Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win Fixer 2005/Win Antivirus Pro help


  • Please log in to reply

#1
Spartans1399

Spartans1399

    Member

  • Member
  • PipPip
  • 22 posts
Help. I have been infected by that [bleep] Win Fixer 2005 popup. I have tried the steps posted in other forums but it hasn't seemed to help. I downloaded hijackthis (and saved it in a new folder). Here is the log from that:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:02 PM, on 9/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\alg.exe
c:\program files\Musicmatch\Musicmatch Update\MMUpdateMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44236B1A-F8AB-4051-9F62-EA7D4BDD7DB8}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

I don't know what else to do. Please help!

Thanks - Mike
  • 0

Advertisements


#2
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

Let me take a look, I will post a reply in a few minutes...

rstones12
  • 0

#3
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

Welcome to the GTG Forums, I will be reviewing your HJT log.
Please read "ALL" of the instructions before proceeding:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This process will take a few steps, please take your time and follow the directions in the order posted.
If you don't understand something please ask before performing any task..


Please download VundoFix.exe and save it to your desktop.
  • Double-click VundoFix.exe to extract the files.
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    It should look like this

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk
    Please seek assistance at one of the following forums:
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net


  • At this point press enter one time.

  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.


  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\awtqn.dll


  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.


  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\nqtwa.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • Now place a checkmark next to each of the following items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

    O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awtqn.dll

    O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll

    Now click the Fix Checked button.
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic. by using Add Reply

Thanks,
rstones12
  • 0

#4
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have downloaded VundoFix and when I click on KillVundo.bat in safe mode nothing happens.
  • 0

#5
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

Please try and run the KillVundo.bat in Normal Mode, then proceed with the rest of the instructions as outlined.

Thanks,
rstones12
  • 0

#6
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have also tried running the KillVundo in normal mode and nothing happens. I even deleted Vundo, reinstalled, and I still got nothing. Any other advice? I don't know why it wouldn't work.
  • 0

#7
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399

OK lets do this.

Go to your C:\WINDOWS\system32\Repair\ folder, copy autoexec.nt and paste it into your C:\WINDOWS\system32\ folder.

Then use the instructions for the fix in SafeMode again...

Thanks,
rstones12
  • 0

#8
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I tried to follow your instructions as best I could (sorry it took so long). I still got the WinFixer popup while fixing. Here are the requested files:

Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 8:36:12 PM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44236B1A-F8AB-4051-9F62-EA7D4BDD7DB8}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Active Scan::

Incident Status Location

Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\awtqn.dll
Spyware:spyware/virtumonde No disinfected Windows Registry
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\ddabx.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\awtqn.dll
Spyware:Spyware/Virtumonde No disinfected C:\hijackthis\backups\backup-20050929-203745-314.dll
Bitdefender:

//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 29/09/2005 20:51:41
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\WINDOWS\system32\
Folders : 300
Files : 5794
Archives : 18
Packed files : 256
Identified viruses : 0
Infected files : 0
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 10
Scan time : 00:03:42
Scan speed (files/sec) : 26

Virus definitions : 213764
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Scanned files

C:\=>Master Boot Record 80 OK
C:\=>Partition Boot 1 (primary) (active) OK
C:\WINDOWS\system32\config\userdiff OK
C:\WINDOWS\system32\config\system.LOG OK
C:\WINDOWS\system32\config\software.LOG OK
C:\WINDOWS\system32\config\default.LOG OK
C:\WINDOWS\system32\config\userdiff.LOG OK
C:\WINDOWS\system32\config\TempKey.LOG OK
C:\WINDOWS\system32\config\system.sav OK
C:\WINDOWS\system32\config\software.sav OK
C:\WINDOWS\system32\config\default.sav OK
C:\WINDOWS\system32\config\SAM.LOG OK
C:\WINDOWS\system32\config\SECURITY.LOG OK
C:\WINDOWS\system32\config\AppEvent.Evt OK
C:\WINDOWS\system32\config\SecEvent.Evt OK
C:\WINDOWS\system32\config\SysEvent.Evt OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CJKOG2RJ\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\42LDTVWI\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0VA165EF\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M5GF2TC1\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpg OK
C:\WINDOWS\system32\config\systemprofile\Templates\quattro.wb2 OK
C:\WINDOWS\system32\config\systemprofile\Templates\sndrec.wav OK
C:\WINDOWS\system32\config\systemprofile\Templates\winword.doc OK
C:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc OK
C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpd OK
C:\WINDOWS\system32\config\systemprofile\Templates\amipro.sam OK
C:\WINDOWS\system32\config\systemprofile\Templates\excel.xls OK
C:\WINDOWS\system32\config\systemprofile\Templates\excel4.xls OK
C:\WINDOWS\system32\config\systemprofile\Templates\lotus.wk4 OK
C:\WINDOWS\system32\config\systemprofile\Templates\powerpnt.ppt OK
C:\WINDOWS\system32\config\systemprofile\Templates\presenta.shw OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk=>C:\WINDOWS\system32\narrator.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk=>C:\WINDOWS\system32\magnify.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk=>C:\WINDOWS\system32\osk.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk=>C:\WINDOWS\system32\utilman.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk=>C:\WINDOWS\system32\notepad.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk=>C:\WINDOWS\system32\mobsync.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk=>C:\WINDOWS\system32\tourstart.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk=>C:\WINDOWS\explorer.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk=>C:\WINDOWS\system32\cmd.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk=>C:\WINDOWS\system32\rcimlby.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk=>C:\Program Files\Windows Media Player\wmplayer.exe OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Desktop (create shortcut).DeskLink OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Mail Recipient.MAPIMail OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Compressed (zipped) Folder.ZFSendToTarget OK
C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt OK
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Shared\MyProfile.UserProfile OK
C:\WINDOWS\system32\config\systemprofile\ntuser.dat OK
C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG OK
C:\WINDOWS\system32\config\DEFAULT OK
C:\WINDOWS\system32\config\SECURITY OK
C:\WINDOWS\system32\config\SOFTWARE OK
C:\WINDOWS\system32\config\SYSTEM OK
C:\WINDOWS\system32\config\SAM OK
C:\WINDOWS\system32\drivers\etc\lmhosts.sam OK
C:\WINDOWS\system32\drivers\etc\networks OK
C:\WINDOWS\system32\drivers\etc\protocol OK
C:\WINDOWS\system32\drivers\etc\services OK
C:\WINDOWS\system32\drivers\etc\hosts OK
C:\WINDOWS\system32\drivers\etc\hosts.ics OK
C:\WINDOWS\system32\drivers\wmilib.sys OK
C:\WINDOWS\system32\drivers\wdmaud.sys OK
C:\WINDOWS\system32\drivers\ipnat.sys OK
C:\WINDOWS\system32\drivers\ntmtlfax.sys OK
C:\WINDOWS\system32\drivers\dmboot.sys OK
C:\WINDOWS\system32\drivers\dmload.sys OK
C:\WINDOWS\system32\drivers\ftdisk.sys OK
C:\WINDOWS\system32\drivers\NVENET.sys OK
C:\WINDOWS\system32\drivers\nvax.sys OK
C:\WINDOWS\system32\drivers\mouclass.sys OK
C:\WINDOWS\system32\drivers\mpe.sys OK
C:\WINDOWS\system32\drivers\tcpip6.sys OK
C:\WINDOWS\system32\drivers\NPDRIVER.SYS OK
C:\WINDOWS\system32\drivers\SYMEVENT.SYS OK
C:\WINDOWS\system32\drivers\jedih2rx.bin OK
C:\WINDOWS\system32\drivers\msdv.sys OK
C:\WINDOWS\system32\drivers\ramsed.bin OK
C:\WINDOWS\system32\drivers\jedireg.pat OK
C:\WINDOWS\system32\drivers\nmnt.sys OK
C:\WINDOWS\system32\drivers\partmgr.sys OK
C:\WINDOWS\system32\drivers\videoprt.sys OK
C:\WINDOWS\system32\drivers\portcls.sys OK
C:\WINDOWS\system32\drivers\atapi.sys OK
C:\WINDOWS\system32\drivers\asyncmac.sys OK
C:\WINDOWS\system32\drivers\mf.sys OK
C:\WINDOWS\system32\drivers\fastfat.sys OK
C:\WINDOWS\system32\drivers\pci.sys OK
C:\WINDOWS\system32\drivers\streamip.sys OK
C:\WINDOWS\system32\drivers\pcmcia.sys OK
C:\WINDOWS\system32\drivers\dmio.sys OK
C:\WINDOWS\system32\drivers\msgpc.sys OK
C:\WINDOWS\system32\drivers\ndistapi.sys OK
C:\WINDOWS\system32\drivers\nvarm.sys OK
C:\WINDOWS\system32\drivers\rasl2tp.sys OK
C:\WINDOWS\system32\drivers\nvmcp.sys OK
C:\WINDOWS\system32\drivers\nvapu.sys OK
C:\WINDOWS\system32\drivers\msfs.sys OK
C:\WINDOWS\system32\drivers\ptilink.sys OK
C:\WINDOWS\system32\drivers\raspti.sys OK
C:\WINDOWS\system32\drivers\tcpip.sys OK
C:\WINDOWS\system32\drivers\ndproxy.sys OK
C:\WINDOWS\system32\drivers\sr.sys OK
C:\WINDOWS\system32\drivers\raspppoe.sys OK
C:\WINDOWS\system32\drivers\cdaudio.sys OK
C:\WINDOWS\system32\drivers\fs_rec.sys OK
C:\WINDOWS\system32\drivers\null.sys OK
C:\WINDOWS\system32\drivers\beep.sys OK
C:\WINDOWS\system32\drivers\ipfilter.sys OK
C:\WINDOWS\system32\drivers\rdpcdd.sys OK
C:\WINDOWS\system32\drivers\rasacd.sys OK
C:\WINDOWS\system32\drivers\netbios.sys OK
C:\WINDOWS\system32\drivers\nabtsfec.sys OK
C:\WINDOWS\system32\drivers\ndisip.sys OK
C:\WINDOWS\system32\drivers\volsnap.sys OK
C:\WINDOWS\system32\drivers\dxapi.sys OK
C:\WINDOWS\system32\drivers\fips.sys OK
C:\WINDOWS\system32\drivers\kmixer.sys OK
C:\WINDOWS\system32\drivers\mskssrv.sys OK
C:\WINDOWS\system32\drivers\dxgthk.sys OK
C:\WINDOWS\system32\drivers\mspqm.sys OK
C:\WINDOWS\system32\drivers\parvdm.sys OK
C:\WINDOWS\system32\drivers\rdpwd.sys OK
C:\WINDOWS\system32\drivers\atmlane.sys OK
C:\WINDOWS\system32\drivers\ndis.sys OK
C:\WINDOWS\system32\drivers\sfloppy.sys OK
C:\WINDOWS\system32\drivers\mup.sys OK
C:\WINDOWS\system32\drivers\bridge.sys OK
C:\WINDOWS\system32\drivers\arp1394.sys OK
C:\WINDOWS\system32\drivers\pciidex.sys OK
C:\WINDOWS\system32\drivers\atmepvc.sys OK
C:\WINDOWS\system32\drivers\mspclock.sys OK
C:\WINDOWS\system32\drivers\atmuni.sys OK
C:\WINDOWS\system32\drivers\point32.sys OK
C:\WINDOWS\system32\drivers\cbidf2k.sys OK
C:\WINDOWS\system32\drivers\wstcodec.sys OK
C:\WINDOWS\system32\drivers\cinemst2.sys OK
C:\WINDOWS\system32\drivers\cpqdap01.sys OK
C:\WINDOWS\system32\drivers\mouhid.sys OK
C:\WINDOWS\system32\drivers\diskdump.sys OK
C:\WINDOWS\system32\drivers\usb8023x.sys OK
C:\WINDOWS\system32\drivers\gm.dls OK
C:\WINDOWS\system32\drivers\gmreadme.txt OK
C:\WINDOWS\system32\drivers\ipfltdrv.sys OK
C:\WINDOWS\system32\drivers\imapi.sys OK
C:\WINDOWS\system32\drivers\usb8023.sys OK
C:\WINDOWS\system32\drivers\mcd.sys OK
C:\WINDOWS\system32\drivers\ksecdd.sys OK
C:\WINDOWS\system32\drivers\usbintel.sys OK
C:\WINDOWS\system32\drivers\usbohci.sys OK
C:\WINDOWS\system32\drivers\nikedrv.sys OK
C:\WINDOWS\system32\drivers\nv_agp.SYS OK
C:\WINDOWS\system32\drivers\smbali.sys OK
C:\WINDOWS\system32\drivers\nwlnkflt.sys OK
C:\WINDOWS\system32\drivers\nwlnkfwd.sys OK
C:\WINDOWS\system32\drivers\ntfs.sys OK
C:\WINDOWS\system32\drivers\nwlnknb.sys OK
C:\WINDOWS\system32\drivers\nwlnkspx.sys OK
C:\WINDOWS\system32\drivers\amdagp.sys OK
C:\WINDOWS\system32\drivers\mountmgr.sys OK
C:\WINDOWS\system32\drivers\rawwan.sys OK
C:\WINDOWS\system32\drivers\rio8drv.sys OK
C:\WINDOWS\system32\drivers\riodrv.sys OK
C:\WINDOWS\system32\drivers\srv.sys OK
C:\WINDOWS\system32\drivers\RMCast.sys OK
C:\WINDOWS\system32\drivers\redbook.sys OK
C:\WINDOWS\system32\drivers\rootmdm.sys OK
C:\WINDOWS\system32\drivers\mrxdav.sys OK
C:\WINDOWS\system32\drivers\scsiport.sys OK
C:\WINDOWS\system32\drivers\smclib.sys OK
C:\WINDOWS\system32\drivers\StMp3Rec.sys OK
C:\WINDOWS\system32\drivers\IR800r.sys OK
C:\WINDOWS\system32\drivers\tosdvd.sys OK
C:\WINDOWS\system32\drivers\tsbvcap.sys OK
C:\WINDOWS\system32\drivers\modem.sys OK
C:\WINDOWS\system32\drivers\update.sys OK
C:\WINDOWS\system32\drivers\usbcamd.sys OK
C:\WINDOWS\system32\drivers\usbcamd2.sys OK
C:\WINDOWS\system32\drivers\vdmindvd.sys OK
C:\WINDOWS\system32\drivers\ws2ifsl.sys OK
C:\WINDOWS\system32\drivers\udfs.sys OK
C:\WINDOWS\system32\drivers\mnmdd.sys OK
C:\WINDOWS\system32\drivers\fsvga.sys OK
C:\WINDOWS\system32\drivers\wanarp.sys OK
C:\WINDOWS\system32\drivers\vga.sys OK
C:\WINDOWS\system32\drivers\isapnp.sys OK
C:\WINDOWS\system32\drivers\usbstor.sys OK
C:\WINDOWS\system32\drivers\acpiec.sys OK
C:\WINDOWS\system32\drivers\oprghdlr.sys OK
C:\WINDOWS\system32\drivers\usbscan.sys OK
C:\WINDOWS\system32\drivers\usbport.sys OK
C:\WINDOWS\system32\drivers\usbhub.sys OK
C:\WINDOWS\system32\drivers\termdd.sys OK
C:\WINDOWS\system32\drivers\hidclass.sys OK
C:\WINDOWS\system32\drivers\usbd.sys OK
C:\WINDOWS\system32\drivers\tdtcp.sys OK
C:\WINDOWS\system32\drivers\tdpipe.sys OK
C:\WINDOWS\system32\drivers\tdi.sys OK
C:\WINDOWS\system32\drivers\tape.sys OK
C:\WINDOWS\system32\drivers\sysaudio.sys OK
C:\WINDOWS\system32\drivers\ipsec.sys OK
C:\WINDOWS\system32\drivers\swenum.sys OK
C:\WINDOWS\system32\drivers\splitter.sys OK
C:\WINDOWS\system32\drivers\sonydcam.sys OK
C:\WINDOWS\system32\drivers\slip.sys OK
C:\WINDOWS\system32\drivers\serial.sys OK
C:\WINDOWS\system32\drivers\audstub.sys OK
C:\WINDOWS\system32\drivers\serenum.sys OK
C:\WINDOWS\system32\drivers\secdrv.sys OK
C:\WINDOWS\system32\drivers\rtl8139.sys OK
C:\WINDOWS\system32\drivers\rndismp.sys OK
C:\WINDOWS\system32\drivers\rdpdr.sys OK
C:\WINDOWS\system32\drivers\http.sys OK
C:\WINDOWS\system32\drivers\raspptp.sys OK
C:\WINDOWS\system32\drivers\psched.sys OK
C:\WINDOWS\system32\drivers\processr.sys OK
C:\WINDOWS\system32\drivers\stream.sys OK
C:\WINDOWS\system32\drivers\drmk.sys OK
C:\WINDOWS\system32\drivers\parport.sys OK
C:\WINDOWS\system32\drivers\p3.sys OK
C:\WINDOWS\system32\drivers\nwlnkipx.sys OK
C:\WINDOWS\system32\drivers\npfs.sys OK
C:\WINDOWS\system32\drivers\nic1394.sys OK
C:\WINDOWS\system32\drivers\netbt.sys OK
C:\WINDOWS\system32\drivers\NVTUNEP.SYS OK
C:\WINDOWS\system32\drivers\ndiswan.sys OK
C:\WINDOWS\system32\drivers\ndisuio.sys OK
C:\WINDOWS\system32\drivers\NVTVSND.SYS OK
C:\WINDOWS\system32\drivers\mstee.sys OK
C:\WINDOWS\system32\drivers\kbdclass.sys OK
C:\WINDOWS\system32\drivers\NVXBAR.SYS OK
C:\WINDOWS\system32\drivers\irenum.sys OK
C:\WINDOWS\system32\drivers\mrxsmb.sys OK
C:\WINDOWS\system32\drivers\NVCAP.SYS OK
C:\WINDOWS\system32\drivers\ipinip.sys OK
C:\WINDOWS\system32\drivers\i8042prt.sys OK
C:\WINDOWS\system32\drivers\hidparse.sys OK
C:\WINDOWS\system32\drivers\flpydisk.sys OK
C:\WINDOWS\system32\drivers\fdc.sys OK
C:\WINDOWS\system32\drivers\dxg.sys OK
C:\WINDOWS\system32\drivers\rdbss.sys OK
C:\WINDOWS\system32\drivers\wpdusb.sys OK
C:\WINDOWS\system32\drivers\nv4_mini.sys OK
C:\WINDOWS\system32\drivers\drmkaud.sys OK
C:\WINDOWS\system32\drivers\ks.sys OK
C:\WINDOWS\system32\drivers\DMusic.sys OK
C:\WINDOWS\system32\drivers\disk.sys OK
C:\WINDOWS\system32\drivers\crusoe.sys OK
C:\WINDOWS\system32\drivers\classpnp.sys OK
C:\WINDOWS\system32\drivers\cdrom.sys OK
C:\WINDOWS\system32\drivers\cdfs.sys OK
C:\WINDOWS\system32\drivers\ccdecode.sys OK
C:\WINDOWS\system32\drivers\bdasup.sys OK
C:\WINDOWS\system32\drivers\atmarpc.sys OK
C:\WINDOWS\system32\drivers\amdk6.sys OK
C:\WINDOWS\system32\drivers\afd.sys OK
C:\WINDOWS\system32\drivers\aec.sys OK
C:\WINDOWS\system32\drivers\acpi.sys OK
C:\WINDOWS\system32\drivers\nwrdr.sys OK
C:\WINDOWS\system32\drivers\mqac.sys OK
C:\WINDOWS\system32\drivers\watv10nt.sys OK
C:\WINDOWS\system32\drivers\watv06nt.sys OK
C:\WINDOWS\system32\drivers\wadv11nt.sys OK
C:\WINDOWS\system32\drivers\wadv09nt.sys OK
C:\WINDOWS\system32\drivers\wadv08nt.sys OK
C:\WINDOWS\system32\drivers\wadv07nt.sys OK
C:\WINDOWS\system32\drivers\wacompen.sys OK
C:\WINDOWS\system32\drivers\viaagp.sys OK
C:\WINDOWS\system32\drivers\vchnt5.dll OK
C:\WINDOWS\system32\drivers\usbvideo.sys OK
C:\WINDOWS\system32\drivers\usbehci.sys OK
C:\WINDOWS\system32\drivers\uagp35.sys OK
C:\WINDOWS\system32\drivers\tunmp.sys OK
C:\WINDOWS\system32\drivers\slwdmsup.sys OK
C:\WINDOWS\system32\drivers\slnthal.sys OK
C:\WINDOWS\system32\drivers\slntamr.sys OK
C:\WINDOWS\system32\drivers\slnt7554.sys OK
C:\WINDOWS\system32\drivers\sisagp.sys OK
C:\WINDOWS\system32\drivers\siint5.dll OK
C:\WINDOWS\system32\drivers\sffp_sd.sys OK
C:\WINDOWS\system32\drivers\sffdisk.sys OK
C:\WINDOWS\system32\drivers\sdbus.sys OK
C:\WINDOWS\system32\drivers\s3gnbm.sys OK
C:\WINDOWS\system32\drivers\rndismpx.sys OK
C:\WINDOWS\system32\drivers\rfcomm.sys OK
C:\WINDOWS\system32\drivers\recagent.sys OK
C:\WINDOWS\system32\drivers\mutohpen.sys OK
C:\WINDOWS\system32\drivers\mtxparhm.sys OK
C:\WINDOWS\system32\drivers\mtlstrm.sys OK
C:\WINDOWS\system32\drivers\mtlmnt5.sys OK
C:\WINDOWS\system32\drivers\mssmbios.sys OK
C:\WINDOWS\system32\drivers\mdmxsdk.sys OK
C:\WINDOWS\system32\drivers\ip6fw.sys OK
C:\WINDOWS\system32\drivers\intelppm.sys OK
C:\WINDOWS\system32\drivers\pciide.sys OK
C:\WINDOWS\system32\drivers\hsfdpsp2.sys OK
C:\WINDOWS\system32\drivers\hsfcxts2.sys OK
C:\WINDOWS\system32\drivers\hsfbs2s2.sys OK
C:\WINDOWS\system32\drivers\hidir.sys OK
C:\WINDOWS\system32\drivers\hidbth.sys OK
C:\WINDOWS\system32\drivers\gagp30kx.sys OK
C:\WINDOWS\system32\drivers\fltmgr.sys OK
C:\WINDOWS\system32\drivers\cxthsfs2.cty OK
C:\WINDOWS\system32\drivers\ch7xxnt5.dll OK
C:\WINDOWS\system32\drivers\bthusb.sys OK
C:\WINDOWS\system32\drivers\bthprint.sys OK
C:\WINDOWS\system32\drivers\bthport.sys OK
C:\WINDOWS\system32\drivers\bthpan.sys OK
C:\WINDOWS\system32\drivers\bthmodem.sys OK
C:\WINDOWS\system32\drivers\bthenum.sys OK
C:\WINDOWS\system32\drivers\atv10nt5.dll OK
C:\WINDOWS\system32\drivers\atv06nt5.dll OK
C:\WINDOWS\system32\drivers\atv04nt5.dll OK
C:\WINDOWS\system32\drivers\atv02nt5.dll OK
C:\WINDOWS\system32\drivers\atv01nt5.dll OK
C:\WINDOWS\system32\drivers\ativmc20.cod OK
C:\WINDOWS\system32\drivers\atinxsxx.sys OK
C:\WINDOWS\system32\drivers\atinxbxx.sys OK
C:\WINDOWS\system32\drivers\atintuxx.sys OK
C:\WINDOWS\system32\drivers\atinttxx.sys OK
C:\WINDOWS\system32\drivers\atinsnxx.sys OK
C:\WINDOWS\system32\drivers\atinrvxx.sys OK
C:\WINDOWS\system32\drivers\atinraxx.sys OK
C:\WINDOWS\system32\drivers\atinpdxx.sys OK
C:\WINDOWS\system32\drivers\atinmdxx.sys OK
C:\WINDOWS\system32\drivers\atinbtxx.sys OK
C:\WINDOWS\system32\drivers\ati2mtag.sys OK
C:\WINDOWS\system32\drivers\ati2mtaa.sys OK
C:\WINDOWS\system32\drivers\ati1xsxx.sys OK
C:\WINDOWS\system32\drivers\ati1xbxx.sys OK
C:\WINDOWS\system32\drivers\ati1tuxx.sys OK
C:\WINDOWS\system32\drivers\ati1ttxx.sys OK
C:\WINDOWS\system32\drivers\ati1snxx.sys OK
C:\WINDOWS\system32\drivers\ati1rvxx.sys OK
C:\WINDOWS\system32\drivers\ati1raxx.sys OK
C:\WINDOWS\system32\drivers\ati1pdxx.sys OK
C:\WINDOWS\system32\drivers\ati1mdxx.sys OK
C:\WINDOWS\system32\drivers\ati1btxx.sys OK
C:\WINDOWS\system32\drivers\amdk7.sys OK
C:\WINDOWS\system32\drivers\alim1541.sys OK
C:\WINDOWS\system32\drivers\agpcpq.sys OK
C:\WINDOWS\system32\drivers\agp440.sys OK
C:\WINDOWS\system32\drivers\adv11nt5.dll OK
C:\WINDOWS\system32\drivers\adv09nt5.dll OK
C:\WINDOWS\system32\drivers\adv08nt5.dll OK
C:\WINDOWS\system32\drivers\adv07nt5.dll OK
C:\WINDOWS\system32\drivers\swmidi.sys OK
C:\WINDOWS\system32\drivers\adv05nt5.dll OK
C:\WINDOWS\system32\drivers\adv02nt5.dll OK
C:\WINDOWS\system32\drivers\adv01nt5.dll OK
C:\WINDOWS\system32\drivers\irbus.sys OK
C:\WINDOWS\system32\drivers\FlashSys.sys OK
C:\WINDOWS\system32\drivers\netwlan5.img OK
C:\WINDOWS\system32\drivers\hidusb.sys OK
C:\WINDOWS\system32\drivers\MxlW2k.sys OK
C:\WINDOWS\system32\ras\cis.scp OK
C:\WINDOWS\system32\ras\pad.inf OK
C:\WINDOWS\system32\ras\pppmenu.scp OK
C:\WINDOWS\system32\ras\slip.scp OK
C:\WINDOWS\system32\ras\slipmenu.scp OK
C:\WINDOWS\system32\ras\switch.inf OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\EPST400.GPD OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.HLP OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\ESCP2RES.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\STDNAMES.GPD OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNB4300.GPD OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNB4300.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJ.INI OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJDRV.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJDRC.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJUI.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJGRC.GPD OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNB4300.BUD OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMDR12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUI12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCP12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCH12.HLP OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMD112.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUR12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMRW12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMRH12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSR12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMIN12.INI OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCH12.CNT OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPI12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUB12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMOP12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSB12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMMH12.HLP OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMMH12.CNT OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP012.DAT OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP112.DAT OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP212.DAT OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMFU12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\EPST400.BUD OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMDR12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMD112.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMUI12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMUR12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMRW12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMRH12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMSR12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMIN12.INI OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMCH12.HLP OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMCH12.CNT OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMPI12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMCP12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMUB12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMOP12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMSB12.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMMH12.HLP OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMMH12.CNT OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMP012.DAT OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMP112.DAT OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMP212.DAT OK
C:\WINDOWS\system32\spool\drivers\w32x86\canonbjc_4300773c\CNMFU12.DLL OK
C:\WINDOWS\system32\spool\drivers\color\adod6522.icm OK
C:\WINDOWS\system32\spool\drivers\color\appd6518.icm OK
C:\WINDOWS\system32\spool\drivers\color\Diamond Compatible 9300K G2.2.icm OK
C:\WINDOWS\system32\spool\drivers\color\Hitachi Compatible 9300K G2.2.icm OK
C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm OK
C:\WINDOWS\system32\spool\drivers\color\NEC Compatible 9300K G2.2.icm OK
C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm OK
C:\WINDOWS\system32\spool\drivers\color\Trinitron Compatible 9300K G2.2.icm OK
C:\WINDOWS\system32\spool\drivers\color\is330.icm OK
C:\WINDOWS\system32\spool\drivers\color\CNB43BE3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43BEA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43FD3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43FE3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43FEA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43FF3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43FFA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43GD3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43GE3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43GEA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43GF3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43GFA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43GP3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43GS3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43HD3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43HE3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43HEA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43HF3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43HFA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43HP3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43HS3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43PD3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43PE3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43PEA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43PF3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43PFA.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43PP3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNB43PS3.ICM OK
C:\WINDOWS\system32\spool\drivers\color\CNBSTD.ICM OK
C:\WINDOWS\system32\spool\drivers\color\NKMonitor_Win.icm OK
C:\WINDOWS\system32\spool\drivers\color\CNBJPRN.ICM OK
C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD12.DLL OK
C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP12.DLL OK
C:\WINDOWS\system32\Setup\comsetup.dll OK
C:\WINDOWS\system32\Setup\imsinsnt.dll OK
C:\WINDOWS\system32\Setup\msdtcstp.dll OK
C:\WINDOWS\system32\Setup\zoneoc.dll OK
C:\WINDOWS\system32\Setup\fsconins.dll OK
C:\WINDOWS\system32\Setup\netfxocm.dll OK
C:\WINDOWS\system32\Setup\tsoc.dll OK
C:\WINDOWS\system32\Setup\setupqry.dll OK
C:\WINDOWS\system32\Setup\ocmsn.dll OK
C:\WINDOWS\system32\Setup\ocgen.dll OK
C:\WINDOWS\system32\Setup\ntoc.dll OK
C:\WINDOWS\system32\Setup\netoc.dll OK
C:\WINDOWS\system32\Setup\msgrocm.dll OK
C:\WINDOWS\system32\Setup\iis.dll OK
C:\WINDOWS\system32\Setup\fxsocm.dll OK
C:\WINDOWS\system32\Setup\fp40ext.dll OK
C:\WINDOWS\system32\Setup\msmqocm.dll OK
C:\WINDOWS\system32\Setup\tabletoc.dll OK
C:\WINDOWS\system32\Setup\medctroc.dll OK
C:\WINDOWS\system32\wbem\mof\good\msioff10.mof OK
C:\WINDOWS\system32\wbem\xml\cim20.dtd OK
C:\WINDOWS\system32\wbem\xml\wmi20.dtd OK
C:\WINDOWS\system32\wbem\xml\wmi2xml.dll OK
C:\WINDOWS\system32\wbem\dgnet.mof OK
C:\WINDOWS\system32\wbem\evntrprv.mof OK
C:\WINDOWS\system32\wbem\CmdEvTgProv.mof OK
C:\WINDOWS\system32\wbem\hnetcfg.mof OK
C:\WINDOWS\system32\wbem\ieinfo5.mof OK
C:\WINDOWS\system32\wbem\rsop.mfl OK
C:\WINDOWS\system32\wbem\rsop.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\scersop.mof OK
C:\WINDOWS\system32\wbem\sr.mof OK
C:\WINDOWS\system32\wbem\whqlprov.mof OK
C:\WINDOWS\system32\wbem\dsprov.dll OK
C:\WINDOWS\system32\wbem\fwdprov.dll OK
C:\WINDOWS\system32\wbem\htable-sortby.xsl OK
C:\WINDOWS\system32\wbem\msiprov.dll OK
C:\WINDOWS\system32\wbem\smtpcons.dll OK
C:\WINDOWS\system32\wbem\texttablewsys.xsl OK
C:\WINDOWS\system32\wbem\tmplprov.dll OK
C:\WINDOWS\system32\wbem\trnsprov.dll OK
C:\WINDOWS\system32\wbem\unsecapp.exe OK
C:\WINDOWS\system32\wbem\updprov.dll OK
C:\WINDOWS\system32\wbem\wbemads.dll OK
C:\WINDOWS\system32\wbem\wbemads.tlb OK
C:\WINDOWS\system32\wbem\wbemdisp.tlb OK
C:\WINDOWS\system32\wbem\winmgmt.exe OK
C:\WINDOWS\system32\wbem\winmgmtr.dll OK
C:\WINDOWS\system32\wbem\wmiclimofformat.xsl OK
C:\WINDOWS\system32\wbem\wmiclitableformat.xsl OK
C:\WINDOWS\system32\wbem\wmiclitableformatnosys.xsl OK
C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl OK
C:\WINDOWS\system32\wbem\wmimsg.dll OK
C:\WINDOWS\system32\wbem\wmipicmp.dll OK
C:\WINDOWS\system32\wbem\wmitimep.dll OK
C:\WINDOWS\system32\wbem\dsprov.mfl OK
C:\WINDOWS\system32\wbem\dsprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\dsprov.mof OK
C:\WINDOWS\system32\wbem\dsprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fconprov.mfl OK
C:\WINDOWS\system32\wbem\fconprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\fconprov.mof OK
C:\WINDOWS\system32\wbem\fconprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fevprov.mfl OK
C:\WINDOWS\system32\wbem\fevprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\fevprov.mof OK
C:\WINDOWS\system32\wbem\fevprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.mfl OK
C:\WINDOWS\system32\wbem\krnlprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.mof OK
C:\WINDOWS\system32\wbem\krnlprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\licwmi.mfl OK
C:\WINDOWS\system32\wbem\licwmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\msi.mfl OK
C:\WINDOWS\system32\wbem\msi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\msi.mof OK
C:\WINDOWS\system32\wbem\msi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.mfl OK
C:\WINDOWS\system32\wbem\ncprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.mof OK
C:\WINDOWS\system32\wbem\ncprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.mfl OK
C:\WINDOWS\system32\wbem\ntevt.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.mof OK
C:\WINDOWS\system32\wbem\ntevt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.mfl OK
C:\WINDOWS\system32\wbem\policman.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.mof OK
C:\WINDOWS\system32\wbem\policman.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\regevent.mfl OK
C:\WINDOWS\system32\wbem\regevent.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\regevent.mof OK
C:\WINDOWS\system32\wbem\regevent.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\scm.mof OK
C:\WINDOWS\system32\wbem\scrcons.mfl OK
C:\WINDOWS\system32\wbem\scrcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\scrcons.mof OK
C:\WINDOWS\system32\wbem\scrcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\secrcw32.mfl OK
C:\WINDOWS\system32\wbem\secrcw32.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\secrcw32.mof OK
C:\WINDOWS\system32\wbem\secrcw32.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\smtpcons.mfl OK
C:\WINDOWS\system32\wbem\smtpcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\smtpcons.mof OK
C:\WINDOWS\system32\wbem\smtpcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\subscrpt.mof OK
C:\WINDOWS\system32\wbem\system.mof OK
C:\WINDOWS\system32\wbem\tmplprov.mfl OK
C:\WINDOWS\system32\wbem\tmplprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\tmplprov.mof OK
C:\WINDOWS\system32\wbem\tmplprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\trnsprov.mfl OK
C:\WINDOWS\system32\wbem\trnsprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\trnsprov.mof OK
C:\WINDOWS\system32\wbem\trnsprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\updprov.mfl OK
C:\WINDOWS\system32\wbem\updprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\updprov.mof OK
C:\WINDOWS\system32\wbem\updprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcons.mfl OK
C:\WINDOWS\system32\wbem\wbemcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcons.mof OK
C:\WINDOWS\system32\wbem\wbemcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmi.mfl OK
C:\WINDOWS\system32\wbem\wmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipcima.mfl OK
C:\WINDOWS\system32\wbem\wmipcima.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipcima.mof OK
C:\WINDOWS\system32\wbem\wmipcima.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipdskq.mfl OK
C:\WINDOWS\system32\wbem\wmipdskq.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipdskq.mof OK
C:\WINDOWS\system32\wbem\wmipdskq.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipicmp.mfl OK
C:\WINDOWS\system32\wbem\wmipicmp.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipicmp.mof OK
C:\WINDOWS\system32\wbem\wmipicmp.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipiprt.mfl OK
C:\WINDOWS\system32\wbem\wmipiprt.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipiprt.mof OK
C:\WINDOWS\system32\wbem\wmipiprt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipjobj.mfl OK
C:\WINDOWS\system32\wbem\wmipjobj.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipjobj.mof OK
C:\WINDOWS\system32\wbem\wmipjobj.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipsess.mfl OK
C:\WINDOWS\system32\wbem\wmipsess.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipsess.mof OK
C:\WINDOWS\system32\wbem\wmipsess.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmitimep.mfl OK
C:\WINDOWS\system32\wbem\wmitimep.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmitimep.mof OK
C:\WINDOWS\system32\wbem\wmitimep.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\Logs&
  • 0

#9
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Duplicate Post:

edit: rstones12

  • 0

#10
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I also ran Ewido and got:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:14:01 PM, 9/29/2005
+ Report-Checksum: 4095E353

+ Scan result:

C:\WINDOWS\system32\ddabx.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\system32\awtqn.dll -> Trojan.Crypt.o : Cleaned with backup
C:\hijackthis\backups\backup-20050929-203745-314.dll -> Trojan.Crypt.o : Cleaned with backup


::Report End

However, the clean did not work because when I went to post this message Ewido popped up saying I was still infected
  • 0

Advertisements


#11
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

OK,

We are going to do this first, you may some file associations that need to be fixed.

Please follow this link for the instructions:

http://www.tech-forums.net/computer/topic/29806.html

Once you have navigated to that page, please select the appropriate file that corresponds to your current Windows XP Operating System. There are two choices, Professional and Home. Then save that file to your desktop, double click on .exe file that you just saved.

Now please follow these instructions.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.13 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\awtqn.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\nqtwa.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

    O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awtqn.dll

    O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

Thanks,
rstones12
  • 0

#12
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I still can not run KillVundo.bat. I downloaded VundoFix.exe on my desktop but the .bat file will not do anything. Here is the readme file from that.

VundoFix V2.1
By Atri

www.atribune.org

This fix is for 2K and Xp machines only.

For 9x/ME machine please use dos to remove vundo

New version Release date September 1, 2005

2.12 added messaging for the missing process.exe
2.13 removed forum list

I tried replacing the awtqn.dll file from my restore folder and that also seemed to do nothing.
  • 0

#13
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

Were you able to download the file from the link below and run it??

Please follow this link for the instructions:

http://www.tech-foru...opic/29806.html


Thanks,
rstones12
  • 0

#14
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yes, the three files autoexec.nt, command.com, and config.nt all were downloaded and have overwritten my files (they are dated 08/18/01). So I should now reboot in safe mode and use Vundofix and it should work?
  • 0

#15
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Yes, go ahead and follow the latest directions for the VundoFix in SafeMode.

Thanks,
rstones12
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP