Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.spybot.worm/icrss.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 beepbeep

beepbeep

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 31 December 2006 - 11:02 PM

Problem as stated in title and description.

For the record, my computer used to crash every now and then until I finally decided to follow the preparation guide to clean out the many viruses/adware/spyware. Don't know if there still other stuff lurking around. :/

I need to get this cleaned before downloading SP-2.Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 11:56:16 AM, on 1/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system\icrss.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg8.hpwis.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows LoL Layer] pmlggi.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Windows LoL Layer] pmlggi.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows LoL Layer] pmlggi.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166510998890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166523873281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DBED2D-83E5-4AB6-821E-BE19EFF54243}: NameServer = 165.21.100.88 165.21.83.88
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:55 PM

Posted 31 December 2006 - 11:19 PM

Hello,

Your system is still infected and I see you're dealing with a file infector here as well :thumbsup:

Please do next..

* Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL <== not required
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [Windows LoL Layer] pmlggi.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] pmlggi.exe
O4 - HKCU\..\Run: [Windows LoL Layer] pmlggi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
<== this is a resource hog
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe <= not required
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next files:

C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\system\icrss.exe
Search for and delete pmlggi.exe
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum). I need that log afterwards.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply together with a new Hijackthislog and the log from SDfix.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 01 January 2007 - 02:30 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:26:28 PM, on 1/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166510998890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166523873281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DBED2D-83E5-4AB6-821E-BE19EFF54243}: NameServer = 165.21.100.88 165.21.83.88
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




SDFix: Version 1.53
****************

Mon 01/01/2007 - 13:30:00.92

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking Services...

Service Name:

icrss

File Path:

"C:\WINDOWS\system\icrss.exe"

icrss Deleted...

Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\WINDOWS\system\smss.exe
C:\WINDOWS\system32\setup_34028.exe
C:\WINDOWS\system32\TFTP2756
C:\WINDOWS\system32\TFTP3688
C:\WINDOWS\system32\TFTP4088
C:\WINDOWS\system32\TFTP7160

Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
:lzx32.sys 66088
Total size: 66088 bytes.

Removing ADS

system32: deleted 66088 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\WINDOWS\system32\awtturo.dll
C:\WINDOWS\system32\byxuvtr.dll
C:\WINDOWS\system32\cbxvtst.dll
C:\WINDOWS\system32\cbxxwtu.dll
C:\WINDOWS\system32\ddcyxvt.dll
C:\WINDOWS\system32\fcccbax.dll
C:\WINDOWS\system32\fcccyxy.dll
C:\WINDOWS\system32\gebcdby.dll
C:\WINDOWS\system32\gebxurr.dll
C:\WINDOWS\system32\gebxxvu.dll
C:\WINDOWS\system32\gebyvss.dll
C:\WINDOWS\system32\gebyxyx.dll
C:\WINDOWS\system32\hgggdba.dll
C:\WINDOWS\system32\iifdawu.dll
C:\WINDOWS\system32\iifgfeb.dll
C:\WINDOWS\system32\jkkkihf.dll
C:\WINDOWS\system32\khfcywu.dll
C:\WINDOWS\system32\khffcdb.dll
C:\WINDOWS\system32\ljjhggd.dll
C:\WINDOWS\system32\ljjjkkl.dll
C:\WINDOWS\system32\ljjkijg.dll
C:\WINDOWS\system32\mljhfgg.dll
C:\WINDOWS\system32\mljifef.dll
C:\WINDOWS\system32\nnnnnnl.dll
C:\WINDOWS\system32\opnmjgf.dll
C:\WINDOWS\system32\opnmnnk.dll
C:\WINDOWS\system32\opnnoop.dll
C:\WINDOWS\system32\opnonmj.dll
C:\WINDOWS\system32\pmnoooo.dll
C:\WINDOWS\system32\rqromjh.dll
C:\WINDOWS\system32\ssqonnn.dll
C:\WINDOWS\system32\ssqqopp.dll
C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\tuvutqq.dll
C:\WINDOWS\system32\tuvvtut.dll
C:\WINDOWS\system32\tuvvvts.dll
C:\WINDOWS\system32\urqqpnl.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtursrp.dll
C:\WINDOWS\system32\vtusstt.dll
C:\WINDOWS\system32\wvurqnn.dll
C:\WINDOWS\system32\xxyvvut.dll
C:\WINDOWS\system32\xxyxuuu.dll
C:\WINDOWS\system32\xxyxvur.dll
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\WINDOWS\Temp\194625.exe
C:\WINDOWS\Temp\280046.exe
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Default User\Application Data\Microsoft\Word\~WRL1354.tmp
C:\Documents and Settings\Default User\Application Data\Microsoft\Word\~WRL1424.tmp
C:\Documents and Settings\Default User\Application Data\Microsoft\Word\~WRL2685.tmp
C:\Documents and Settings\Default User\Desktop\~WRL0646.tmp
C:\Documents and Settings\Default User\Desktop\~WRL0700.tmp
C:\Documents and Settings\Default User\Desktop\~WRL0783.tmp
C:\Documents and Settings\Default User\Desktop\~WRL0976.tmp
C:\Documents and Settings\Default User\Desktop\~WRL1049.tmp
C:\Documents and Settings\Default User\Desktop\~WRL2215.tmp
C:\Documents and Settings\Default User\Desktop\~WRL2807.tmp
C:\Documents and Settings\Default User\Desktop\~WRL2869.tmp
C:\Documents and Settings\Default User\Desktop\~WRL2988.tmp
C:\Documents and Settings\Default User\Desktop\~WRL3282.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1354.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1424.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2685.tmp
C:\Documents and Settings\Owner\Desktop\~WRL0646.tmp
C:\Documents and Settings\Owner\Desktop\~WRL0700.tmp
C:\Documents and Settings\Owner\Desktop\~WRL0783.tmp
C:\Documents and Settings\Owner\Desktop\~WRL0976.tmp
C:\Documents and Settings\Owner\Desktop\~WRL1049.tmp
C:\Documents and Settings\Owner\Desktop\~WRL2215.tmp
C:\Documents and Settings\Owner\Desktop\~WRL2807.tmp
C:\Documents and Settings\Owner\Desktop\~WRL2869.tmp
C:\Documents and Settings\Owner\Desktop\~WRL2988.tmp
C:\Documents and Settings\Owner\Desktop\~WRL3282.tmp
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Word\~WRL1354.tmp
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Word\~WRL1424.tmp
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Word\~WRL2685.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL0646.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL0700.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL0783.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL0976.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL1049.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL2215.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL2807.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL2869.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL2988.tmp
C:\WINDOWS\system32\config\systemprofile\Desktop\~WRL3282.tmp

FINISHED!



aqwfenfx.dll;c:\windows\system32;Trojan.Juan;Will be cured after reboot.;
280046.exe;c:\windows\temp;Trojan.DownLoader.17087;;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
EN_SG-ie.reg;C:\hp\region;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
aqwfenfx.dll;C:\WINDOWS\system32;Trojan.Juan;Will be cured after reboot.;
dllms.dll;C:\WINDOWS\system32;Trojan.PWS.Lineage;Deleted.;
nice.exe;C:\WINDOWS\system32;BackDoor.IRC.Sdbot.based;Deleted.;
dr[1].gif;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PTAWS9S6;Trojan.StartPage.1697;Deleted.;
194625.exe;C:\WINDOWS\Temp;Trojan.DownLoader.17087;;
280046.exe;C:\WINDOWS\Temp;Trojan.DownLoader.17087;;
7645187.exe;C:\WINDOWS\Temp;Trojan.DownLoader.17087;;
VRT481.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT5E.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT60.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT61.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT62.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1696;Deleted.;
VRT63.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT64.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT66.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT67.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT69.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;
VRT6C.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1696;Deleted.;
VRTC8.tmp;C:\WINDOWS\Temp;Trojan.StartPage.1697;Deleted.;

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:55 PM

Posted 01 January 2007 - 06:02 AM

Hello,

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next files:

C:\WINDOWS\system32\awtturo.dll
C:\WINDOWS\system32\byxuvtr.dll
C:\WINDOWS\system32\cbxvtst.dll
C:\WINDOWS\system32\cbxxwtu.dll
C:\WINDOWS\system32\ddcyxvt.dll
C:\WINDOWS\system32\fcccbax.dll
C:\WINDOWS\system32\fcccyxy.dll
C:\WINDOWS\system32\gebcdby.dll
C:\WINDOWS\system32\gebxurr.dll
C:\WINDOWS\system32\gebxxvu.dll
C:\WINDOWS\system32\gebyvss.dll
C:\WINDOWS\system32\gebyxyx.dll
C:\WINDOWS\system32\hgggdba.dll
C:\WINDOWS\system32\iifdawu.dll
C:\WINDOWS\system32\iifgfeb.dll
C:\WINDOWS\system32\jkkkihf.dll
C:\WINDOWS\system32\khfcywu.dll
C:\WINDOWS\system32\khffcdb.dll
C:\WINDOWS\system32\ljjhggd.dll
C:\WINDOWS\system32\ljjjkkl.dll
C:\WINDOWS\system32\ljjkijg.dll
C:\WINDOWS\system32\mljhfgg.dll
C:\WINDOWS\system32\mljifef.dll
C:\WINDOWS\system32\nnnnnnl.dll
C:\WINDOWS\system32\opnmjgf.dll
C:\WINDOWS\system32\opnmnnk.dll
C:\WINDOWS\system32\opnnoop.dll
C:\WINDOWS\system32\opnonmj.dll
C:\WINDOWS\system32\pmnoooo.dll
C:\WINDOWS\system32\rqromjh.dll
C:\WINDOWS\system32\ssqonnn.dll
C:\WINDOWS\system32\ssqqopp.dll
C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\tuvutqq.dll
C:\WINDOWS\system32\tuvvtut.dll
C:\WINDOWS\system32\tuvvvts.dll
C:\WINDOWS\system32\urqqpnl.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtursrp.dll
C:\WINDOWS\system32\vtusstt.dll
C:\WINDOWS\system32\wvurqnn.dll
C:\WINDOWS\system32\xxyvvut.dll
C:\WINDOWS\system32\xxyxuuu.dll
C:\WINDOWS\system32\xxyxvur.dll
C:\WINDOWS\Temp\194625.exe
C:\WINDOWS\Temp\280046.exe

Don't worry if you're not able to delete some.

Then, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 01 January 2007 - 08:36 AM

Files that I cannot delete:
C:\WINDOWS\system32\ljjjkkl.dll
C:\WINDOWS\system32\vtstr.dll

Not found:
C:\WINDOWS\Temp\280046.exe

However, I found a 280046.exe-2A78E67D file at C:\WINDOWS\Pretech. I didn't do anything to it yet.




Owner - 07-01-01 21:28:16.50 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))


2007-01-01 14:12 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2007-01-01 13:09 <DIR> d-------- C:\WINDOWS\pss
2007-01-01 12:51 <DIR> d-------- C:\SDFix
2007-01-01 11:50 <DIR> d-------- C:\Program Files\HijackThis
2007-01-01 02:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-01 02:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-01 02:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-01 01:57 <DIR> d-------- C:\WINDOWS\system32\bits
2007-01-01 01:55 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-01-01 01:55 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-01-01 01:55 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-01-01 01:55 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-01 01:55 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2007-01-01 00:46 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-01 00:46 <DIR> d-------- C:\Program Files\Zone Labs
2007-01-01 00:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-01 00:17 0 --a------ C:\WINDOWS\system32\Windows-spyware.exe
2006-12-31 20:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-31 19:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-12-31 19:13 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-28 22:37 81,684 --a------ C:\WINDOWS\system32\hnnpjbaa.dll
2006-12-26 11:44 8,460 --a------ C:\WINDOWS\sorp.exe
2006-12-22 16:00 22,541 --a------ C:\WINDOWS\system32\gebxyvs.dll
2006-12-20 13:26 664,170 ---hs---- C:\WINDOWS\system32\rtstv.bak2
2006-12-19 18:34 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-12-19 18:32 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-19 18:32 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-19 18:32 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-12-19 18:32 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-19 18:32 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-19 17:58 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-12-19 14:53 75,544 --a------ C:\WINDOWS\system32\cdm.dll
2006-12-19 14:53 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-12-19 14:53 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-19 14:53 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-19 14:53 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-19 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-19 14:11 22,541 ---h----- C:\WINDOWS\system32\ljjjkkl.dll
2006-12-18 11:52 349,711 ---hs---- C:\WINDOWS\system32\rtstv.bak1
2006-12-18 11:52 276,532 ---h----- C:\WINDOWS\system32\vtstr.dll
2006-12-16 19:24 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-12-16 19:24 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-12-16 19:24 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-12-16 19:24 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-12-16 19:23 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-12-16 19:23 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-12-16 19:21 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-12-16 19:21 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\kbdnec.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-12-16 19:21 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-12-16 19:19 72,192 --a------ C:\WINDOWS\system32\uniime.dll
2006-12-16 19:19 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-12-16 19:18 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-12-16 19:18 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-12-16 19:18 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-12-16 19:18 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-12-16 19:18 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-12-16 19:18 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-12-16 19:18 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-12-16 13:35 99,352 --a------ C:\WINDOWS\system32\ccPasswd.dll
2006-12-16 13:35 95,480 --a------ C:\WINDOWS\system32\ccTrust.dll
2006-12-16 13:33 35,552 --a------ C:\WINDOWS\system32\drivers\SAVRTPEL.SYS
2006-12-16 13:33 235,744 --a------ C:\WINDOWS\system32\drivers\SAVRT.SYS
2006-12-16 13:32 <DIR> d-------- C:\Program Files\SymNetDrv
2006-12-16 13:31 124,168 --a------ C:\WINDOWS\system32\SymStore.dll
2006-12-16 13:07 25,088 --a------ C:\WINDOWS\system32\CoInst.dll
2006-12-16 13:04 <DIR> dr-h----- C:\Documents and Settings\Owner\Recent
2006-12-16 13:03 <DIR> dr-hs---- C:\cmdcons
2006-12-16 13:00 27,648 -ra------ C:\WINDOWS\system32\GsiDi32.dll
2006-12-16 12:54 81,920 --a------ C:\WINDOWS\system32\ps2.bat
2006-12-16 12:54 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-12-16 12:54 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2006-12-16 12:54 14,112 --a------ C:\WINDOWS\system32\drivers\PS2.sys
2006-12-16 12:52 86,912 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2006-12-16 12:52 218,112 --a------ C:\WINDOWS\system32\sbe.dll
2006-12-16 12:52 155,648 --a------ C:\WINDOWS\system32\encdec.dll
2006-12-16 12:51 732,672 --a------ C:\WINDOWS\system32\ir50_32.dll
2006-12-16 12:51 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2006-12-16 12:51 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2006-12-16 12:51 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2006-12-16 12:51 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2006-12-16 12:41 50,816 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2006-12-16 12:41 50,176 --a------ C:\WINDOWS\ALCXMNTR.EXE
2006-12-16 12:41 4,595,712 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-12-16 12:35 <DIR> d--hs---- C:\found.000
2006-12-15 15:02 <DIR> d-------- C:\Program Files\Microsoft
2006-12-14 22:13 136 --a------ C:\WINDOWS\system32\guktq.bat
2006-12-14 13:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Help
2006-12-14 13:51 98,304 --------- C:\WINDOWS\system32\gspnDll.dll
2006-12-14 13:51 90,112 --------- C:\WINDOWS\system32\gsicon.exe
2006-12-14 13:51 26,985 --a------ C:\WINDOWS\system32\drivers\gafwload.sys
2006-12-14 13:51 250,692 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2006-12-14 13:51 24,576 --a------ C:\WINDOWS\system32\delaySpawn.exe
2006-12-14 13:51 16,384 --------- C:\WINDOWS\system32\dslagent.exe
2006-12-14 13:51 102,400 --------- C:\WINDOWS\system32\instDll.dll
2006-12-07 19:02 <DIR> d-------- C:\Program Files\Photo Pos Pro
2006-12-07 17:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-01 21:25 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-01 21:25 -------- d-------- C:\Program Files\Common Files
2006-12-31 23:59 -------- d-------- C:\Program Files\MUSICMATCH
2006-12-31 23:58 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-31 23:58 -------- d-------- C:\Program Files\Easy Internet signup
2006-12-31 21:51 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-31 21:50 -------- d-------- C:\Program Files\Norton AntiVirus
2006-12-31 21:43 -------- d-------- C:\Program Files\Messenger
2006-12-31 21:43 -------- d-------- C:\Program Files\Internet Explorer
2006-12-17 03:19 -------- d-------- C:\Program Files\Windows NT
2006-12-17 03:19 -------- d-------- C:\Program Files\Windows Media Player
2006-12-17 03:19 -------- d-------- C:\Program Files\Outlook Express
2006-12-17 03:19 -------- d-------- C:\Program Files\NetMeeting
2006-12-17 03:19 -------- d-------- C:\Program Files\Movie Maker
2006-12-17 03:18 -------- d-------- C:\Program Files\Common Files\System
2006-12-17 03:18 -------- d-------- C:\Program Files\Common Files\Services
2006-12-16 15:06 77824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-12-16 15:06 5632 --a------ C:\WINDOWS\system32\write.exe
2006-12-16 15:06 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe
2006-12-16 15:06 31232 --a------ C:\WINDOWS\system32\wpabaln.exe
2006-12-16 15:06 29184 --a------ C:\WINDOWS\system32\wpnpinst.exe
2006-12-16 15:06 28160 --a------ C:\WINDOWS\system32\xcopy.exe
2006-12-16 15:06 266752 --a------ C:\WINDOWS\winhlp32.exe
2006-12-16 15:06 25600 --a------ C:\WINDOWS\twunk_32.exe
2006-12-16 15:06 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-16 15:06 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-12-16 15:06 118784 --a------ C:\WINDOWS\system32\wscript.exe
2006-12-16 15:05 98304 --a------ C:\WINDOWS\system32\verifier.exe
2006-12-16 15:05 9216 --a------ C:\WINDOWS\system32\subst.exe
2006-12-16 15:05 8192 --a------ C:\WINDOWS\system32\winhlp32.exe
2006-12-16 15:05 77824 --a------ C:\WINDOWS\system32\usrmlnka.exe
2006-12-16 15:05 71168 --a------ C:\WINDOWS\system32\telnet.exe
2006-12-16 15:05 69632 --a------ C:\WINDOWS\system32\usrshuta.exe
2006-12-16 15:05 667648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-12-16 15:05 638976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-12-16 15:05 61440 --a------ C:\WINDOWS\system32\usrprbda.exe
2006-12-16 15:05 60416 --a------ C:\WINDOWS\system32\wextract.exe
2006-12-16 15:05 569344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-12-16 15:05 51200 --a------ C:\WINDOWS\system32\syncapp.exe
2006-12-16 15:05 49664 --a------ C:\WINDOWS\system32\w32tm.exe
2006-12-16 15:05 47616 --a------ C:\WINDOWS\system32\utilman.exe
2006-12-16 15:05 43008 --a------ C:\WINDOWS\system32\ssmypics.scr
2006-12-16 15:05 414720 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-12-16 15:05 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-16 15:05 4096 --a------ C:\WINDOWS\system32\winver.exe
2006-12-16 15:05 4096 --a------ C:\WINDOWS\system32\unlodctr.exe
2006-12-16 15:05 36864 --a------ C:\WINDOWS\system32\syskey.exe
2006-12-16 15:05 364544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-12-16 15:05 33792 --a------ C:\WINDOWS\system32\vssadmin.exe
2006-12-16 15:05 31744 --a------ C:\WINDOWS\system32\tracert6.exe
2006-12-16 15:05 3072 --a------ C:\WINDOWS\system32\systray.exe
2006-12-16 15:05 275456 --a------ C:\WINDOWS\system32\vssvc.exe
2006-12-16 15:05 22016 --a------ C:\WINDOWS\system32\userinit.exe
2006-12-16 15:05 20480 --a------ C:\WINDOWS\system32\stimon.exe
2006-12-16 15:05 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe
2006-12-16 15:05 19456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-12-16 15:05 18944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-12-16 15:05 17408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-12-16 15:05 171520 --a------ C:\WINDOWS\system32\wjview.exe
2006-12-16 15:05 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-12-16 15:05 16896 --a------ C:\WINDOWS\system32\tftp.exe
2006-12-16 15:05 16384 --a------ C:\WINDOWS\system32\ups.exe
2006-12-16 15:05 16384 --a------ C:\WINDOWS\system32\tskill.exe
2006-12-16 15:05 15360 --a------ C:\WINDOWS\system32\taskman.exe
2006-12-16 15:05 14848 --a------ C:\WINDOWS\system32\upnpcont.exe
2006-12-16 15:05 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-12-16 15:05 14848 --a------ C:\WINDOWS\system32\tscon.exe
2006-12-16 15:05 13312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-12-16 15:05 128512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-12-16 15:05 12288 --a------ C:\WINDOWS\system32\tcmsetup.exe
2006-12-16 15:05 119808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-16 15:05 11776 --a------ C:\WINDOWS\system32\winmsd.exe
2006-12-16 15:05 10752 --a------ C:\WINDOWS\system32\tracert.exe
2006-12-16 15:05 103936 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-12-16 15:04 9728 --a------ C:\WINDOWS\system32\sfc.exe
2006-12-16 15:04 9728 --a------ C:\WINDOWS\system32\reset.exe
2006-12-16 15:04 9728 --a------ C:\WINDOWS\system32\regsvr32.exe
2006-12-16 15:04 93184 --a------ C:\WINDOWS\system32\scardsvr.exe
2006-12-16 15:04 82944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-12-16 15:04 81920 --a------ C:\WINDOWS\system32\ps2.EXE
2006-12-16 15:04 8192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-12-16 15:04 74240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-12-16 15:04 7168 --a------ C:\WINDOWS\system32\recover.exe
2006-12-16 15:04 71168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-12-16 15:04 69632 --a------ C:\WINDOWS\system32\shrpubw.exe
2006-12-16 15:04 69632 --a------ C:\WINDOWS\system32\S3uninst.exe
2006-12-16 15:04 66048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-12-16 15:04 61952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-16 15:04 56832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-16 15:04 54272 --a------ C:\WINDOWS\system32\rasphone.exe
2006-12-16 15:04 534016 --a------ C:\WINDOWS\system32\spider.exe
2006-12-16 15:04 49152 --a------ C:\WINDOWS\system32\rsmui.exe
2006-12-16 15:04 49152 --a------ C:\WINDOWS\system32\rsm.exe
2006-12-16 15:04 48128 --a------ C:\WINDOWS\system32\reg.exe
2006-12-16 15:04 4608 --a------ C:\WINDOWS\system32\regwiz.exe
2006-12-16 15:04 45056 --a------ C:\WINDOWS\system32\proquota.exe
2006-12-16 15:04 44032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-16 15:04 3584 --a------ C:\WINDOWS\system32\regedt32.exe
2006-12-16 15:04 34304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-12-16 15:04 33792 --a------ C:\WINDOWS\system32\regini.exe
2006-12-16 15:04 33280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-12-16 15:04 31232 --a------ C:\WINDOWS\system32\sc.exe
2006-12-16 15:04 28672 --a------ C:\WINDOWS\system32\sethc.exe
2006-12-16 15:04 25600 --a------ C:\WINDOWS\system32\routemon.exe
2006-12-16 15:04 24576 --a------ C:\WINDOWS\system32\rsmsink.exe
2006-12-16 15:04 24064 --a------ C:\WINDOWS\system32\skeys.exe
2006-12-16 15:04 23552 --a------ C:\WINDOWS\system32\sort.exe
2006-12-16 15:04 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-12-16 15:04 20992 --a------ C:\WINDOWS\system32\setup.exe
2006-12-16 15:04 19968 --a------ C:\WINDOWS\system32\route.exe
2006-12-16 15:04 19968 --a------ C:\WINDOWS\system32\rcp.exe
2006-12-16 15:04 19456 --a------ C:\WINDOWS\system32\savedump.exe
2006-12-16 15:04 18432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-16 15:04 17920 --a------ C:\WINDOWS\system32\shutdown.exe
2006-12-16 15:04 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-12-16 15:04 16384 --a------ C:\WINDOWS\system32\runas.exe
2006-12-16 15:04 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-12-16 15:04 14848 --a------ C:\WINDOWS\system32\shadow.exe
2006-12-16 15:04 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-16 15:04 13312 --a------ C:\WINDOWS\system32\rsh.exe
2006-12-16 15:04 132608 --a------ C:\WINDOWS\system32\rsvp.exe
2006-12-16 15:04 129024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-16 15:04 12800 --a------ C:\WINDOWS\system32\runonce.exe
2006-12-16 15:04 12800 --a------ C:\WINDOWS\system32\replace.exe
2006-12-16 15:04 124416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-16 15:04 12288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-16 15:04 11776 --a------ C:\WINDOWS\system32\rexec.exe
2006-12-16 15:04 11776 --a------ C:\WINDOWS\system32\rasautou.exe
2006-12-16 15:04 11264 --a------ C:\WINDOWS\system32\rasdial.exe
2006-12-16 15:03 9728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-16 15:03 9216 --a------ C:\WINDOWS\system32\print.exe
2006-12-16 15:03 82944 --a------ C:\WINDOWS\system32\netsh.exe
2006-12-16 15:03 71680 --a------ C:\WINDOWS\system32\nslookup.exe
2006-12-16 15:03 6656 --a------ C:\WINDOWS\system32\msswchx.exe
2006-12-16 15:03 66048 --a------ C:\WINDOWS\system32\notepad.exe
2006-12-16 15:03 53248 --a------ C:\WINDOWS\system32\packager.exe
2006-12-16 15:03 53248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-12-16 15:03 51200 --a------ C:\WINDOWS\system32\narrator.exe
2006-12-16 15:03 4096 --a------ C:\WINDOWS\system32\nddeapir.exe
2006-12-16 15:03 40448 --a------ C:\WINDOWS\system32\osuninst.exe
2006-12-16 15:03 395776 --a------ C:\WINDOWS\system32\ntvdm.exe
2006-12-16 15:03 39424 --a------ C:\WINDOWS\system32\net.exe
2006-12-16 15:03 388608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-16 15:03 339968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-16 15:03 33280 --a------ C:\WINDOWS\system32\ping6.exe
2006-12-16 15:03 32768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-12-16 15:03 326656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-12-16 15:03 323584 --a------ C:\WINDOWS\system32\nwiz.exe
2006-12-16 15:03 31744 --a------ C:\WINDOWS\system32\ntsd.exe
2006-12-16 15:03 30720 --a------ C:\WINDOWS\system32\netstat.exe
2006-12-16 15:03 24576 --a------ C:\WINDOWS\system32\PosGlblInfo2.exe
2006-12-16 15:03 24064 --a------ C:\WINDOWS\system32\mshta.exe
2006-12-16 15:03 21504 --a------ C:\WINDOWS\system32\pathping.exe
2006-12-16 15:03 212480 --a------ C:\WINDOWS\system32\osk.exe
2006-12-16 15:03 20992 --a------ C:\WINDOWS\system32\msg.exe
2006-12-16 15:03 205824 --a------ C:\WINDOWS\system32\progman.exe
2006-12-16 15:03 20480 --a------ C:\WINDOWS\system32\nbtstat.exe
2006-12-16 15:03 16384 --a------ C:\WINDOWS\system32\ping.exe
2006-12-16 15:03 15360 --a------ C:\WINDOWS\system32\pentnt.exe
2006-12-16 15:03 14336 --a------ C:\WINDOWS\system32\perfmon.exe
2006-12-16 15:03 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-16 15:03 115200 --a------ C:\WINDOWS\system32\net1.exe
2006-12-16 15:03 105984 --a------ C:\WINDOWS\system32\netdde.exe
2006-12-16 15:02 9728 --a------ C:\WINDOWS\system32\label.exe
2006-12-16 15:02 90112 --a------ C:\WINDOWS\system32\igfxext.exe
2006-12-16 15:02 8192 --a------ C:\WINDOWS\system32\mountvol.exe
2006-12-16 15:02 8192 --a------ C:\WINDOWS\system32\lpr.exe
2006-12-16 15:02 81408 --a------ C:\WINDOWS\system32\logagent.exe
2006-12-16 15:02 79360 --a------ C:\WINDOWS\system32\makecab.exe
2006-12-16 15:02 774144 --a------ C:\WINDOWS\system32\mmc.exe
2006-12-16 15:02 68096 --a------ C:\WINDOWS\system32\locator.exe
2006-12-16 15:02 67584 --a------ C:\WINDOWS\system32\magnify.exe
2006-12-16 15:02 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-16 15:02 6144 --a------ C:\WINDOWS\system32\lpq.exe
2006-12-16 15:02 60928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-12-16 15:02 51712 --a------ C:\WINDOWS\system32\migpwd.exe
2006-12-16 15:02 51712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-12-16 15:02 5120 --a------ C:\WINDOWS\system32\lodctr.exe
2006-12-16 15:02 504320 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-16 15:02 487424 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-12-16 15:02 44032 --a------ C:\WINDOWS\system32\ipsec6.exe
2006-12-16 15:02 39936 --a------ C:\WINDOWS\system32\MAPISRVR.EXE
2006-12-16 15:02 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-16 15:02 29696 --a------ C:\WINDOWS\system32\lights.exe
2006-12-16 15:02 25088 --a------ C:\WINDOWS\system32\lnkstub.exe
2006-12-16 15:02 22016 --a------ C:\WINDOWS\system32\mpnotify.exe
2006-12-16 15:02 22016 --a------ C:\WINDOWS\system32\ipxroute.exe
2006-12-16 15:02 219648 --a------ C:\WINDOWS\system32\logon.scr
2006-12-16 15:02 172032 --a------ C:\WINDOWS\system32\jview.exe
2006-12-16 15:02 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-12-16 15:02 15360 --a------ C:\WINDOWS\system32\logoff.exe
2006-12-16 15:02 151552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2006-12-16 15:02 14848 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-16 15:02 135680 --a------ C:\WINDOWS\system32\mobsync.exe
2006-12-16 15:02 12800 --a------ C:\WINDOWS\system32\mrinfo.exe
2006-12-16 15:02 123904 --a------ C:\WINDOWS\system32\imapi.exe
2006-12-16 15:02 116736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-16 15:01 99840 --a------ C:\WINDOWS\system32\iexpress.exe
2006-12-16 15:01 937984 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-12-16 15:01 9216 --a------ C:\WINDOWS\system32\finger.exe
2006-12-16 15:01 9216 --a------ C:\WINDOWS\system32\find.exe
2006-12-16 15:01 9216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-12-16 15:01 8704 --a------ C:\WINDOWS\system32\eventvwr.exe
2006-12-16 15:01 80896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-12-16 15:01 77824 --a------ C:\WINDOWS\system32\hphipm11.exe
2006-12-16 15:01 7680 --a------ C:\WINDOWS\system32\hostname.exe
2006-12-16 15:01 7168 --a------ C:\WINDOWS\system32\forcedos.exe
2006-12-16 15:01 56320 --a------ C:\WINDOWS\system32\fsutil.exe
2006-12-16 15:01 55296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-16 15:01 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2006-12-16 15:01 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe
2006-12-16 15:01 44544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-12-16 15:01 40960 --a------ C:\WINDOWS\system32\extrac32.exe
2006-12-16 15:01 40448 --a------ C:\WINDOWS\system32\ftp.exe
2006-12-16 15:01 39424 --a------ C:\WINDOWS\system32\esentutl.exe
2006-12-16 15:01 37888 --a------ C:\WINDOWS\system32\grpconv.exe
2006-12-16 15:01 348160 --a------ C:\WINDOWS\system32\hphmon04.exe
2006-12-16 15:01 3072 --a------ C:\WINDOWS\system32\fixmapi.exe
2006-12-16 15:01 28672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-12-16 15:01 28160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-12-16 15:01 25088 --a------ C:\WINDOWS\system32\findstr.exe
2006-12-16 15:01 250368 --a------ C:\WINDOWS\system32\fxssvc.exe
2006-12-16 15:01 249856 --a------ C:\WINDOWS\system32\hphsav04.exe
2006-12-16 15:01 216064 --a------ C:\WINDOWS\system32\fxscover.exe
2006-12-16 15:01 19456 --a------ C:\WINDOWS\system32\fontview.exe
2006-12-16 15:01 180224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-12-16 15:01 178688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-12-16 15:01 16896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-12-16 15:01 15872 --a------ C:\WINDOWS\system32\expand.exe
2006-12-16 15:01 15872 --a------ C:\WINDOWS\system32\dvdupgrd.exe
2006-12-16 15:01 14848 --a------ C:\WINDOWS\system32\help.exe
2006-12-16 15:01 14848 --a------ C:\WINDOWS\system32\fc.exe
2006-12-16 15:01 14336 --a------ C:\WINDOWS\system32\dmremote.exe
2006-12-16 15:01 1323008 --a------ C:\WINDOWS\system32\dmcpl.exe
2006-12-16 15:01 130048 --a------ C:\WINDOWS\system32\fxsclnt.exe
2006-12-16 15:01 114688 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-12-16 15:01 11264 --a------ C:\WINDOWS\system32\fxssend.exe
2006-12-16 15:01 10752 --a------ C:\WINDOWS\system32\doskey.exe
2006-12-16 15:00 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe
2006-12-16 15:00 204800 --a------ C:\WINDOWS\system32\dmadmin.exe
2006-12-16 14:56 8192 --a------ C:\WINDOWS\system32\control.exe
2006-12-16 14:56 79360 --a------ C:\WINDOWS\system32\diantz.exe
2006-12-16 14:56 76288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-12-16 14:56 70656 --a------ C:\WINDOWS\system32\defrag.exe
2006-12-16 14:56 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-12-16 14:56 27136 --a------ C:\WINDOWS\system32\ddeshare.exe
2006-12-16 14:56 24576 --a------ C:\WINDOWS\system32\conime.exe
2006-12-16 14:56 17920 --a------ C:\WINDOWS\system32\diskperf.exe
2006-12-16 14:56 145920 --a------ C:\WINDOWS\system32\diskpart.exe
2006-12-16 14:56 13824 --a------ C:\WINDOWS\system32\convert.exe
2006-12-16 14:56 13312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-12-16 14:56 102400 --a------ C:\WINDOWS\system32\cscript.exe
2006-12-16 14:55 98816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-16 14:55 61440 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-12-16 14:55 54784 --a------ C:\WINDOWS\system32\cmstp.exe
2006-12-16 14:55 49152 --a------ C:\WINDOWS\system32\clspack.exe
2006-12-16 14:55 45056 --a------ C:\WINDOWS\system32\cliconfg.exe
2006-12-16 14:55 41472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-12-16 14:55 375808 --a------ C:\WINDOWS\system32\cmd.exe
2006-12-16 14:55 35840 --a------ C:\WINDOWS\system32\cmmon32.exe
2006-12-16 14:55 30720 --a------ C:\WINDOWS\system32\clipsrv.exe
2006-12-16 14:55 17408 --a------ C:\WINDOWS\system32\compact.exe
2006-12-16 14:55 15872 --a------ C:\WINDOWS\system32\comp.exe
2006-12-16 14:54 91648 --a------ C:\WINDOWS\system32\ahui.exe
2006-12-16 14:54 8192 --a------ C:\WINDOWS\system32\cidaemon.exe
2006-12-16 14:54 80384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-16 14:54 7680 --a------ C:\WINDOWS\system32\ckcnv.exe
2006-12-16 14:54 5120 --a------ C:\WINDOWS\system32\cisvc.exe
2006-12-16 14:54 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe
2006-12-16 14:54 4608 --a------ C:\WINDOWS\system32\bootok.exe
2006-12-16 14:54 41984 --a------ C:\WINDOWS\system32\alg.exe
2006-12-16 14:54 4096 --a------ C:\WINDOWS\system32\actmovie.exe
2006-12-16 14:54 22528 --a------ C:\WINDOWS\system32\at.exe
2006-12-16 14:54 19456 --a------ C:\WINDOWS\system32\arp.exe
2006-12-16 14:54 18432 --a------ C:\WINDOWS\system32\cacls.exe
2006-12-16 14:54 179200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-16 14:54 134144 --a------ C:\WINDOWS\regedit.exe
2006-12-16 14:54 11776 --a------ C:\WINDOWS\system32\chkdsk.exe
2006-12-16 14:54 114688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-16 14:54 11264 --a------ C:\WINDOWS\system32\chkntfs.exe
2006-12-16 14:54 11264 --a------ C:\WINDOWS\system32\attrib.exe
2006-12-16 14:54 10240 --a------ C:\WINDOWS\system32\atmadm.exe
2006-12-16 14:52 306688 --a------ C:\WINDOWS\IsUninst.exe
2006-12-16 14:47 36864 --a------ C:\WINDOWS\hpfsched.exe
2006-12-16 14:47 10752 --a------ C:\WINDOWS\hh.exe
2006-12-16 14:45 90112 -ra------ C:\WINDOWS\bwUnin-6.2.3.66.exe
2006-12-16 13:59 66048 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-12-16 13:54 31744 --------- C:\WINDOWS\system32\rundll32.exe
2006-12-16 13:48 346624 --a------ C:\WINDOWS\system32\tourstart.exe
2006-12-16 13:48 -------- d-------- C:\Program Files\Symantec
2006-11-16 18:56 -------- d-------- C:\Program Files\Common Files\Designer
2006-11-16 18:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
2006-11-15 21:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2006-11-15 18:46 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-15 18:44 -------- d-------- C:\Program Files\MSN Messenger
2006-11-14 22:39 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-11-14 22:26 -------- d-------- C:\Program Files\Prolink
2006-11-14 22:11 -------- d-------- C:\Program Files\SiSLan


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"hp Silent Service"="C:\\Windows\\system32\\HpSrvUI.exe"
"hpScannerFirstBoot"="c:\\hp\\drivers\\scanners\\scannerfb.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"GSICONEXE"="GSICON.EXE"
"DSLAGENTEXE"="dslagent.exe USB"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows LoL Layer"="pmlggi.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Windows LoL Layer"="pmlggi.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{499E2510-82A5-40A2-BF5E-4D375A4B48B1}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjkkl
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-01 21:29:39.93
C:\ComboFix.txt ... 07-01-01 21:29
C:\ComboFix2.txt ... 07-01-01 21:12



Logfile of HijackThis v1.99.1
Scan saved at 9:35:30 PM, on 1/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg8.hpwis.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166510998890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166523873281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DBED2D-83E5-4AB6-821E-BE19EFF54243}: NameServer = 165.21.100.88 165.21.83.88
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:55 PM

Posted 01 January 2007 - 11:16 AM

As I thought, you are dealing with a file infector as well.
In this case, EVERY exe, sc and rar file may be infected on your system. This means legit files as well. And those may not get deleted, but disinfected instead. So actually it's now all up to the scanners to disinfect them, because we can't do anything manually here.

Problem with this File Infector is (since I tested this one myself), when it attempts to infect a legit exe file, it sometimes may fail in doing this properly as well > result, the legit file doesn't get infected, but gets corrupted instead. Since those are not infected, Antivirusscanners won't flag them either, leaving you with a corrupt legit exe instead. So after the Antivirusscanner was able to disinfect the files, many files may still be present that are corrupt and won't work anymore. Those you'll have to replace afterwards with a "working" copy.

We can give this a try, but keep in mind that damage can still appear afterwards and a format and reinstall will still be the best - fastest and safest option.... since we can't always restore the corrupted files and fix the errors.
So if you decide to give it a try, perform next steps in the right order..

* Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
  • Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\system32\vtstr.dll
  • Copy and paste next in the second field: C:\WINDOWS\system32\ljjjkkl.dll
  • Click the “Add Files” button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

The rest is up to an antivirusscanner to disinfect the infected files.

Normally DrWeb should find and cure them though, but you already ran it and it didn't find any of these.
Symantec doesn't seem to find any of them either to disinfect. That's why I recommend you temporary uninstall Symantec and install another Virusscanner instead which should be able to disinfect them.

So uninstall Norton and install Avira instead: http://www.free-av.com/
Update the Antivirus database after you installed Avira.

Then reboot in safe mode and let Avira perform a full scan and let it disinfect every file it found.
Normally after the scan has finished, you should be able to save a log. Save that log to a place where you'll find it back afterwards.

Then restart your computer back to normal mode.

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to the log from Avira you saved, select it and click ok.

Post a new Combofixlog in your next reply (so rescan with combofix after performing above steps) together with the log from Vundofix (will be on your C:\ with the name Vundofix.txt) and a new Hijackthislog.

Edited by miekiemoes, 01 January 2007 - 11:16 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 01 January 2007 - 12:09 PM

I can't seem to update Avira. Keep getting an error.

Here's the report:

[1/2/2007 1:05:47] [INFO] [PLG] C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\
[1/2/2007 1:05:47] Command line for update application: "C:\Program Files\AntiVir PersonalEdition Classic\update.exe" --config-file="C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\update.conf" --install-path="C:\Program Files\AntiVir PersonalEdition Classic"
[1/2/2007 1:05:47] User changed the logfile name to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\Upd-2007-1-1-17-5-47.log
[1/2/2007 1:05:47] Installation Directory: C:\Program Files\AntiVir PersonalEdition Classic\ Backup Dir: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\ Temp dir: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\
[1/2/2007 1:05:48] [INFO] [GUI] Start the Update GUI... Displaymode: 0
[1/2/2007 1:05:49] [INFO] [PLG] Keyfile: OK [FULL Mode]
[1/2/2007 1:05:49] [INFO] [PLG] Avira AntiVir PersonalEdition Classic
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |DisplayIcon
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |DisplayName
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |HelpLink
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |Publisher
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |UninstallString
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |URLInfoAbout
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |URLUpdateInfo
[1/2/2007 1:05:49] [INFO] [PLG] Registry entry created successfully: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic |ModifyPath
[1/2/2007 1:05:52] Master IDX file has changed
[1/2/2007 1:05:52] File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:05:53] File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:05:53] File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:05:53] File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:05:53] File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:05:53] Downloading the product.info file from http://dl7.avgate.net/upd/idx/vdf.info.gz
[1/2/2007 1:05:55] Downloading the product.info file from http://dl7.avgate.net/upd/idx/specvir-nt.info.gz
[1/2/2007 1:05:55] Downloading the product.info file from http://dl7.avgate.net/upd/idx/engine.info.gz
[1/2/2007 1:05:56] Downloading the product.info file from http://dl7.avgate.net/upd/idx/engine-nt-en.info.gz
[1/2/2007 1:05:57] Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\AntiVir PersonalEdition Classic\ Files: 15
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avinet.dll v7.0.0.1 MD5:a3aad08fdffe2d1a6d64da17889e68ab
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avinet.dll v7.0.0.1 MD5:a3aad08fdffe2d1a6d64da17889e68ab
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/common_msg.avr MD5:a40ecc64d95d171f5a6f50717e26cbe7
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\common_msg.avr MD5:a40ecc64d95d171f5a6f50717e26cbe7
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/mfc71u.dll v7.10.3077.0 MD5:7bfd56e40bb435c5337dba130a9d4c5f
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\mfc71u.dll v7.10.3077.0 MD5:7bfd56e40bb435c5337dba130a9d4c5f
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/msvcp71.dll v7.10.3077.0 MD5:72cac42b1cabf6e708e90783133a86d3
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\msvcp71.dll v7.10.3077.0 MD5:72cac42b1cabf6e708e90783133a86d3
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/msvcr71.dll v7.10.3052.4 MD5:56ac3aeb00c35936487417494c26830c
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\msvcr71.dll v7.10.3052.4 MD5:56ac3aeb00c35936487417494c26830c
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/scewxml.dll MD5:27e65633b3732d26b865a9b76509c6d0
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\scewxml.dll MD5:1e875e6b527c398eac9cd90505664717
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/update.exe v1.2.9.7 MD5:b2b413bdaa7aafa0b9b157cf58a6d1cb
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\update.exe v1.2.9.7 MD5:b2b413bdaa7aafa0b9b157cf58a6d1cb
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/update_msg.avr MD5:d36fef392d386572893538f5fdd10309
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\update_msg.avr MD5:7f240386730001b717a40222386cb6da
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/updgui.dll v1.2.9.10 MD5:1cc1dbd31d4444b35c1113bd00b2ebbb
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\updgui.dll v1.2.9.8 MD5:f8a9b6efb196560d440c1b3cdb4837de
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/updguirc.dll v1.2.12.0 MD5:45883c9c627ff3f4081e812f5b49e77e
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\updguirc.dll v1.2.11.0 MD5:a0eaab69cf77e808e5cdb3e2df3c5178
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/updlib.dll v1.2.9.39 MD5:3b02c760ac730485bea0005865a74675
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\updlib.dll v1.2.9.21 MD5:131ad2b1950bb5ec3e79786759e8ba22
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/updlibrc.dll v1.2.15.0 MD5:073045a9c1fe6643e847da21efb87017
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\updlibrc.dll v1.2.9.13 MD5:fe133ccd2840bb6038306131e445e6f5
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/antivir.oem MD5:8f7d22bb88ee1952ae0ec2ab865cca6e
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\antivir.oem MD5:28818e33ba0f733e9c8d11bbc1c9efa0
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/rcimage.dll v7.0.1.3 MD5:d8babde32e004632d7fd2ba910dad4be
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\rcimage.dll v7.0.0.74 MD5:951beda7812818704992ca227d61ef6f
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/rctext.dll v7.0.12.1 MD5:d7235154454442078b9670aa7ca7e80b
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\rctext.dll v7.0.0.107 MD5:8d03360f1d9ae9094d09c7713054399c
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] Module: MAIN Source: winwks\en\ Destination: C:\Program Files\AntiVir PersonalEdition Classic\ Files: 64
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avcenter.exe v7.0.1.17 MD5:0639304ca326420fed31114a8f936713
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe v7.0.1.14 MD5:5212f1b9f1c450b42254a22afdf92161
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avconfig.cpl v7.0.1.2 MD5:85de4ca6bea24d77198ab2cc38e9b3ac
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avconfig.cpl v7.0.1.2 MD5:85de4ca6bea24d77198ab2cc38e9b3ac
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avconfig.dll v7.0.1.4 MD5:bb43baddb6b4ab164e5362c13357ccac
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avconfig.dll v7.0.1.4 MD5:bb43baddb6b4ab164e5362c13357ccac
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avconfig.exe v7.0.1.20 MD5:9df03f7fc5d0798a2967dc9e1ec15dfb
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avconfig.exe v7.0.1.17 MD5:325dd7fb50b1bbcb8916e58caecab2e3
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File C:\Program Files\AntiVir PersonalEdition Classic\avevtlog.dll does not exist. It will be downloaded
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avgcmxp.dll v7.0.1.1 MD5:1459859a267423d1258d522dabeffeae
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avgcmxp.dll v7.0.0.16 MD5:88e8640fc9249b1e050b0a3dcb1010ac
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avgio.sys v1.0.0.21 MD5:a0010f635170d56a58e0172db7524da7
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys v1.0.0.12 MD5:a41adf5a4d900779436df0bb92a1dad2
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avgnt.exe v7.0.1.6 MD5:0378b446c353e3611c25afc1d13fa5d3
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe v7.0.0.17 MD5:856c4d81a6b207d8b18817d3e9344ab2
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avguard.exe v7.0.0.44 MD5:d38da5e6e8a426d32085a4c24a15bda3
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe v7.0.0.35 MD5:37bec546dcdfa4baf6da0a29c9a77997
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avnotify.dll v7.0.1.0 MD5:f2158a7bbc538262053cdd880f8b1540
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avnotify.dll v7.0.0.19 MD5:2a6db2637767088dae6ba4b8611f2536
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avnotify.exe v7.0.1.0 MD5:b3e166c9961359c726c3ebaa30337da0
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe v7.0.0.18 MD5:fab3cb0900dcd485e83f3ed7b159a8c9
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avpref.dll v7.0.2.0 MD5:7f7991d504802dfc447515e989dbb71b
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avpref.dll v7.0.0.2 MD5:33a5677fe82e904463b5e91e2e6e9b46
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avreg.dll v7.0.1.1 MD5:5fb3c5d2724d364d9f679c82b59d94a3
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avreg.dll v6.31.0.90 MD5:2c6a9ebc315289e8457e35dee3f3ff80
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avrpbase.dll v7.0.0.0 MD5:a3dd664583c064fb520cb8c4693de1e7
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avrpbase.dll v7.0.0.0 MD5:a3dd664583c064fb520cb8c4693de1e7
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avscan.dll v7.0.3.1 MD5:da020e8e7b14639fdafeaf52dfd6d9bb
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avscan.dll v7.0.0.45 MD5:7b19a873505be010c186220672e51970
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/avscan.exe v7.0.3.4 MD5:9025cc82fbbfb3ce5d6bb8446b218771
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe v7.0.0.47 MD5:984a205461c4f3a02419e21f214b8f28
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File C:\Program Files\AntiVir PersonalEdition Classic\avwinll.dll does not exist. It will be downloaded
[1/2/2007 1:05:57] File C:\Program Files\AntiVir PersonalEdition Classic\ccev.dll does not exist. It will be downloaded
[1/2/2007 1:05:57] File C:\Program Files\AntiVir PersonalEdition Classic\ccevrc.dll does not exist. It will be downloaded
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccgen.dll v7.0.1.13 MD5:747d689e6fc013e871a804ccbb95dbdf
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccgen.dll v7.0.1.11 MD5:a9b2510706e7ad462f7b838e9d6eaffa
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccgenrc.dll v7.0.1.7 MD5:4438d528b0c517e5b7a44b51bb479f3b
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccgenrc.dll v7.0.1.7 MD5:d4916193dc28af527300ed5a7bf9ac81
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccgrdrc.dll v7.0.1.6 MD5:9a02dd38c3506bd0bf329809499eb052
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccgrdrc.dll v7.0.1.6 MD5:9a02dd38c3506bd0bf329809499eb052
[1/2/2007 1:05:57] File doesn't need update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccguard.dll v7.0.1.20 MD5:45bd7d939f66ef55582734c6c4f3b60b
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccguard.dll v7.0.1.15 MD5:2329f7b2f6d1edbdda699ceb267b41fa
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/cclic.dll v7.0.1.7 MD5:c214a1919aa5090c253c5f15fa2c32b7
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\cclic.dll v7.0.1.5 MD5:2cc83e97b832d2b80fde0326fb1d1800
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/cclicrc.dll v7.0.2.0 MD5:f50501511f5870669d0b940644e43631
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\cclicrc.dll v7.0.1.3 MD5:0453164ea31f7f45948fedacaaa3bd1e
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccmainrc.dll v7.0.2.1 MD5:87b1e5f755e32d5d93d8acc9407f3f61
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccmainrc.dll v7.0.1.9 MD5:d24294f777169ca0fdbff7619386a4e0
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccprofil.dll v7.0.1.18 MD5:8e6daf8a2872daf8fff08093c1109c43
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccprofil.dll v7.0.1.13 MD5:fc9c38fc9a9a190c5fc65e94bf4b8fe7
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccquamgr.dll v7.0.1.10 MD5:1db08d71ba90f718c57a9f44c70fc9cf
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccquamgr.dll v7.0.1.8 MD5:feaf4710601903d5fb7394381b8a21ec
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccquarc.dll v7.0.2.0 MD5:f29369a0ce0937cba228c7ea3d47f5be
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccquarc.dll v7.0.1.5 MD5:845caeba5fea57a3def83a09564facc6
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccreporc.dll v7.0.2.0 MD5:9959bf95ddf023b1efa4d42a2a8c08ea
[1/2/2007 1:05:57] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccreporc.dll v7.0.1.5 MD5:ac690d2a9af98602e7ec35786c163401
[1/2/2007 1:05:57] File needs update
[1/2/2007 1:05:57] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccreport.dll v7.0.1.8 MD5:c505c40b0dfa1a434e0d02650ab377c3
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccreport.dll v7.0.1.6 MD5:d1e9e33076716859bc5ba2b65b9a70b3
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccscanrc.dll v7.0.1.8 MD5:96c57ee6172ba7e96c68b160cb19e5b5
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccscanrc.dll v7.0.1.8 MD5:363c54d693c0210685e1c7222144bcb0
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccsched.dll v7.0.1.9 MD5:de81c9b57abb493a3db2ba78d924f08f
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccsched.dll v7.0.1.6 MD5:06ab5f62245afda3a305a1ff4c9c34cf
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccscherc.dll v7.0.2.1 MD5:65c86db0861a99f0aa25354c5259ca17
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccscherc.dll v7.0.1.7 MD5:53ce2441d0787e7600a2b499c571bd6f
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccupdate.dll v7.0.1.11 MD5:80614113fd89cab1c55f0516c06e6676
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccupdate.dll v7.0.1.9 MD5:30e2d4ac1dcf24d330890cf38670b0d9
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/ccupdrc.dll v7.0.1.7 MD5:709cf93c2070deeb4c70d3b57f354b2c
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\ccupdrc.dll v7.0.1.7 MD5:709cf93c2070deeb4c70d3b57f354b2c
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/guardgui.exe v7.0.1.1 MD5:087ea88109ebc1543236b2c5b43346e6
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe v7.0.0.15 MD5:0986da16fef3a43ab96c3c11494c97c6
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/guardmsg.dll v7.0.5.0 MD5:db4da6cb25c538dbca55c323404fa97c
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\guardmsg.dll v7.0.0.12 MD5:fec1fc4a56e73cb81994b921219ab68b
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/licmgr.dll v7.0.1.0 MD5:c6239d3c630ec0c3d76e3afe1df032a9
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\licmgr.dll v7.0.0.6 MD5:d21eaa6caa9bbbd1952f74962d7ec65e
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/licmgr.exe v7.0.1.1 MD5:bab8b86111a8e517b34df776ae0f28a4
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\licmgr.exe v7.0.0.5 MD5:022922b05130eafccc4028f8d26a75d3
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/luke.dll v7.0.3.2 MD5:cd9845c67fa88b5fc07bcde33659a888
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\luke.dll v7.0.0.47 MD5:de5945f257602d41d9c0a38cac5a7801
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/lukeres.dll v7.0.2.0 MD5:b2bf2106676e4d6fdc2c7c949c3b0534
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\lukeres.dll v7.0.0.47 MD5:0a500f1fcae0cc5022e4c2c949149397
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/preupd.exe v7.0.0.19 MD5:79cad5a201589489ee7a0fe90195630f
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe v7.0.0.19 MD5:79cad5a201589489ee7a0fe90195630f
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/psapi.dll v4.0.1371.1 MD5:d9b21afa1a55dc00abf6eb25b2ef6869
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\psapi.dll v4.0.1371.1 MD5:d9b21afa1a55dc00abf6eb25b2ef6869
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/sched.exe v7.0.0.34 MD5:598f3e61386da7c7732b73560e18a28e
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\sched.exe v7.0.0.27 MD5:9165b586a86b0602dc6a7110c77d48c7
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/schedr.dll v7.0.18.0 MD5:ac7a0c3e07eef6d24e228a928a7c5dba
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\schedr.dll v7.0.0.9 MD5:4645a8505e30acb0a050deac70b0e95f
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/setup.dll v7.0.11.2 MD5:db6ef63bb712074ce48ba47c763688ca
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\setup.dll v7.0.0.127 MD5:1514e2d0c1abaf8d1ac4da2102cf99b2
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/setup.exe v7.0.1.19 MD5:0bf9a710392bccd2ec10687540f68cf6
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\setup.exe v7.0.0.131 MD5:11ce44c3737a1cc1b6475f9b745a169d
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/shlext.dll v7.0.0.4 MD5:60372c284007e4918a1ceecbc2ea4bb6
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll v7.0.0.4 MD5:60372c284007e4918a1ceecbc2ea4bb6
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/smtplib.dll v1.2.0.9 MD5:7051f7f45b8063b8d41793c070c0a42f
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\smtplib.dll v1.2.0.8 MD5:c47bba01420f99367123cc2dbccfdf12
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File C:\Program Files\AntiVir PersonalEdition Classic\sqlite3.dll does not exist. It will be downloaded
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/xp/avgntflt.sys v6.37.0.10 MD5:cbf1fa70d69a9af81303fe30c455f9c8
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys v6.36.0.15 MD5:0722cbe1a1c1c614ea07a82cce5f23ee
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/alldiscs.avp MD5:746ea386adb9a24c99ec33da3870718f
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp MD5:39716d08eef6d8cb19cf6e944a97402b
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/alldrives.avp MD5:292a72626aeea6b7f02618b4af2c57ee
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp MD5:ca76f1ab2789520422b846f89f655877
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/build.dat MD5:812e4de17164b81b6b5eba47cab0e2bf
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\build.dat MD5:bded1a9e06401246c2291050a84a59db
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/guardevt.dll v1.1.0.7 MD5:611e331a0e4893a39f9f77d801e96fa8
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\guardevt.dll v1.0.1.7 MD5:95bc0270eb98bc249bdc2bf2382c79d8
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/hbedv.key MD5:977feaeb37c46eece3d4eb5dc88a4779
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\hbedv.key MD5:a1ff713711b612a590b0bec28908ae12
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/mydocs.avp MD5:1acc2478dca81f804ec102a99b90a1f1
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\mydocs.avp MD5:f7170aea07dca09f675466ee66dc8ad7
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File C:\Program Files\AntiVir PersonalEdition Classic\process.avp does not exist. It will be downloaded
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/rchelp.dll v7.0.0.18 MD5:ffde2ddebef0a492408c124a91d1704c
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\rchelp.dll v7.0.0.16 MD5:a9f7c17b3ab00d3e56f445ea11f2cdbf
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/rmdiscs.avp MD5:0a1b76737648c63a263c27f33b4bb831
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\rmdiscs.avp MD5:4523fe78a98223e4ccc8033a0943fdc7
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/setupprf.dat MD5:b7b12f4f6a2089ba8d994f33a34b1bf0
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\setupprf.dat MD5:880df97cccc8b4490d5ea04863c6fa1b
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/sysdir.avp MD5:3a58425393ee51f714ff60668291ffde
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp MD5:2ed1fc4e25818bcefa232f129543f73f
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/weblink.url MD5:e9bbf34aa3d0391b6815c0efcda1dd77
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\weblink.url MD5:e9bbf34aa3d0391b6815c0efcda1dd77
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
[1/2/2007 1:05:58] File C:\Documents and Settings\All Users\Application Data\addr_file.html does not exist. It will be downloaded
[1/2/2007 1:05:58] Module: TEXT Source: winwks\en\ Destination: C:\Program Files\AntiVir PersonalEdition Classic\ Files: 3
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/avwin.chm MD5:fb63a670ea1d14d5657baa4977c40d76
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avwin.chm MD5:c6bb00c8b469e4a56af9ce63ffd32e7f
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/eula.txt MD5:996badf965b116c548f8bf4073944187
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\eula.txt MD5:996badf965b116c548f8bf4073944187
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/classic-nt/readme.txt MD5:7d1712991034e515535649825f13b705
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\readme.txt MD5:eb27eb1f3143bcc731feb6b42de72878
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] Module: VDF Source: vdf\ Destination: C:\Program Files\AntiVir PersonalEdition Classic\ Files: 4
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/vdf/antivir0.vdf v6.35.0.1 MD5:9c092f21a7d5c2b44e0a24ab4111ede2
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\antivir0.vdf v6.35.0.1 MD5:9c092f21a7d5c2b44e0a24ab4111ede2
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/vdf/antivir1.vdf v6.36.1.24 MD5:39fbf3242cf563285c7a8f4b0e74e4f8
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\antivir1.vdf v6.36.0.9 MD5:4f5f8afdc8e469292b36ba138841c1c0
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/vdf/antivir2.vdf v6.37.0.89 MD5:1754a18e973b51356802b592b50d74b0
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\antivir2.vdf v6.36.0.10 MD5:9e7054089be544dfd9b2bca019f0b257
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/vdf/antivir3.vdf v6.37.0.90 MD5:ee648d705e696264f4924eca0fe41070
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\antivir3.vdf v6.36.0.11 MD5:89a1126fa4ba3929d8873fd5d36ed0dc
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\AntiVir PersonalEdition Classic\ Files: 1
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/engine/nt/avrep.dll v6.37.0.5 MD5:a82c969504ff88a8eb2cabd412d8ec0b
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avrep.dll v6.36.0.3 MD5:089e3f104b6e33578ea2e1e33aaa1e9a
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] Module: ENGINE Source: engine\ Destination: C:\Program Files\AntiVir PersonalEdition Classic\ Files: 2
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/engine/avewin32.dll v7.3.0.21 MD5:90a5805676fe59a64f1159a38f349c62
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avewin32.dll v7.2.0.14 MD5:719331f7b9ca1813fa41fcf72b031d97
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/engine/unacev2.dll v2.6.0.0 MD5:906b369ae6a36c05bc46768643b13724
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\unacev2.dll v2.6.0.0 MD5:906b369ae6a36c05bc46768643b13724
[1/2/2007 1:05:58] File doesn't need update
[1/2/2007 1:05:58] Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\AntiVir PersonalEdition Classic\ Files: 2
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/engine/nt/avpack32.dll v7.2.0.5 MD5:3beeb7af9333baf76d284d6aa0421eef
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avpack32.dll v7.2.0.0 MD5:e9bd596a76dc5a51bfa560953fea6834
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/engine/nt/en/avcmd.exe v7.3.0.13 MD5:741a9f63c5b43627390aa025c89d3801
[1/2/2007 1:05:58] Local file: C:\Program Files\AntiVir PersonalEdition Classic\avcmd.exe v7.2.0.14 MD5:5cb6e041ff541f7fd4faa3d084782914
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 2
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/xp/avgntdd.sys v6.37.0.2 MD5:c2ddeb111e8bf2867513a0ab45542860
[1/2/2007 1:05:58] Local file: C:\WINDOWS\SYSTEM32\drivers\avgntdd.sys v6.33.1.4 MD5:5401d102a0c3f732328614d160ad14d0
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] File in the internet: http://dl7.avgate.net/upd/winwks/en/basic-nt/xp/avgntmgr.sys v6.37.1.1 MD5:322d46f3b809681b594064f452c97f12
[1/2/2007 1:05:58] Local file: C:\WINDOWS\SYSTEM32\drivers\avgntmgr.sys v6.32.1.3 MD5:7c34276bae78aa48476cda2d60e053de
[1/2/2007 1:05:58] File needs update
[1/2/2007 1:05:58] [INFO] [PLG] Minifilter is not installed
[1/2/2007 1:05:58] [INFO] [PLG] Reading registry value successful: Software\H+BEDV\AntiVir PersonalEdition Classic V 7 | FilterType
[1/2/2007 1:05:58] File basic-nt/xp/avgntflt.sys which was recognized as modified, must not be updated
[1/2/2007 1:05:58] File basic-nt/avgio.sys which was recognized as modified, must not be updated
[1/2/2007 1:05:58] [INFO] [PLG] Initialize avnotify.exe
[1/2/2007 1:05:58] Preparing to download files
[1/2/2007 1:05:58] 74 files need to be downloaded / copied from http://dl7.avgate.net/upd/
[1/2/2007 1:05:58] #1: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/scewxml.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/scewxml.dll
[1/2/2007 1:05:59] #2: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-...date_msg.avr.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/update_msg.avr
[1/2/2007 1:05:59] #3: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/updgui.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/updgui.dll
[1/2/2007 1:06:01] #4: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/updguirc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/updguirc.dll
[1/2/2007 1:06:01] #5: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/updlib.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/updlib.dll
[1/2/2007 1:06:02] #6: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/updlibrc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/updlibrc.dll
[1/2/2007 1:06:03] #7: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classi.../antivir.oem.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/antivir.oem
[1/2/2007 1:06:03] #8: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classi.../rcimage.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/rcimage.dll
[1/2/2007 1:06:07] #9: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/rctext.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/rctext.dll
[1/2/2007 1:06:08] #10: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avcenter.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avcenter.exe
[1/2/2007 1:06:09] #11: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avconfig.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avconfig.exe
[1/2/2007 1:06:10] #12: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avevtlog.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avevtlog.dll
[1/2/2007 1:06:10] #13: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avgcmxp.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avgcmxp.dll
[1/2/2007 1:06:11] #14: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avgnt.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avgnt.exe
[1/2/2007 1:06:13] #15: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avguard.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avguard.exe
[1/2/2007 1:06:15] #16: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avnotify.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avnotify.dll
[1/2/2007 1:06:16] #17: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avnotify.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avnotify.exe
[1/2/2007 1:06:16] #18: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avpref.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avpref.dll
[1/2/2007 1:06:17] #19: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avreg.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avreg.dll
[1/2/2007 1:06:17] #20: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avscan.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avscan.dll
[1/2/2007 1:06:18] #21: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avscan.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avscan.exe
[1/2/2007 1:06:19] #22: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avwinll.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/avwinll.dll
[1/2/2007 1:06:19] #23: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccev.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccev.dll
[1/2/2007 1:06:21] #24: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccevrc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccevrc.dll
[1/2/2007 1:06:21] #25: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccgen.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccgen.dll
[1/2/2007 1:06:22] #26: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccgenrc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccgenrc.dll
[1/2/2007 1:06:23] #27: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccguard.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccguard.dll
[1/2/2007 1:06:25] #28: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/cclic.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/cclic.dll
[1/2/2007 1:06:26] #29: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/cclicrc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/cclicrc.dll
[1/2/2007 1:06:26] #30: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccmainrc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccmainrc.dll
[1/2/2007 1:06:27] #31: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccprofil.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccprofil.dll
[1/2/2007 1:06:29] #32: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccquamgr.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccquamgr.dll
[1/2/2007 1:06:31] #33: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccquarc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccquarc.dll
[1/2/2007 1:06:31] #34: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccreporc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccreporc.dll
[1/2/2007 1:06:32] #35: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccreport.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccreport.dll
[1/2/2007 1:06:33] #36: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccscanrc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccscanrc.dll
[1/2/2007 1:06:33] #37: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccsched.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccsched.dll
[1/2/2007 1:06:36] #38: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccscherc.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccscherc.dll
[1/2/2007 1:06:36] #39: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccupdate.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/ccupdate.dll
[1/2/2007 1:06:37] #40: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/guardgui.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/guardgui.exe
[1/2/2007 1:06:38] #41: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/guardmsg.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/guardmsg.dll
[1/2/2007 1:06:38] #42: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/licmgr.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/licmgr.dll
[1/2/2007 1:06:39] #43: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/licmgr.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/licmgr.exe
[1/2/2007 1:06:39] #44: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/luke.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/luke.dll
[1/2/2007 1:06:40] #45: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/lukeres.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/lukeres.dll
[1/2/2007 1:06:41] #46: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/sched.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/sched.exe
[1/2/2007 1:06:41] #47: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/schedr.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/schedr.dll
[1/2/2007 1:06:42] #48: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/setup.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/setup.dll
[1/2/2007 1:06:42] #49: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/setup.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/setup.exe
[1/2/2007 1:06:44] #50: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/smtplib.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/smtplib.dll
[1/2/2007 1:06:44] #51: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/sqlite3.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/sqlite3.dll
[1/2/2007 1:06:45] #52: Downloading and extracting Back to top'> Back to top

#8 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 01 January 2007 - 12:12 PM

[1/2/2007 1:06:46] #53: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classi...lldrives.avp.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/alldrives.avp
[1/2/2007 1:06:46] #54: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/build.dat.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/build.dat
[1/2/2007 1:06:47] #55: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classi...guardevt.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/guardevt.dll
[1/2/2007 1:06:48] #56: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/hbedv.key.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/hbedv.key
[1/2/2007 1:06:48] #57: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/mydocs.avp.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/mydocs.avp
[1/2/2007 1:06:49] #58: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classi.../process.avp.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/process.avp
[1/2/2007 1:06:50] #59: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/rchelp.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/rchelp.dll
[1/2/2007 1:06:50] #60: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classi.../rmdiscs.avp.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/rmdiscs.avp
[1/2/2007 1:06:51] #61: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classi...setupprf.dat.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/setupprf.dat
[1/2/2007 1:06:51] #62: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/sysdir.avp.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/sysdir.avp
[1/2/2007 1:06:52] #63: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-...dr_file.html.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\basic-nt/addr_file.html
[1/2/2007 1:06:52] #64: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/avwin.chm.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/avwin.chm
[1/2/2007 1:06:57] #65: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/readme.txt.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\winwks\en\classic-nt/readme.txt
[1/2/2007 1:06:58] #66: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\vdf\antivir1.vdf
[1/2/2007 1:07:14] #67: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\vdf\antivir2.vdf
[1/2/2007 1:07:23] #68: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\vdf\antivir3.vdf
[1/2/2007 1:07:24] #69: Downloading and extracting http://dl7.avgate.net/upd/engine/nt/avrep.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\engine\nt\avrep.dll
[1/2/2007 1:07:26] #70: Downloading and extracting http://dl7.avgate.net/upd/engine/avewin32.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\engine\avewin32.dll
[1/2/2007 1:07:32] #71: Downloading and extracting http://dl7.avgate.net/upd/engine/nt/avpack32.dll.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\engine\nt\avpack32.dll
[1/2/2007 1:07:34] #72: Downloading and extracting http://dl7.avgate.net/upd/engine/nt/en/avcmd.exe.gz to C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\Update\AVUPDATE_45993f6b\engine\nt\en/avcmd.exe
[1/2/2007 1:07:34] There was a problem updating from the specified server: Connection failed while downloading the file http://dl7.avgate.net/upd/engine/nt/en/avcmd.exe.gz.
[1/2/2007 1:07:34] Switching to next update server
[1/2/2007 1:07:35] Master IDX file has changed
[1/2/2007 1:07:35] File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:07:35] File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:07:35] File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:07:35] File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:07:35] File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
[1/2/2007 1:07:35] Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
[1/2/2007 1:07:38] [ERROR] [PLG] During validation of the internet data occurs an error. Error: -5
[1/2/2007 1:07:38] Critical error: During validation of the internet data occurs an error.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:55 PM

Posted 01 January 2007 - 02:06 PM

Hi,

The reaon why I gave you a link to upload logs previously is because when logs are huge, as in this case, they won't fit in one reply..

Reboot your computer and try to update again.

If that doesn't work, just proceed without updating.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 02 January 2007 - 09:53 AM

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 12:29:32 AM 1/2/2007

Listing files found while scanning....

C:\WINDOWS\System32\vtstr.dll
C:\WINDOWS\System32\rtstv.ini
C:\WINDOWS\System32\rtstv.bak1
C:\WINDOWS\System32\rtstv.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\System32\vtstr.dll
C:\WINDOWS\System32\vtstr.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtstv.ini
C:\WINDOWS\System32\rtstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtstv.bak1
C:\WINDOWS\System32\rtstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rtstv.bak2
C:\WINDOWS\System32\rtstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjjkkl.dll
C:\WINDOWS\system32\ljjjkkl.dll Has been deleted!

Performing Repairs to the registry.
Done!


Owner - 07-01-02 22:43:14.06 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-02 to 2007-01-02 ))))))))))))))))))))))))))))))))))


2007-01-02 17:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Template
2007-01-02 00:53 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2007-01-02 00:53 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-01-02 00:53 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-01-02 00:53 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-01-02 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-01-02 00:29 <DIR> d-------- C:\VundoFix Backups
2007-01-01 14:12 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2007-01-01 13:09 <DIR> d-------- C:\WINDOWS\pss
2007-01-01 12:51 <DIR> d-------- C:\SDFix
2007-01-01 11:50 <DIR> d-------- C:\Program Files\HijackThis
2007-01-01 02:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-01 02:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-01 02:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-01 01:57 <DIR> d-------- C:\WINDOWS\system32\bits
2007-01-01 01:55 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-01-01 01:55 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-01-01 01:55 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-01-01 01:55 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-01 01:55 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2007-01-01 00:46 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-01 00:46 <DIR> d-------- C:\Program Files\Zone Labs
2007-01-01 00:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-01 00:17 0 --a------ C:\WINDOWS\system32\Windows-spyware.exe
2006-12-31 20:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-31 19:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-12-31 19:13 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-28 22:37 81,684 --a------ C:\WINDOWS\system32\hnnpjbaa.dll
2006-12-26 11:44 8,460 --a------ C:\WINDOWS\sorp.exe
2006-12-22 16:00 22,541 --a------ C:\WINDOWS\system32\gebxyvs.dll
2006-12-19 18:34 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-12-19 18:32 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-19 18:32 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-19 18:32 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-12-19 18:32 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-19 18:32 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-19 17:58 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-12-19 14:53 75,544 --a------ C:\WINDOWS\system32\cdm.dll
2006-12-19 14:53 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-12-19 14:53 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-19 14:53 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-19 14:53 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-19 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-16 19:24 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-12-16 19:24 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-12-16 19:24 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-12-16 19:24 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-12-16 19:23 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-12-16 19:23 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-12-16 19:21 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-12-16 19:21 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\kbdnec.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-12-16 19:21 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-12-16 19:21 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-12-16 19:21 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-12-16 19:19 72,192 --a------ C:\WINDOWS\system32\uniime.dll
2006-12-16 19:19 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-12-16 19:18 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-12-16 19:18 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-12-16 19:18 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-12-16 19:18 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-12-16 19:18 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-12-16 19:18 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-12-16 19:18 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-12-16 13:07 25,088 --a------ C:\WINDOWS\system32\CoInst.dll
2006-12-16 13:04 <DIR> dr-h----- C:\Documents and Settings\Owner\Recent
2006-12-16 13:03 <DIR> dr-hs---- C:\cmdcons
2006-12-16 13:00 27,648 -ra------ C:\WINDOWS\system32\GsiDi32.dll
2006-12-16 12:54 81,920 --a------ C:\WINDOWS\system32\ps2.bat
2006-12-16 12:54 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-12-16 12:54 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2006-12-16 12:54 14,112 --a------ C:\WINDOWS\system32\drivers\PS2.sys
2006-12-16 12:52 86,912 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2006-12-16 12:52 218,112 --a------ C:\WINDOWS\system32\sbe.dll
2006-12-16 12:52 155,648 --a------ C:\WINDOWS\system32\encdec.dll
2006-12-16 12:51 732,672 --a------ C:\WINDOWS\system32\ir50_32.dll
2006-12-16 12:51 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2006-12-16 12:51 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2006-12-16 12:51 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2006-12-16 12:51 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2006-12-16 12:41 50,816 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2006-12-16 12:41 50,176 --a------ C:\WINDOWS\ALCXMNTR.EXE
2006-12-16 12:41 4,595,712 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-12-16 12:35 <DIR> d--hs---- C:\found.000
2006-12-15 15:02 <DIR> d-------- C:\Program Files\Microsoft
2006-12-14 22:13 136 --a------ C:\WINDOWS\system32\guktq.bat
2006-12-14 13:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Help
2006-12-14 13:51 98,304 --------- C:\WINDOWS\system32\gspnDll.dll
2006-12-14 13:51 90,112 --------- C:\WINDOWS\system32\gsicon.exe
2006-12-14 13:51 26,985 --a------ C:\WINDOWS\system32\drivers\gafwload.sys
2006-12-14 13:51 250,692 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2006-12-14 13:51 24,576 --a------ C:\WINDOWS\system32\delaySpawn.exe
2006-12-14 13:51 16,384 --------- C:\WINDOWS\system32\dslagent.exe
2006-12-14 13:51 102,400 --------- C:\WINDOWS\system32\instDll.dll
2006-12-07 19:02 <DIR> d-------- C:\Program Files\Photo Pos Pro
2006-12-07 17:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-02 00:46 -------- d-------- C:\Program Files\Common Files
2007-01-02 00:43 -------- d-------- C:\Program Files\Norton AntiVirus
2006-12-31 23:59 -------- d-------- C:\Program Files\MUSICMATCH
2006-12-31 23:58 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-31 23:58 -------- d-------- C:\Program Files\Easy Internet signup
2006-12-31 21:51 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-31 21:43 -------- d-------- C:\Program Files\Messenger
2006-12-31 21:43 -------- d-------- C:\Program Files\Internet Explorer
2006-12-17 03:19 -------- d-------- C:\Program Files\Windows NT
2006-12-17 03:19 -------- d-------- C:\Program Files\Windows Media Player
2006-12-17 03:19 -------- d-------- C:\Program Files\Outlook Express
2006-12-17 03:19 -------- d-------- C:\Program Files\NetMeeting
2006-12-17 03:19 -------- d-------- C:\Program Files\Movie Maker
2006-12-17 03:18 -------- d-------- C:\Program Files\Common Files\System
2006-12-17 03:18 -------- d-------- C:\Program Files\Common Files\Services
2006-12-16 15:06 77824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-12-16 15:06 5632 --a------ C:\WINDOWS\system32\write.exe
2006-12-16 15:06 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe
2006-12-16 15:06 31232 --a------ C:\WINDOWS\system32\wpabaln.exe
2006-12-16 15:06 29184 --a------ C:\WINDOWS\system32\wpnpinst.exe
2006-12-16 15:06 28160 --a------ C:\WINDOWS\system32\xcopy.exe
2006-12-16 15:06 266752 --a------ C:\WINDOWS\winhlp32.exe
2006-12-16 15:06 25600 --a------ C:\WINDOWS\twunk_32.exe
2006-12-16 15:06 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-16 15:06 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-12-16 15:06 118784 --a------ C:\WINDOWS\system32\wscript.exe
2006-12-16 15:05 98304 --a------ C:\WINDOWS\system32\verifier.exe
2006-12-16 15:05 9216 --a------ C:\WINDOWS\system32\subst.exe
2006-12-16 15:05 8192 --a------ C:\WINDOWS\system32\winhlp32.exe
2006-12-16 15:05 77824 --a------ C:\WINDOWS\system32\usrmlnka.exe
2006-12-16 15:05 71168 --a------ C:\WINDOWS\system32\telnet.exe
2006-12-16 15:05 69632 --a------ C:\WINDOWS\system32\usrshuta.exe
2006-12-16 15:05 667648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-12-16 15:05 638976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-12-16 15:05 61440 --a------ C:\WINDOWS\system32\usrprbda.exe
2006-12-16 15:05 60416 --a------ C:\WINDOWS\system32\wextract.exe
2006-12-16 15:05 569344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-12-16 15:05 51200 --a------ C:\WINDOWS\system32\syncapp.exe
2006-12-16 15:05 49664 --a------ C:\WINDOWS\system32\w32tm.exe
2006-12-16 15:05 47616 --a------ C:\WINDOWS\system32\utilman.exe
2006-12-16 15:05 43008 --a------ C:\WINDOWS\system32\ssmypics.scr
2006-12-16 15:05 414720 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-12-16 15:05 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-16 15:05 4096 --a------ C:\WINDOWS\system32\winver.exe
2006-12-16 15:05 4096 --a------ C:\WINDOWS\system32\unlodctr.exe
2006-12-16 15:05 36864 --a------ C:\WINDOWS\system32\syskey.exe
2006-12-16 15:05 364544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-12-16 15:05 33792 --a------ C:\WINDOWS\system32\vssadmin.exe
2006-12-16 15:05 31744 --a------ C:\WINDOWS\system32\tracert6.exe
2006-12-16 15:05 3072 --a------ C:\WINDOWS\system32\systray.exe
2006-12-16 15:05 275456 --a------ C:\WINDOWS\system32\vssvc.exe
2006-12-16 15:05 22016 --a------ C:\WINDOWS\system32\userinit.exe
2006-12-16 15:05 20480 --a------ C:\WINDOWS\system32\stimon.exe
2006-12-16 15:05 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe
2006-12-16 15:05 19456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-12-16 15:05 18944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-12-16 15:05 17408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-12-16 15:05 171520 --a------ C:\WINDOWS\system32\wjview.exe
2006-12-16 15:05 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-12-16 15:05 16896 --a------ C:\WINDOWS\system32\tftp.exe
2006-12-16 15:05 16384 --a------ C:\WINDOWS\system32\ups.exe
2006-12-16 15:05 16384 --a------ C:\WINDOWS\system32\tskill.exe
2006-12-16 15:05 15360 --a------ C:\WINDOWS\system32\taskman.exe
2006-12-16 15:05 14848 --a------ C:\WINDOWS\system32\upnpcont.exe
2006-12-16 15:05 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-12-16 15:05 14848 --a------ C:\WINDOWS\system32\tscon.exe
2006-12-16 15:05 13312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-12-16 15:05 128512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-12-16 15:05 12288 --a------ C:\WINDOWS\system32\tcmsetup.exe
2006-12-16 15:05 119808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-16 15:05 11776 --a------ C:\WINDOWS\system32\winmsd.exe
2006-12-16 15:05 10752 --a------ C:\WINDOWS\system32\tracert.exe
2006-12-16 15:05 103936 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-12-16 15:04 9728 --a------ C:\WINDOWS\system32\sfc.exe
2006-12-16 15:04 9728 --a------ C:\WINDOWS\system32\reset.exe
2006-12-16 15:04 9728 --a------ C:\WINDOWS\system32\regsvr32.exe
2006-12-16 15:04 93184 --a------ C:\WINDOWS\system32\scardsvr.exe
2006-12-16 15:04 82944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-12-16 15:04 81920 --a------ C:\WINDOWS\system32\ps2.EXE
2006-12-16 15:04 8192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-12-16 15:04 74240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-12-16 15:04 7168 --a------ C:\WINDOWS\system32\recover.exe
2006-12-16 15:04 71168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-12-16 15:04 69632 --a------ C:\WINDOWS\system32\shrpubw.exe
2006-12-16 15:04 69632 --a------ C:\WINDOWS\system32\S3uninst.exe
2006-12-16 15:04 66048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-12-16 15:04 61952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-16 15:04 56832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-16 15:04 54272 --a------ C:\WINDOWS\system32\rasphone.exe
2006-12-16 15:04 534016 --a------ C:\WINDOWS\system32\spider.exe
2006-12-16 15:04 49152 --a------ C:\WINDOWS\system32\rsmui.exe
2006-12-16 15:04 49152 --a------ C:\WINDOWS\system32\rsm.exe
2006-12-16 15:04 48128 --a------ C:\WINDOWS\system32\reg.exe
2006-12-16 15:04 4608 --a------ C:\WINDOWS\system32\regwiz.exe
2006-12-16 15:04 45056 --a------ C:\WINDOWS\system32\proquota.exe
2006-12-16 15:04 44032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-16 15:04 3584 --a------ C:\WINDOWS\system32\regedt32.exe
2006-12-16 15:04 34304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-12-16 15:04 33792 --a------ C:\WINDOWS\system32\regini.exe
2006-12-16 15:04 33280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-12-16 15:04 31232 --a------ C:\WINDOWS\system32\sc.exe
2006-12-16 15:04 28672 --a------ C:\WINDOWS\system32\sethc.exe
2006-12-16 15:04 25600 --a------ C:\WINDOWS\system32\routemon.exe
2006-12-16 15:04 24576 --a------ C:\WINDOWS\system32\rsmsink.exe
2006-12-16 15:04 24064 --a------ C:\WINDOWS\system32\skeys.exe
2006-12-16 15:04 23552 --a------ C:\WINDOWS\system32\sort.exe
2006-12-16 15:04 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-12-16 15:04 20992 --a------ C:\WINDOWS\system32\setup.exe
2006-12-16 15:04 19968 --a------ C:\WINDOWS\system32\route.exe
2006-12-16 15:04 19968 --a------ C:\WINDOWS\system32\rcp.exe
2006-12-16 15:04 19456 --a------ C:\WINDOWS\system32\savedump.exe
2006-12-16 15:04 18432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-16 15:04 17920 --a------ C:\WINDOWS\system32\shutdown.exe
2006-12-16 15:04 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-12-16 15:04 16384 --a------ C:\WINDOWS\system32\runas.exe
2006-12-16 15:04 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-12-16 15:04 14848 --a------ C:\WINDOWS\system32\shadow.exe
2006-12-16 15:04 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-16 15:04 13312 --a------ C:\WINDOWS\system32\rsh.exe
2006-12-16 15:04 132608 --a------ C:\WINDOWS\system32\rsvp.exe
2006-12-16 15:04 129024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-16 15:04 12800 --a------ C:\WINDOWS\system32\runonce.exe
2006-12-16 15:04 12800 --a------ C:\WINDOWS\system32\replace.exe
2006-12-16 15:04 124416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-16 15:04 12288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-16 15:04 11776 --a------ C:\WINDOWS\system32\rexec.exe
2006-12-16 15:04 11776 --a------ C:\WINDOWS\system32\rasautou.exe
2006-12-16 15:04 11264 --a------ C:\WINDOWS\system32\rasdial.exe
2006-12-16 15:03 9728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-16 15:03 9216 --a------ C:\WINDOWS\system32\print.exe
2006-12-16 15:03 82944 --a------ C:\WINDOWS\system32\netsh.exe
2006-12-16 15:03 71680 --a------ C:\WINDOWS\system32\nslookup.exe
2006-12-16 15:03 6656 --a------ C:\WINDOWS\system32\msswchx.exe
2006-12-16 15:03 66048 --a------ C:\WINDOWS\system32\notepad.exe
2006-12-16 15:03 53248 --a------ C:\WINDOWS\system32\packager.exe
2006-12-16 15:03 53248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-12-16 15:03 51200 --a------ C:\WINDOWS\system32\narrator.exe
2006-12-16 15:03 4096 --a------ C:\WINDOWS\system32\nddeapir.exe
2006-12-16 15:03 40448 --a------ C:\WINDOWS\system32\osuninst.exe
2006-12-16 15:03 395776 --a------ C:\WINDOWS\system32\ntvdm.exe
2006-12-16 15:03 39424 --a------ C:\WINDOWS\system32\net.exe
2006-12-16 15:03 388608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-16 15:03 339968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-16 15:03 33280 --a------ C:\WINDOWS\system32\ping6.exe
2006-12-16 15:03 32768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-12-16 15:03 326656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-12-16 15:03 323584 --a------ C:\WINDOWS\system32\nwiz.exe
2006-12-16 15:03 31744 --a------ C:\WINDOWS\system32\ntsd.exe
2006-12-16 15:03 30720 --a------ C:\WINDOWS\system32\netstat.exe
2006-12-16 15:03 24576 --a------ C:\WINDOWS\system32\PosGlblInfo2.exe
2006-12-16 15:03 24064 --a------ C:\WINDOWS\system32\mshta.exe
2006-12-16 15:03 21504 --a------ C:\WINDOWS\system32\pathping.exe
2006-12-16 15:03 212480 --a------ C:\WINDOWS\system32\osk.exe
2006-12-16 15:03 20992 --a------ C:\WINDOWS\system32\msg.exe
2006-12-16 15:03 205824 --a------ C:\WINDOWS\system32\progman.exe
2006-12-16 15:03 20480 --a------ C:\WINDOWS\system32\nbtstat.exe
2006-12-16 15:03 16384 --a------ C:\WINDOWS\system32\ping.exe
2006-12-16 15:03 15360 --a------ C:\WINDOWS\system32\pentnt.exe
2006-12-16 15:03 14336 --a------ C:\WINDOWS\system32\perfmon.exe
2006-12-16 15:03 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-16 15:03 115200 --a------ C:\WINDOWS\system32\net1.exe
2006-12-16 15:03 105984 --a------ C:\WINDOWS\system32\netdde.exe
2006-12-16 15:02 9728 --a------ C:\WINDOWS\system32\label.exe
2006-12-16 15:02 90112 --a------ C:\WINDOWS\system32\igfxext.exe
2006-12-16 15:02 8192 --a------ C:\WINDOWS\system32\mountvol.exe
2006-12-16 15:02 8192 --a------ C:\WINDOWS\system32\lpr.exe
2006-12-16 15:02 81408 --a------ C:\WINDOWS\system32\logagent.exe
2006-12-16 15:02 79360 --a------ C:\WINDOWS\system32\makecab.exe
2006-12-16 15:02 774144 --a------ C:\WINDOWS\system32\mmc.exe
2006-12-16 15:02 68096 --a------ C:\WINDOWS\system32\locator.exe
2006-12-16 15:02 67584 --a------ C:\WINDOWS\system32\magnify.exe
2006-12-16 15:02 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-16 15:02 6144 --a------ C:\WINDOWS\system32\lpq.exe
2006-12-16 15:02 60928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-12-16 15:02 51712 --a------ C:\WINDOWS\system32\migpwd.exe
2006-12-16 15:02 51712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-12-16 15:02 5120 --a------ C:\WINDOWS\system32\lodctr.exe
2006-12-16 15:02 504320 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-16 15:02 487424 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-12-16 15:02 44032 --a------ C:\WINDOWS\system32\ipsec6.exe
2006-12-16 15:02 39936 --a------ C:\WINDOWS\system32\MAPISRVR.EXE
2006-12-16 15:02 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-16 15:02 29696 --a------ C:\WINDOWS\system32\lights.exe
2006-12-16 15:02 25088 --a------ C:\WINDOWS\system32\lnkstub.exe
2006-12-16 15:02 22016 --a------ C:\WINDOWS\system32\mpnotify.exe
2006-12-16 15:02 22016 --a------ C:\WINDOWS\system32\ipxroute.exe
2006-12-16 15:02 219648 --a------ C:\WINDOWS\system32\logon.scr
2006-12-16 15:02 172032 --a------ C:\WINDOWS\system32\jview.exe
2006-12-16 15:02 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-12-16 15:02 15360 --a------ C:\WINDOWS\system32\logoff.exe
2006-12-16 15:02 151552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2006-12-16 15:02 14848 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-16 15:02 135680 --a------ C:\WINDOWS\system32\mobsync.exe
2006-12-16 15:02 12800 --a------ C:\WINDOWS\system32\mrinfo.exe
2006-12-16 15:02 123904 --a------ C:\WINDOWS\system32\imapi.exe
2006-12-16 15:02 116736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-16 15:01 99840 --a------ C:\WINDOWS\system32\iexpress.exe
2006-12-16 15:01 937984 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-12-16 15:01 9216 --a------ C:\WINDOWS\system32\finger.exe
2006-12-16 15:01 9216 --a------ C:\WINDOWS\system32\find.exe
2006-12-16 15:01 9216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-12-16 15:01 8704 --a------ C:\WINDOWS\system32\eventvwr.exe
2006-12-16 15:01 80896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-12-16 15:01 77824 --a------ C:\WINDOWS\system32\hphipm11.exe
2006-12-16 15:01 7680 --a------ C:\WINDOWS\system32\hostname.exe
2006-12-16 15:01 7168 --a------ C:\WINDOWS\system32\forcedos.exe
2006-12-16 15:01 56320 --a------ C:\WINDOWS\system32\fsutil.exe
2006-12-16 15:01 55296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-16 15:01 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2006-12-16 15:01 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe
2006-12-16 15:01 44544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-12-16 15:01 40960 --a------ C:\WINDOWS\system32\extrac32.exe
2006-12-16 15:01 40448 --a------ C:\WINDOWS\system32\ftp.exe
2006-12-16 15:01 39424 --a------ C:\WINDOWS\system32\esentutl.exe
2006-12-16 15:01 37888 --a------ C:\WINDOWS\system32\grpconv.exe
2006-12-16 15:01 348160 --a------ C:\WINDOWS\system32\hphmon04.exe
2006-12-16 15:01 3072 --a------ C:\WINDOWS\system32\fixmapi.exe
2006-12-16 15:01 28672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-12-16 15:01 28160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-12-16 15:01 25088 --a------ C:\WINDOWS\system32\findstr.exe
2006-12-16 15:01 250368 --a------ C:\WINDOWS\system32\fxssvc.exe
2006-12-16 15:01 249856 --a------ C:\WINDOWS\system32\hphsav04.exe
2006-12-16 15:01 216064 --a------ C:\WINDOWS\system32\fxscover.exe
2006-12-16 15:01 19456 --a------ C:\WINDOWS\system32\fontview.exe
2006-12-16 15:01 180224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-12-16 15:01 178688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-12-16 15:01 16896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-12-16 15:01 15872 --a------ C:\WINDOWS\system32\expand.exe
2006-12-16 15:01 15872 --a------ C:\WINDOWS\system32\dvdupgrd.exe
2006-12-16 15:01 14848 --a------ C:\WINDOWS\system32\help.exe
2006-12-16 15:01 14848 --a------ C:\WINDOWS\system32\fc.exe
2006-12-16 15:01 14336 --a------ C:\WINDOWS\system32\dmremote.exe
2006-12-16 15:01 1323008 --a------ C:\WINDOWS\system32\dmcpl.exe
2006-12-16 15:01 130048 --a------ C:\WINDOWS\system32\fxsclnt.exe
2006-12-16 15:01 114688 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-12-16 15:01 11264 --a------ C:\WINDOWS\system32\fxssend.exe
2006-12-16 15:01 10752 --a------ C:\WINDOWS\system32\doskey.exe
2006-12-16 15:00 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe
2006-12-16 15:00 204800 --a------ C:\WINDOWS\system32\dmadmin.exe
2006-12-16 14:56 8192 --a------ C:\WINDOWS\system32\control.exe
2006-12-16 14:56 79360 --a------ C:\WINDOWS\system32\diantz.exe
2006-12-16 14:56 76288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-12-16 14:56 70656 --a------ C:\WINDOWS\system32\defrag.exe
2006-12-16 14:56 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-12-16 14:56 27136 --a------ C:\WINDOWS\system32\ddeshare.exe
2006-12-16 14:56 24576 --a------ C:\WINDOWS\system32\conime.exe
2006-12-16 14:56 17920 --a------ C:\WINDOWS\system32\diskperf.exe
2006-12-16 14:56 145920 --a------ C:\WINDOWS\system32\diskpart.exe
2006-12-16 14:56 13824 --a------ C:\WINDOWS\system32\convert.exe
2006-12-16 14:56 13312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-12-16 14:56 102400 --a------ C:\WINDOWS\system32\cscript.exe
2006-12-16 14:55 98816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-16 14:55 61440 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-12-16 14:55 54784 --a------ C:\WINDOWS\system32\cmstp.exe
2006-12-16 14:55 49152 --a------ C:\WINDOWS\system32\clspack.exe
2006-12-16 14:55 45056 --a------ C:\WINDOWS\system32\cliconfg.exe
2006-12-16 14:55 41472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-12-16 14:55 375808 --a------ C:\WINDOWS\system32\cmd.exe
2006-12-16 14:55 35840 --a------ C:\WINDOWS\system32\cmmon32.exe
2006-12-16 14:55 30720 --a------ C:\WINDOWS\system32\clipsrv.exe
2006-12-16 14:55 17408 --a------ C:\WINDOWS\system32\compact.exe
2006-12-16 14:55 15872 --a------ C:\WINDOWS\system32\comp.exe
2006-12-16 14:54 91648 --a------ C:\WINDOWS\system32\ahui.exe
2006-12-16 14:54 8192 --a------ C:\WINDOWS\system32\cidaemon.exe
2006-12-16 14:54 80384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-16 14:54 7680 --a------ C:\WINDOWS\system32\ckcnv.exe
2006-12-16 14:54 5120 --a------ C:\WINDOWS\system32\cisvc.exe
2006-12-16 14:54 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe
2006-12-16 14:54 4608 --a------ C:\WINDOWS\system32\bootok.exe
2006-12-16 14:54 41984 --a------ C:\WINDOWS\system32\alg.exe
2006-12-16 14:54 4096 --a------ C:\WINDOWS\system32\actmovie.exe
2006-12-16 14:54 22528 --a------ C:\WINDOWS\system32\at.exe
2006-12-16 14:54 19456 --a------ C:\WINDOWS\system32\arp.exe
2006-12-16 14:54 18432 --a------ C:\WINDOWS\system32\cacls.exe
2006-12-16 14:54 179200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-16 14:54 134144 --a------ C:\WINDOWS\regedit.exe
2006-12-16 14:54 11776 --a------ C:\WINDOWS\system32\chkdsk.exe
2006-12-16 14:54 114688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-16 14:54 11264 --a------ C:\WINDOWS\system32\chkntfs.exe
2006-12-16 14:54 11264 --a------ C:\WINDOWS\system32\attrib.exe
2006-12-16 14:54 10240 --a------ C:\WINDOWS\system32\atmadm.exe
2006-12-16 14:52 306688 --a------ C:\WINDOWS\IsUninst.exe
2006-12-16 14:47 36864 --a------ C:\WINDOWS\hpfsched.exe
2006-12-16 14:47 10752 --a------ C:\WINDOWS\hh.exe
2006-12-16 14:45 90112 -ra------ C:\WINDOWS\bwUnin-6.2.3.66.exe
2006-12-16 13:59 66048 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-12-16 13:54 31744 --------- C:\WINDOWS\system32\rundll32.exe
2006-12-16 13:48 346624 --a------ C:\WINDOWS\system32\tourstart.exe
2006-11-16 18:56 -------- d-------- C:\Program Files\Common Files\Designer
2006-11-16 18:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
2006-11-15 21:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2006-11-15 18:46 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-15 18:44 -------- d-------- C:\Program Files\MSN Messenger
2006-11-14 22:39 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-11-14 22:26 -------- d-------- C:\Program Files\Prolink
2006-11-14 22:11 -------- d-------- C:\Program Files\SiSLan


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"hp Silent Service"="C:\\Windows\\system32\\HpSrvUI.exe"
"hpScannerFirstBoot"="c:\\hp\\drivers\\scanners\\scannerfb.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"GSICONEXE"="GSICON.EXE"
"DSLAGENTEXE"="dslagent.exe USB"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows LoL Layer"="pmlggi.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Windows LoL Layer"="pmlggi.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{499E2510-82A5-40A2-BF5E-4D375A4B48B1}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 07-01-02 22:44:09.93
C:\ComboFix.txt ... 07-01-02 22:44
C:\ComboFix2.txt ... 07-01-01 21:29
C:\ComboFix3.txt ... 07-01-01 21:12


Logfile of HijackThis v1.99.1
Scan saved at 10:45:13 PM, on 1/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {499E2510-82A5-40A2-BF5E-4D375A4B48B1} - C:\WINDOWS\System32\ljjjkkl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\aqwfenfx.dll (file missing)
O2 - BHO: (no name) - {BF2463F4-DAF3-4BD7-AE46-41B47D92A91E} - C:\WINDOWS\System32\vtstr.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166510998890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166523873281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#11 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 02 January 2007 - 09:56 AM

I've submitted the Avira log.

Sorry for the previous lengthy post!

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:55 PM

Posted 02 January 2007 - 10:22 AM

Hello,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {499E2510-82A5-40A2-BF5E-4D375A4B48B1} - C:\WINDOWS\System32\ljjjkkl.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\aqwfenfx.dll (file missing)
O2 - BHO: (no name) - {BF2463F4-DAF3-4BD7-AE46-41B47D92A91E} - C:\WINDOWS\System32\vtstr.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Go to start > run and copy and paste next commands one by one in the field and hit enter after every command:

sc stop oreans32

sc delete oreans32

Delete next files:

C:\WINDOWS\system32\Windows-spyware.exe
C:\WINDOWS\system32\hnnpjbaa.dll
C:\WINDOWS\system32\gebxyvs.dll
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\guktq.bat

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows LoL Layer"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Windows LoL Layer"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{499E2510-82A5-40A2-BF5E-4D375A4B48B1}"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\sorp.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in notepad, because I need the results afterwards.

I also want to know if the files are properly disinfected, so upload next legit files as well at Virustotal (I picked them randomly from your combofix log):

C:\WINDOWS\system32\attrib.exe

C:\Windows\Regedit.exe

Post the results from Virustotal in your next reply together with a new Hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 02 January 2007 - 10:54 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:53:16 PM, on 1/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg8.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166510998890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166523873281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DBED2D-83E5-4AB6-821E-BE19EFF54243}: NameServer = 165.21.100.88 165.21.83.88
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


STATUS: FINISHEDComplete scanning result of "sorp.exe", received in VirusTotal at 01.02.2007, 16:39:19 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 HEUR/Crypted
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.02.2007 no virus found
BitDefender 7.2 01.02.2007 no virus found
CAT-QuickHeal 8.00 01.01.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.02.2007 no virus found
DrWeb 4.33 01.02.2007 no virus found
eSafe 7.0.14.0 01.02.2007 Win32.Polipos.sus
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.01.2007 no virus found
Fortinet 2.82.0.0 01.02.2007 suspicious
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 generic
Ikarus T3.1.0.27 01.02.2007 Trojan-Downloader.Win32.Zlob.and
Kaspersky 4.0.2.24 01.02.2007 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 01.02.2007 no virus found
NOD32v2 1952 01.02.2007 no virus found
Norman 5.80.02 12.31.2007 W32/Suspicious_U.gen
Panda 9.0.0.4 01.01.2007 Suspicious file
Prevx1 V2 01.02.2007 no virus found
Sophos 4.13.0 01.02.2007 Mal/Packer
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious
TheHacker 6.0.3.141 01.01.2007 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 01.01.2007 no virus found
VirusBuster 4.3.19:9 01.02.2007 novirus:Packed/Upack


Aditional Information
File size: 8460 bytes
MD5: 7fe82a5d80945ab8f6aceecacdb41a1d
SHA1: 815d9096ea31d9f41a983563493f8aae96bee8e5
packers: UPACK, PEPACK
packers: UPack, PE-Pack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


STATUS: FINISHEDComplete scanning result of "attrib.exe", received in VirusTotal at 01.02.2007, 16:43:49 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.02.2007 no virus found
BitDefender 7.2 01.02.2007 no virus found
CAT-QuickHeal 8.00 01.01.2007 no virus found
ClamAV devel-20060426 01.02.2007 no virus found
DrWeb 4.33 01.02.2007 no virus found
eSafe 7.0.14.0 01.02.2007 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.01.2007 no virus found
Fortinet 2.82.0.0 01.02.2007 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 01.02.2007 no virus found
Kaspersky 4.0.2.24 01.02.2007 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 01.02.2007 no virus found
NOD32v2 1952 01.02.2007 no virus found
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.01.2007 no virus found
Prevx1 V2 01.02.2007 no virus found
Sophos 4.13.0 01.02.2007 no virus found
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious
TheHacker 6.0.3.141 01.01.2007 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 01.01.2007 no virus found
VirusBuster 4.3.19:9 01.02.2007 no virus found


Aditional Information
File size: 11264 bytes
MD5: 91a66ca624b21a6bdf4d9b9755a058b0
SHA1: 93fad82ec0c07c0227efa13c8edbc16ceed574a5
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


STATUS: FINISHEDComplete scanning result of "regedit.exe", received in VirusTotal at 01.02.2007, 16:50:08 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.02.2007 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.02.2007 no virus found
BitDefender 7.2 01.02.2007 no virus found
CAT-QuickHeal 8.00 01.01.2007 no virus found
ClamAV devel-20060426 01.02.2007 no virus found
DrWeb 4.33 01.02.2007 no virus found
eSafe 7.0.14.0 01.02.2007 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.01.2007 no virus found
Fortinet 2.82.0.0 01.02.2007 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 01.02.2007 no virus found
Kaspersky 4.0.2.24 01.02.2007 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 01.02.2007 no virus found
NOD32v2 1952 01.02.2007 no virus found
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.01.2007 no virus found
Prevx1 V2 01.02.2007 no virus found
Sophos 4.13.0 01.02.2007 no virus found
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious
TheHacker 6.0.3.141 01.01.2007 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 01.01.2007 no virus found
VirusBuster 4.3.19:9 01.02.2007 no virus found


Aditional Information
File size: 134144 bytes
MD5: 17811fa5c985977cfebe460d9f20d991
SHA1: 84bb6561383a24e613764fc2fa33d7d28771f080
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:55 PM

Posted 02 January 2007 - 11:00 AM

Hello,

Delete next file:

C:\Windows\sorp.exe

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file, select it and click ok:

C:\Windows\System32\attrib.exe

Then click the Send File button below.
Perform the same for next file:

C:\Windows\regedit.exe

This because I am still not sure if they are clean or not. Maybe no scanners are flagging it yet, however, sunbelt reports it as VIPRE.Suspicious , so we have to be sure here.
I'll send the files to the Vendors and ask for their opinion. I'll let you know afterwards.

Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 beepbeep

beepbeep
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 03 January 2007 - 05:37 AM

Uploaded the two files. :thumbsup:

The computer restarted itself several times at startup yesterday and I got a couple of windows stop messages as well. It also restarted a few times in the middle of scanning with Avira. For today, I only experienced it twice at the startup.

This happened after I installed Avira. Any relations?

Other than that, I don't remember getting any major problems... Things are running much smoother than it used to. :D

Edited by beepbeep, 03 January 2007 - 05:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users