\pifmgr.dll

2012-12-21 11:00:00 35,328 ----a-w C:\WINDOWS\system32\pid.dll

2012-12-21 11:00:00 35,328 ----a-w C:\WINDOWS\system32\mciqtz32.dll

2012-12-21 11:00:00 35,328 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2012-12-21 11:00:00 35,328 ----a-w C:\WINDOWS\system32\dpnhpast.dll

2012-12-21 11:00:00 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2012-12-21 11:00:00 349,696 ----a-w C:\WINDOWS\system32\ipsecsnp.dll

2012-12-21 11:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll

2012-12-21 11:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll

2012-12-21 11:00:00 344,064 ----a-w C:\WINDOWS\system32\hnetcfg.dll

2012-12-21 11:00:00 343,040 ----a-w C:\WINDOWS\system32\msvcrt.dll

2012-12-21 11:00:00 343,040 ----a-w C:\WINDOWS\system32\mspaint.exe

2012-12-21 11:00:00 343,040 ----a-w C:\WINDOWS\system32\cmdial32.dll

2012-12-21 11:00:00 341,504 ----a-w C:\WINDOWS\system32\localspl.dll

2012-12-21 11:00:00 34,944 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2012-12-21 11:00:00 34,816 ----a-w C:\WINDOWS\system32\ssdpapi.dll

2012-12-21 11:00:00 34,816 ----a-w C:\WINDOWS\system32\perfproc.dll

2012-12-21 11:00:00 34,816 ----a-w C:\WINDOWS\system32\d3dpmesh.dll

2012-12-21 11:00:00 34,816 ----a-w C:\WINDOWS\system32\atmpvcno.dll

2012-12-21 11:00:00 34,560 ----a-w C:\WINDOWS\system32\ntio804.sys

2012-12-21 11:00:00 34,560 ----a-w C:\WINDOWS\system32\ntio404.sys

2012-12-21 11:00:00 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2012-12-21 11:00:00 34,560 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2012-12-21 11:00:00 34,432 ----a-w C:\WINDOWS\system32\drivers\rawwan.sys

2012-12-21 11:00:00 34,304 ----a-w C:\WINDOWS\system32\pstorsvc.dll

2012-12-21 11:00:00 337,920 ----a-w C:\WINDOWS\system32\zipfldr.dll

2012-12-21 11:00:00 337,920 ----a-w C:\WINDOWS\system32\filemgmt.dll

2012-12-21 11:00:00 331,264 ----a-w C:\WINDOWS\system32\ipnathlp.dll

2012-12-21 11:00:00 330,752 ----a-w C:\WINDOWS\system32\hnetwiz.dll

2012-12-21 11:00:00 330,752 ----a-w C:\WINDOWS\system32\dmconfig.dll

2012-12-21 11:00:00 33,840 ----a-w C:\WINDOWS\system32\ntio.sys

2012-12-21 11:00:00 33,792 ----a-w C:\WINDOWS\system32\regini.exe

2012-12-21 11:00:00 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe

2012-12-21 11:00:00 33,280 ----a-w C:\WINDOWS\system32\ping6.exe

2012-12-21 11:00:00 33,280 ----a-w C:\WINDOWS\system32\msobjs.dll

2012-12-21 11:00:00 33,280 ----a-w C:\WINDOWS\system32\inetmib1.dll

2012-12-21 11:00:00 33,280 ----a-w C:\WINDOWS\system32\cryptdll.dll

2012-12-21 11:00:00 33,040 ----a-w C:\WINDOWS\system32\dplay.dll

2012-12-21 11:00:00 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe

2012-12-21 11:00:00 326,656 ----a-w C:\WINDOWS\system32\cscui.dll

2012-12-21 11:00:00 32,896 ----a-w C:\WINDOWS\system32\drivers\ipfltdrv.sys

2012-12-21 11:00:00 32,816 ----a-w C:\WINDOWS\system32\commdlg.dll

2012-12-21 11:00:00 32,768 ----a-w C:\WINDOWS\system32\winipsec.dll

2012-12-21 11:00:00 32,768 ----a-w C:\WINDOWS\system32\relog.exe

2012-12-21 11:00:00 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe

2012-12-21 11:00:00 32,768 ----a-w C:\WINDOWS\system32\csrsrv.dll

2012-12-21 11:00:00 32,768 ----a-w C:\WINDOWS\system32\cnetcfg.dll

2012-12-21 11:00:00 32,768 ----a-w C:\WINDOWS\system32\asr_pfu.exe

2012-12-21 11:00:00 32,546 ----a-w C:\WINDOWS\system32\prnmngr.vbs

2012-12-21 11:00:00 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe

2012-12-21 11:00:00 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe

2012-12-21 11:00:00 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe

2012-12-21 11:00:00 32,256 ----a-w C:\WINDOWS\system32\iashlpr.dll

2012-12-21 11:00:00 32,256 ----a-w C:\WINDOWS\system32\asr_ldm.exe

2012-12-21 11:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll

2012-12-21 11:00:00 316,416 ----a-w C:\WINDOWS\system32\untfs.dll

2012-12-21 11:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll

2012-12-21 11:00:00 313,856 ----a-w C:\WINDOWS\system32\scesrv.dll

2012-12-21 11:00:00 312,320 ----a-w C:\WINDOWS\system32\p2pgraph.dll

2012-12-21 11:00:00 31,744 ----a-w C:\WINDOWS\system32\rtipxmib.dll

2012-12-21 11:00:00 31,744 ----a-w C:\WINDOWS\system32\ntsd.exe

2012-12-21 11:00:00 31,360 ----a-w C:\WINDOWS\system32\drivers\atmepvc.sys

2012-12-21 11:00:00 31,232 ----a-w C:\WINDOWS\system32\traffic.dll

2012-12-21 11:00:00 31,232 ----a-w C:\WINDOWS\system32\sc.exe

2012-12-21 11:00:00 308,224 ----a-w C:\WINDOWS\system32\netui2.dll

2012-12-21 11:00:00 306,176 ----a-w C:\WINDOWS\system32\slbcsp.dll

2012-12-21 11:00:00 304,128 ----a-w C:\WINDOWS\system32\duser.dll

2012-12-21 11:00:00 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys

2012-12-21 11:00:00 30,749 ----a-w C:\WINDOWS\system32\vbajet32.dll

2012-12-21 11:00:00 30,720 ----a-w C:\WINDOWS\system32\plustab.dll

2012-12-21 11:00:00 30,720 ----a-w C:\WINDOWS\system32\mkdir.exe

2012-12-21 11:00:00 30,720 ----a-w C:\WINDOWS\system32\iologmsg.dll

2012-12-21 11:00:00 30,208 ----a-w C:\WINDOWS\system32\mspatcha.dll

2012-12-21 11:00:00 30,208 ----a-w C:\WINDOWS\system32\dplaysvr.exe

2012-12-21 11:00:00 30,208 ----a-w C:\WINDOWS\system32\atmlib.dll

2012-12-21 11:00:00 30,208 ----a-w C:\WINDOWS\system32\asr_fmt.exe

2012-12-21 11:00:00 30,160 ----a-w C:\WINDOWS\system32\compobj.dll

2012-12-21 11:00:00 30,080 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2012-12-21 11:00:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2012-12-21 11:00:00 3,708 ----a-w C:\WINDOWS\system32\pubprn.vbs

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\riched32.dll

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\regedt32.exe

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\iprop.dll

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2012-12-21 11:00:00 3,584 ----a-w C:\WINDOWS\system32\comcat.dll

2012-12-21 11:00:00 3,456 ----a-w C:\WINDOWS\system32\drivers\oprghdlr.sys

2012-12-21 11:00:00 3,338 ----a-w C:\WINDOWS\system32\redir.exe

2012-12-21 11:00:00 3,328 ----a-w C:\WINDOWS\system32\drivers\dxgthk.sys

2012-12-21 11:00:00 3,253 ----a-w C:\WINDOWS\system32\eXPerience.dll

2012-12-21 11:00:00 3,072 ----a-w C:\WINDOWS\system32\systray.exe

2012-12-21 11:00:00 3,072 ----a-w C:\WINDOWS\system32\rnr20.dll

2012-12-21 11:00:00 3,072 ----a-w C:\WINDOWS\system32\fixmapi.exe

2012-12-21 11:00:00 295,936 ----a-w C:\WINDOWS\system32\appmgr.dll

2012-12-21 11:00:00 295,424 ----a-w C:\WINDOWS\system32\termsrv.dll

2012-12-21 11:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll

2012-12-21 11:00:00 29,696 ----a-w C:\WINDOWS\system32\lights.exe

2012-12-21 11:00:00 29,454 ----a-w C:\WINDOWS\system32\prnport.vbs

2012-12-21 11:00:00 29,370 ----a-w C:\WINDOWS\system32\ntdos411.sys

2012-12-21 11:00:00 29,274 ----a-w C:\WINDOWS\system32\ntdos412.sys

2012-12-21 11:00:00 29,184 ----a-w C:\WINDOWS\system32\sendcmsg.dll

2012-12-21 11:00:00 29,146 ----a-w C:\WINDOWS\system32\ntdos804.sys

2012-12-21 11:00:00 29,146 ----a-w C:\WINDOWS\system32\ntdos404.sys

2012-12-21 11:00:00 29,056 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2012-12-21 11:00:00 285,696 ----a-w C:\WINDOWS\system32\objsel.dll

2012-12-21 11:00:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2012-12-21 11:00:00 285,184 ----a-w C:\WINDOWS\system32\glmf32.dll

2012-12-21 11:00:00 283,648 ----a-w C:\WINDOWS\winhlp32.exe

2012-12-21 11:00:00 283,648 ----a-w C:\WINDOWS\system32\pdh.dll

2012-12-21 11:00:00 282,624 ----a-w C:\WINDOWS\system32\devmgr.dll

2012-12-21 11:00:00 28,746 ----a-w C:\WINDOWS\system32\msrecr40.dll

2012-12-21 11:00:00 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll

2012-12-21 11:00:00 28,672 --

Share this post


Link to post
Share on other sites

Wow, that last one was a doozy! Here's the second:

 

Logfile of HijackThis v1.99.1

Scan saved at 1:34:16 AM, on 6/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [boostSpeed] "C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe" /Q

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177679059457

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: hgghgfe - hgghgfe.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: winkzr32 - winkzr32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

 

Jeff

Share this post


Link to post
Share on other sites

And one more observation: while in the sustem configuration utility (trying to cut down on the number of items running at startup, since it was taking for ever for the laptop to start up) I noticed that "ipmon.exe" was one of the items listed in startup, though unchecked. I have no plans to check it, so can it stay there or are we hoping to get rid of it?

 

jeff

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

 

The log was long because you installed a program (probably windows) when you time clock was set to 2012

All items are showing in the 3M report from the tools.

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-12-21 11:00:00 994,304 ----a-w C:\WINDOWS\system32\msgina.dll

....

 

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O20 - Winlogon Notify: hgghgfe - hgghgfe.dll (file missing)

O20 - Winlogon Notify: winkzr32 - winkzr32.dll (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer to reset the registry.

 

Download the Registry Search Tool from here:

http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip

 

Unzip to your Desktop and double click on regsrch.vbs

(if you have script protection, please allow this to run)

 

In the dialog that opens enter the following:

ipmon.exe

 

Press 'OK'

 

The search will run for a while then alert you when it is finished.

 

Press 'OK' and copy the contents of the WordPad window and post in this thread.

 

This ipmon.exe is known to come from a TROJAN. Run this scan.

 

TrendMicro HouseCall Java Scan

[*]Please go HERE to run the Trend Micro HouseCall Scan.

[*]Click Scan now. It's free!

[*]Read and put a Check next to Yes I accept the terms of use.

[*]Click the Launching HouseCall>> button.

[*]If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.

[*]You may receive a Security Warning about the TrendMicro Java applet, click YES.

[*]Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.

[*]Please be patient while it installs, updates, and scans your system.

[*]Once the scan is complete, it will take you to the summary page.

[*]Under Cleanup options, choose clean all detected infections automatically.

[*]Click the Clean now>> button.

[*]If anything was found you may be prompted to run the scan again, you can just close the browser window.[/list]

Share this post


Link to post
Share on other sites

Okay, here's the latest:

 

REGEDIT4

; RegSrch.vbs © Bill James

 

; Registry search results for string "ipmon.exe" 6/4/2007 2:31:23 AM

 

; NOTE: This file will be deleted when you close WordPad.

; You must manually save this file to a new location if you want to refer to it again later.

; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ipmon]

"command"="ipmon.exe"

 

jeff

Share this post


Link to post
Share on other sites

; Purpose: Remove traces in the registry.

;

; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.

;

; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ipmon]

 

 

; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

 

If you need help on "How to Make a .Reg File"

See: http://www.nellie2.co.uk/file.htm

 

Submit a fresh HijackThis log.

 

Let me know what problem remains.

Share this post


Link to post
Share on other sites

Here's the latest log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:49:11 PM, on 6/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\GEARSec.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177679059457

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

I've noticed no problems so far, though I haven't used the computer much while clearing it out of nasties.

 

jeff

Share this post


Link to post
Share on other sites

Glad we could help.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

[Reopened]

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites

vicvalis

 

The topic is open.

 

If any problems please explain and submit a fresh HijackThis log.

Share this post


Link to post
Share on other sites

Had to reinstall Office 2003 from a file of dubious origin, and knew I'd better start taking care of any problems now. Norton antivirus spotted some stuff and quarentined it. AVG did too. Did some housecleaning myself. Here's the latest hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:19:12 PM, on 6/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177679059457

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

Thanks,

 

jeff

Share this post


Link to post
Share on other sites

The last HijackThis log is clean.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0