Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus.Win32.Gpcode.ak
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Virus.Win32.Gpcode.ak  
Forum Quick Jump
 
New Topic Post reply to : Virus.Win32.Gpcode.ak Printable version of : Virus.Win32.Gpcode.ak
[ << Previous Thread | Next Thread >> ]

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 4:37 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
I was surfing online today, and Avast popped up several warnings and prompts to do things with infections it found

I'm now unable to use task manager, and my computer is running VERY slowly.
I have two or three red circle icons with white x's in my taskbar that pop up messages that say something along the lines of "your computer is infected with spyware. Click here to install antivirus protection."

It's also changed my background to be a rectangle with COMPUTER INFECTED in it.

I was able to get Avast to schedule a boot-time scan, and ran that without a problem, but it didn't find any problems; however, when I booted up, the same things were happening.

While scanning using Avast while the computer is on normally, I got a Windows Security Center popup that told me that I have Virus.Win32.Gpcode.ak, and that it would encrypt my files and then delete them. The only button I would've been able to push on that popup was enable protection.

I looked up on another computer what this virus does, and it says it does exactly that.
In order to prevent that from happening, I shut down my computer and disconnected the battery.

What should I do now?

Also, I am unable to boot into safe mode; I get the blue screen of death.

There was a post by Ronnie84 that sounded like he had the same problem.
http://forum.bullguard.com/forum/10/Protection-System-Malware-Advi_78286.html

What should I do at this point?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-21-2009 7:23 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Hello durojaiyedaudi and welcome  smile
 
 
 
Go here: http://bamajim.com/
 and download File Lister.
Save it to your Desktop
Rightlick ->> Extract all ->> And extract it to your Desktop
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.
Rightclick FileLister.vbe ->>Select Open Then Open to confirm.
When the program is fnished it will produce a log for you C:\Files.txt
 
Copy and paste the contents of that log in your reply.
 
The log will be reasonably large so you may have to divide it into sections and make several posts to post it.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 7:41 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
+++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.1 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++++++++

Report ran on --->>> 10/21/2009 1:38:38 AM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\ManicTime\ManicTime.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Mitch\Application Data\seres.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Mitch\Application Data\svcst.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Mitch\LOCALS~1\Temp\yz8sa9u.exe
C:\DOCUME~1\Mitch\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\Mitch\LOCALS~1\Temp\wow64main.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\DOCUME~1\Mitch\LOCALS~1\Temp\wscsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======

BHO: (NO NAME) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

BHO: (NO NAME) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

BHO: (NO NAME) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

BHO: flashget urlcatch - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

BHO: Browser Address Error Redirector - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[NvCplDaemon] = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[nwiz] = nwiz.exe /installquiet
[NVHotkey] = rundll32.exe nvHotkey.dll,Start
[NvMediaCenter] = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[OEM02Mon.exe] = C:\WINDOWS\OEM02Mon.exe
[Broadcom Wireless Manager UI] = C:\WINDOWS\system32\WLTRAY.exe
[SigmatelSysTrayApp] = stsystra.exe
[KADxMain] = C:\WINDOWS\system32\KADxMain.exe
[ISUSPM Startup] = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[ISUSScheduler] = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[dscactivate] = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
[PCMService] = "C:\Program Files\Dell\MediaDirect\PCMService.exe"
[avast!] = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[BluetoothAuthenticationAgent] = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[DellSupportCenter] = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
[Dell QuickSet] = C:\Program Files\Dell\QuickSet\Quickset.exe
[AppleSyncNotifier] = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[NeroFilterCheck] = C:\WINDOWS\system32\NeroCheck.exe
[QuickTime Task] = "C:\Program Files\QuickTime\qttask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[winupdate.exe] = C:\WINDOWS\system32\winupdate.exe
[calc] = rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

====== HKCU\~\Run Keys ======

[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /background
[NVIDIA nTune] = "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe
[FreeRAM XP] = "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
[ManicTime] = C:\Program Files\ManicTime\ManicTime.exe /minimized /name:
[mserv] = C:\Documents and Settings\Mitch\Application Data\seres.exe
[svchost] = C:\Documents and Settings\Mitch\Application Data\svcst.exe
[calc] = rundll32.exe C:\DOCUME~1\LOCALS~1\ntuser.dll,_IWMPEvents@0
[Login Software 2009] = C:\DOCUME~1\Mitch\LOCALS~1\Temp\yz8sa9u.exe
[Yjafosi8kdf98winmdkmnkmfnwe] = C:\DOCUME~1\Mitch\LOCALS~1\Temp\smss.exe
[wow64main.exe] = C:\DOCUME~1\Mitch\LOCALS~1\Temp\wow64main.exe

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{2810EB22-763D-4D0C-9450-64BBD1758685}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{50B73828-3846-4212-9F00-28F21BEA6347}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{96518F69-7318-431B-9FCE-A421A870E13A}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A0230769-7C68-480E-BC6C-E3AB7641A695}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{ACC68595-AE66-4678-91F0-995B0AC4FCB6}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{B273D38E-8FA5-4C37-92E7-C39F19716906}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{B4339BDE-B214-454C-B2BB-B2F86A3FFE6E}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{B5E1DC6B-8F4D-42DF-8391-07C2A5A2166C}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{DC8017C8-006D-4908-95B5-B5FBDADC4C56}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{DD47A1BE-57A3-4919-AC18-2239A1FEC722}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{E13DF1DD-7976-49D4-8FBC-955003358186}\ NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{2810EB22-763D-4D0C-9450-64BBD1758685}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{50B73828-3846-4212-9F00-28F21BEA6347}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{96518F69-7318-431B-9FCE-A421A870E13A}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A0230769-7C68-480E-BC6C-E3AB7641A695}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{ACC68595-AE66-4678-91F0-995B0AC4FCB6}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{B273D38E-8FA5-4C37-92E7-C39F19716906}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{B4339BDE-B214-454C-B2BB-B2F86A3FFE6E}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{B5E1DC6B-8F4D-42DF-8391-07C2A5A2166C}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{DC8017C8-006D-4908-95B5-B5FBDADC4C56}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{DD47A1BE-57A3-4919-AC18-2239A1FEC722}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{E13DF1DD-7976-49D4-8FBC-955003358186}\ NameServer=


HKEY_LOCAL_MACHINE\CS003\~\{2810EB22-763D-4D0C-9450-64BBD1758685}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{50B73828-3846-4212-9F00-28F21BEA6347}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{96518F69-7318-431B-9FCE-A421A870E13A}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{A0230769-7C68-480E-BC6C-E3AB7641A695}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{ACC68595-AE66-4678-91F0-995B0AC4FCB6}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{B273D38E-8FA5-4C37-92E7-C39F19716906}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{B4339BDE-B214-454C-B2BB-B2F86A3FFE6E}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{B5E1DC6B-8F4D-42DF-8391-07C2A5A2166C}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{DC8017C8-006D-4908-95B5-B5FBDADC4C56}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{DD47A1BE-57A3-4919-AC18-2239A1FEC722}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{E13DF1DD-7976-49D4-8FBC-955003358186}\ NameServer=

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

9/18/2009 1:58:01 PM 4614369280 32 C:\CHARLOTTE_DISC1.ISO
10/21/2009 1:38:38 AM 0 32 C:\Files.txt
10/16/2009 10:57:49 PM 2145427456 38 C:\hiberfil.sys
10/20/2009 8:17:52 PM 53248 32 C:\ldvx.exe
9/15/2009 7:06:19 PM 637407232 32 C:\STARCRAFT.ISO
10/10/2009 3:33:23 PM 171 32 C:\Twilight.flv
10/20/2009 8:17:51 PM 27136 32 C:\vyiy.exe
9/20/2009 2:00:28 PM 645767 C:\WINDOWS\$NtUninstallWIC$
9/20/2009 2:00:28 PM 645767 C:\WINDOWS\$NtUninstallWIC$\spuninst
10/12/2009 12:56:32 AM 124788552 C:\WINDOWS\XPize
10/12/2009 12:56:32 AM 79748428 C:\WINDOWS\XPize\Backup
10/12/2009 12:56:32 AM 132482 C:\WINDOWS\XPize\Logs
10/12/2009 12:56:32 AM 43702102 C:\WINDOWS\XPize\Resources
10/12/2009 12:58:22 AM 137922 C:\WINDOWS\XPize\Resources\access.cpl
10/12/2009 12:56:55 AM 28949 C:\WINDOWS\XPize\Resources\acctres.dll
10/12/2009 12:57:50 AM 181621 C:\WINDOWS\XPize\Resources\accwiz.exe
10/12/2009 12:58:23 AM 232839 C:\WINDOWS\XPize\Resources\appwiz.cpl
10/12/2009 12:56:56 AM 10715 C:\WINDOWS\XPize\Resources\audiodev.dll
10/12/2009 12:56:56 AM 3879 C:\WINDOWS\XPize\Resources\batmeter.dll
10/12/2009 12:56:57 AM 5590 C:\WINDOWS\XPize\Resources\batt.dll
10/12/2009 12:58:47 AM 3549 C:\WINDOWS\XPize\Resources\browseui.dll
10/12/2009 12:59:13 AM 90463 C:\WINDOWS\XPize\Resources\btbigbmp.dll
10/12/2009 12:59:11 AM 517427 C:\WINDOWS\XPize\Resources\BTNeighborhood.dll
10/12/2009 12:59:12 AM 1338926 C:\WINDOWS\XPize\Resources\btrez.dll
10/12/2009 12:57:51 AM 137912 C:\WINDOWS\XPize\Resources\calc.exe
10/12/2009 12:56:58 AM 224458 C:\WINDOWS\XPize\Resources\cdfview.dll
10/12/2009 12:58:36 AM 123382 C:\WINDOWS\XPize\Resources\certmgr.dll
10/12/2009 12:58:37 AM 15262 C:\WINDOWS\XPize\Resources\ciadmin.dll
10/12/2009 12:57:52 AM 19611 C:\WINDOWS\XPize\Resources\cleanmgr.exe
10/12/2009 12:57:52 AM 5602 C:\WINDOWS\XPize\Resources\clipbrd.exe
10/12/2009 12:57:53 AM 15264 C:\WINDOWS\XPize\Resources\clipsrv.exe
10/12/2009 12:57:54 AM 137926 C:\WINDOWS\XPize\Resources\cmd.exe
10/12/2009 12:56:59 AM 97214 C:\WINDOWS\XPize\Resources\cmdial32.dll
10/12/2009 12:57:54 AM 15258 C:\WINDOWS\XPize\Resources\cmdl32.exe
10/12/2009 12:57:55 AM 15254 C:\WINDOWS\XPize\Resources\cmstp.exe
10/12/2009 12:56:59 AM 60899 C:\WINDOWS\XPize\Resources\comdlg32.dll
10/12/2009 12:58:38 AM 15254 C:\WINDOWS\XPize\Resources\comres.dll
10/12/2009 12:57:56 AM 15254 C:\WINDOWS\XPize\Resources\conime.exe
10/12/2009 12:57:00 AM 24792 C:\WINDOWS\XPize\Resources\credui.dll
10/12/2009 12:57:01 AM 72178 C:\WINDOWS\XPize\Resources\cryptui.dll
10/12/2009 12:57:56 AM 15258 C:\WINDOWS\XPize\Resources\cscript.exe
10/12/2009 12:57:02 AM 482047 C:\WINDOWS\XPize\Resources\cscui.dll
10/12/2009 12:57:57 AM 15260 C:\WINDOWS\XPize\Resources\ctfmon.exe
10/12/2009 12:58:24 AM 281873 C:\WINDOWS\XPize\Resources\desk.cpl
10/12/2009 12:57:03 AM 4462 C:\WINDOWS\XPize\Resources\deskadp.dll
10/12/2009 12:57:04 AM 4462 C:\WINDOWS\XPize\Resources\deskmon.dll
10/12/2009 12:57:04 AM 4466 C:\WINDOWS\XPize\Resources\deskperf.dll
10/12/2009 12:58:38 AM 72577 C:\WINDOWS\XPize\Resources\devmgr.dll
10/12/2009 12:58:39 AM 7548 C:\WINDOWS\XPize\Resources\dfrgres.dll
10/12/2009 12:57:05 AM 5606 C:\WINDOWS\XPize\Resources\diskcopy.dll
10/12/2009 12:58:40 AM 215715 C:\WINDOWS\XPize\Resources\dmdlgs.dll
10/12/2009 12:58:41 AM 82456 C:\WINDOWS\XPize\Resources\dmdskres.dll
10/12/2009 12:57:08 AM 112929 C:\WINDOWS\XPize\Resources\dpvoice.dll
10/12/2009 12:57:06 AM 30767 C:\WINDOWS\XPize\Resources\dskquoui.dll
10/12/2009 12:57:06 AM 69134 C:\WINDOWS\XPize\Resources\dsquery.dll
10/12/2009 12:57:07 AM 147134 C:\WINDOWS\XPize\Resources\dsuiext.dll
10/12/2009 12:57:09 AM 137922 C:\WINDOWS\XPize\Resources\dxmasf.dll
10/12/2009 12:58:42 AM 137910 C:\WINDOWS\XPize\Resources\els.dll
10/12/2009 12:57:58 AM 137930 C:\WINDOWS\XPize\Resources\eventvwr.exe
10/12/2009 12:57:58 AM 641242 C:\WINDOWS\XPize\Resources\explorer.exe
10/12/2009 12:58:42 AM 40218 C:\WINDOWS\XPize\Resources\filemgmt.dll
10/12/2009 12:57:10 AM 158401 C:\WINDOWS\XPize\Resources\fldrclnr.dll
10/12/2009 12:57:10 AM 964746 C:\WINDOWS\XPize\Resources\fontext.dll
10/12/2009 12:57:59 AM 107924 C:\WINDOWS\XPize\Resources\fsquirt.exe
10/12/2009 12:57:11 AM 172653 C:\WINDOWS\XPize\Resources\fxscfgwz.dll
10/12/2009 12:58:00 AM 15262 C:\WINDOWS\XPize\Resources\fxssend.exe
10/12/2009 12:57:12 AM 123161 C:\WINDOWS\XPize\Resources\fxswzrd.dll
10/12/2009 12:57:12 AM 65102 C:\WINDOWS\XPize\Resources\gcdef.dll
10/12/2009 12:58:24 AM 251209 C:\WINDOWS\XPize\Resources\hdwwiz.cpl
10/12/2009 12:58:01 AM 60244 C:\WINDOWS\XPize\Resources\HelpCtr.exe
10/12/2009 12:58:02 AM 137906 C:\WINDOWS\XPize\Resources\hh.exe
10/12/2009 12:57:13 AM 31253 C:\WINDOWS\XPize\Resources\hhctrlui.dll
10/12/2009 12:58:48 AM 137918 C:\WINDOWS\XPize\Resources\HMMAPI.DLL
10/12/2009 12:57:14 AM 514524 C:\WINDOWS\XPize\Resources\hnetwiz.dll
10/12/2009 12:57:15 AM 22974 C:\WINDOWS\XPize\Resources\hotplug.dll
10/12/2009 12:57:15 AM 30396 C:\WINDOWS\XPize\Resources\icmui.dll
10/12/2009 12:58:51 AM 21838 C:\WINDOWS\XPize\Resources\ieaksie.dll
10/12/2009 12:58:49 AM 1559871 C:\WINDOWS\XPize\Resources\ieframe.dll
10/12/2009 12:58:52 AM 15266 C:\WINDOWS\XPize\Resources\iernonce.dll
10/12/2009 12:58:59 AM 120203 C:\WINDOWS\XPize\Resources\iexplore.exe
10/12/2009 12:58:02 AM 43766 C:\WINDOWS\XPize\Resources\iexpress.exe
10/12/2009 12:59:00 AM 370020 C:\WINDOWS\XPize\Resources\inetcpl.cpl
10/12/2009 12:57:16 AM 71010 C:\WINDOWS\XPize\Resources\inetcplc.dll
10/12/2009 12:57:17 AM 9942 C:\WINDOWS\XPize\Resources\inetres.dll
10/12/2009 12:57:17 AM 1318 C:\WINDOWS\XPize\Resources\input.dll
10/12/2009 12:58:31 AM 137914 C:\WINDOWS\XPize\Resources\intl.cpl
10/12/2009 12:57:18 AM 5606 C:\WINDOWS\XPize\Resources\irclass.dll
10/12/2009 12:57:19 AM 33028 C:\WINDOWS\XPize\Resources\irmon.dll
10/12/2009 12:58:25 AM 275734 C:\WINDOWS\XPize\Resources\irprops.cpl
10/12/2009 12:58:32 AM 137910 C:\WINDOWS\XPize\Resources\joy.cpl
10/12/2009 12:57:19 AM 127401 C:\WINDOWS\XPize\Resources\keymgr.dll
10/12/2009 12:59:31 AM 2601841 C:\WINDOWS\XPize\Resources\logonui.exe
10/12/2009 12:58:26 AM 605877 C:\WINDOWS\XPize\Resources\main.cpl
10/12/2009 12:57:20 AM 29447 C:\WINDOWS\XPize\Resources\mapi32.dll
10/12/2009 12:57:21 AM 34513 C:\WINDOWS\XPize\Resources\mdminst.dll
10/12/2009 12:58:03 AM 326538 C:\WINDOWS\XPize\Resources\migwiz.exe
10/12/2009 12:58:43 AM 39800 C:\WINDOWS\XPize\Resources\mmc.exe
10/12/2009 12:57:21 AM 15266 C:\WINDOWS\XPize\Resources\mmcshext.dll
10/12/2009 12:58:27 AM 176104 C:\WINDOWS\XPize\Resources\mmsys.cpl
10/12/2009 12:58:04 AM 200356 C:\WINDOWS\XPize\Resources\mobsync.exe
10/12/2009 12:58:05 AM 15266 C:\WINDOWS\XPize\Resources\mplayer2.exe
10/12/2009 12:58:06 AM 15266 C:\WINDOWS\XPize\Resources\msconfig.exe
10/12/2009 12:58:06 AM 15266 C:\WINDOWS\XPize\Resources\msdtc.exe
10/12/2009 12:58:36 AM 256203 C:\WINDOWS\XPize\Resources\msdxm.ocx
10/12/2009 12:58:53 AM 118882 C:\WINDOWS\XPize\Resources\mshtml.dll
10/12/2009 12:57:22 AM 4458 C:\WINDOWS\XPize\Resources\msident.dll
10/12/2009 12:57:23 AM 184556 C:\WINDOWS\XPize\Resources\msieftp.dll
10/12/2009 12:58:07 AM 137922 C:\WINDOWS\XPize\Resources\msiexec.exe
10/12/2009 12:59:02 AM 164016 C:\WINDOWS\XPize\Resources\msimn.exe
10/12/2009 12:59:03 AM 239161 C:\WINDOWS\XPize\Resources\msoeres.dll
10/12/2009 12:57:24 AM 355739 C:\WINDOWS\XPize\Resources\msonsext.dll
10/12/2009 12:58:08 AM 206860 C:\WINDOWS\XPize\Resources\mspaint.exe
10/12/2009 12:57:25 AM 177144 C:\WINDOWS\XPize\Resources\mstask.dll
10/12/2009 12:59:10 AM 174307 C:\WINDOWS\XPize\Resources\mstsc.exe
10/12/2009 12:57:25 AM 275729 C:\WINDOWS\XPize\Resources\msxml3.dll
10/12/2009 12:58:44 AM 19326 C:\WINDOWS\XPize\Resources\mycomput.dll
10/12/2009 12:57:26 AM 280641 C:\WINDOWS\XPize\Resources\mydocs.dll
10/12/2009 12:58:33 AM 140372 C:\WINDOWS\XPize\Resources\ncpa.cpl
10/12/2009 12:57:27 AM 1198588 C:\WINDOWS\XPize\Resources\netplwiz.dll
10/12/2009 12:57:28 AM 533589 C:\WINDOWS\XPize\Resources\netshell.dll
10/12/2009 12:57:29 AM 316747 C:\WINDOWS\XPize\Resources\newdev.dll
10/12/2009 12:58:08 AM 137922 C:\WINDOWS\XPize\Resources\notepad.exe
10/12/2009 12:58:09 AM 15284 C:\WINDOWS\XPize\Resources\nslookup.exe
10/12/2009 12:57:30 AM 17501 C:\WINDOWS\XPize\Resources\ntlanui2.dll
10/12/2009 12:58:10 AM 15246 C:\WINDOWS\XPize\Resources\ntsd.exe
10/12/2009 12:58:34 AM 137926 C:\WINDOWS\XPize\Resources\nusrmgr.cpl
10/12/2009 12:58:55 AM 315726 C:\WINDOWS\XPize\Resources\occache.dll
10/12/2009 12:58:45 AM 15268 C:\WINDOWS\XPize\Resources\odbcad32.exe
10/12/2009 12:58:45 AM 20415 C:\WINDOWS\XPize\Resources\odbcint.dll
10/12/2009 12:59:04 AM 15262 C:\WINDOWS\XPize\Resources\oemig50.exe
10/12/2009 12:58:46 AM 5606 C:\WINDOWS\XPize\Resources\oledb32.dll
10/12/2009 12:58:11 AM 15260 C:\WINDOWS\XPize\Resources\perfmon.exe
10/12/2009 12:57:31 AM 131164 C:\WINDOWS\XPize\Resources\photowiz.dll
10/12/2009 12:57:31 AM 137918 C:\WINDOWS\XPize\Resources\pifmgr.dll
10/12/2009 12:58:28 AM 155310 C:\WINDOWS\XPize\Resources\powercfg.cpl
10/12/2009 12:57:32 AM 150444 C:\WINDOWS\XPize\Resources\printui.dll
10/12/2009 12:57:33 AM 1378185 C:\WINDOWS\XPize\Resources\quartz.dll
10/12/2009 12:59:14 AM 275744 C:\WINDOWS\XPize\Resources\QuickTime.cpl
10/12/2009 12:57:34 AM 146041 C:\WINDOWS\XPize\Resources\rasdlg.dll
10/12/2009 12:58:11 AM 280078 C:\WINDOWS\XPize\Resources\regedit.exe
10/12/2009 12:58:12 AM 15262 C:\WINDOWS\XPize\Resources\regedt32.exe
10/12/2009 12:57:35 AM 27566 C:\WINDOWS\XPize\Resources\remotepg.dll
10/12/2009 12:58:13 AM 137922 C:\WINDOWS\XPize\Resources\rstrui.exe
10/12/2009 12:58:13 AM 15262 C:\WINDOWS\XPize\Resources\runonce.exe
10/12/2009 12:58:28 AM 30561 C:\WINDOWS\XPize\Resources\sapi.cpl
10/12/2009 12:57:35 AM 5602 C:\WINDOWS\XPize\Resources\scrobj.dll
10/12/2009 12:57:37 AM 499008 C:\WINDOWS\XPize\Resources\setupapi.dll
10/12/2009 12:57:38 AM 222753 C:\WINDOWS\XPize\Resources\shdoclc.dll
10/12/2009 12:58:56 AM 687712 C:\WINDOWS\XPize\Resources\shdocvw.dll
10/12/2009 12:56:43 AM 9912361 C:\WINDOWS\XPize\Resources\shell32.dll
10/12/2009 12:57:38 AM 924536 C:\WINDOWS\XPize\Resources\shimgvw.dll
10/12/2009 12:58:57 AM 4458 C:\WINDOWS\XPize\Resources\shlwapi.dll
10/12/2009 12:58:14 AM 82921 C:\WINDOWS\XPize\Resources\shrpubw.exe
10/12/2009 12:57:39 AM 15262 C:\WINDOWS\XPize\Resources\shscrap.dll
10/12/2009 12:58:15 AM 33718 C:\WINDOWS\XPize\Resources\sigverif.exe
10/12/2009 12:58:15 AM 19607 C:\WINDOWS\XPize\Resources\sndrec32.exe
10/12/2009 12:58:16 AM 8811 C:\WINDOWS\XPize\Resources\sndvol32.exe
10/12/2009 12:57:36 AM 44605 C:\WINDOWS\XPize\Resources\srrstr.dll
10/12/2009 12:57:40 AM 142319 C:\WINDOWS\XPize\Resources\sti_ci.dll
10/12/2009 12:57:41 AM 5610 C:\WINDOWS\XPize\Resources\stobject.dll
10/12/2009 12:57:42 AM 30386 C:\WINDOWS\XPize\Resources\sxs.dll
10/12/2009 12:57:42 AM 172086 C:\WINDOWS\XPize\Resources\syncui.dll
10/12/2009 12:58:29 AM 88601 C:\WINDOWS\XPize\Resources\sysdm.cpl
10/12/2009 12:58:47 AM 15254 C:\WINDOWS\XPize\Resources\sysmon.ocx
10/12/2009 12:58:17 AM 243978 C:\WINDOWS\XPize\Resources\sysocmgr.exe
10/12/2009 12:57:43 AM 38852 C:\WINDOWS\XPize\Resources\tapiui.dll
10/12/2009 12:58:17 AM 53935 C:\WINDOWS\XPize\Resources\taskmgr.exe
10/12/2009 12:57:44 AM 56105 C:\WINDOWS\XPize\Resources\tcpmonui.dll
10/12/2009 12:58:34 AM 137930 C:\WINDOWS\XPize\Resources\telephon.cpl
10/12/2009 12:58:18 AM 15264 C:\WINDOWS\XPize\Resources\telnet.exe
10/12/2009 12:57:45 AM 38054 C:\WINDOWS\XPize\Resources\themeui.dll
10/12/2009 12:58:30 AM 334550 C:\WINDOWS\XPize\Resources\timedate.cpl
10/12/2009 12:58:58 AM 14270 C:\WINDOWS\XPize\Resources\url.dll
10/12/2009 12:58:58 AM 13144 C:\WINDOWS\XPize\Resources\urlmon.dll
10/12/2009 12:58:19 AM 15266 C:\WINDOWS\XPize\Resources\verifier.exe
10/12/2009 12:59:04 AM 142294 C:\WINDOWS\XPize\Resources\wab.exe
10/12/2009 12:59:07 AM 93693 C:\WINDOWS\XPize\Resources\wab32res.dll
10/12/2009 12:59:05 AM 4482 C:\WINDOWS\XPize\Resources\wabimp.dll
10/12/2009 12:59:06 AM 4482 C:\WINDOWS\XPize\Resources\wabmig.exe
10/12/2009 12:57:45 AM 198688 C:\WINDOWS\XPize\Resources\webcheck.dll
10/12/2009 12:58:20 AM 340925 C:\WINDOWS\XPize\Resources\wiaacmgr.exe
10/12/2009 12:57:46 AM 75169 C:\WINDOWS\XPize\Resources\wiadefui.dll
10/12/2009 12:57:47 AM 137930 C:\WINDOWS\XPize\Resources\wiashext.dll
10/12/2009 12:57:48 AM 323185 C:\WINDOWS\XPize\Resources\winbrand.dll
10/12/2009 12:59:15 AM 20682 C:\WINDOWS\XPize\Resources\WinRAR.exe
10/12/2009 12:59:09 AM 275759 C:\WINDOWS\XPize\Resources\wmplayer.exe
10/12/2009 12:59:07 AM 1739780 C:\WINDOWS\XPize\Resources\wmploc.dll
10/12/2009 12:58:20 AM 45550 C:\WINDOWS\XPize\Resources\wordpad.exe
10/12/2009 12:58:21 AM 15250 C:\WINDOWS\XPize\Resources\write.exe
10/12/2009 12:58:22 AM 436050 C:\WINDOWS\XPize\Resources\wscript.exe
10/12/2009 12:58:35 AM 137918 C:\WINDOWS\XPize\Resources\wscui.cpl
10/12/2009 12:58:31 AM 275726 C:\WINDOWS\XPize\Resources\wuaucpl.cpl
10/12/2009 12:57:49 AM 770969 C:\WINDOWS\XPize\Resources\xpsp2res.dll
10/12/2009 12:57:50 AM 415143 C:\WINDOWS\XPize\Resources\zipfldr.dll
10/12/2009 12:56:32 AM 515623 C:\WINDOWS\XPize\Tools
9/20/2009 2:00:44 PM 2022 32 C:\WINDOWS\comsetup.log
9/20/2009 2:00:42 PM 6160 32 C:\WINDOWS\FaxSetup.log
9/20/2009 2:00:43 PM 1029 32 C:\WINDOWS\iis6.log
9/20/2009 2:00:44 PM 1374 32 C:\WINDOWS\imsins.log
9/21/2009 8:46:02 AM 9244 32 C:\WINDOWS\KB925720.log
8/25/2009 9:33:04 PM 4383 32 C:\WINDOWS\KB961371-v2.log
10/13/2009 3:43:05 PM 4348 32 C:\WINDOWS\KB968389.log
10/13/2009 3:49:02 PM 5743 32 C:\WINDOWS\KB969059.log
10/13/2009 3:48:59 PM 5659 32 C:\WINDOWS\KB974112.log
10/13/2009 3:48:44 PM 53444 32 C:\WINDOWS\KB974455-IE7.log
10/13/2009 3:48:39 PM 5407 32 C:\WINDOWS\KB974571.log
10/13/2009 3:48:55 PM 5575 32 C:\WINDOWS\KB975025.log
10/13/2009 3:44:38 PM 5330 32 C:\WINDOWS\KB975467.log
9/20/2009 2:00:45 PM 309 32 C:\WINDOWS\msgsocm.log
10/12/2009 1:01:42 AM 291718 32 C:\WINDOWS\ntbtlog.txt
9/20/2009 2:00:44 PM 1229 32 C:\WINDOWS\ntdtcsetup.log
9/20/2009 2:00:42 PM 2916 32 C:\WINDOWS\ocgen.log
9/20/2009 2:00:46 PM 342 32 C:\WINDOWS\ocmsn.log
9/15/2009 8:52:04 PM 13044 32 C:\WINDOWS\scunin.dat
9/15/2009 8:52:04 PM 94208 32 C:\WINDOWS\ScUnin.exe
9/15/2009 8:52:04 PM 967 32 C:\WINDOWS\ScUnin.pif
9/20/2009 2:00:44 PM 0 32 C:\WINDOWS\setupact.log
8/21/2009 3:41:08 PM 32171 32 C:\WINDOWS\setupapi.log
9/20/2009 2:00:44 PM 0 32 C:\WINDOWS\setuperr.log
9/20/2009 2:00:44 PM 2359 32 C:\WINDOWS\tsoc.log
10/4/2009 8:33:49 PM 3228 32 C:\WINDOWS\wmsetup.log
9/20/2009 2:02:01 PM 386780 C:\WINDOWS\system32\XPSViewer
9/20/2009 2:02:01 PM 3584 C:\WINDOWS\system32\XPSViewer\en-us
10/20/2009 8:18:39 PM 0 32 C:\WINDOWS\system32\AVR09.exe
10/20/2009 8:18:03 PM 831 32 C:\WINDOWS\system32\critical_warning.html
9/25/2009 11:41:26 AM 696320 32 C:\WINDOWS\system32\DivX.dll
9/25/2009 11:41:26 AM 856064 32 C:\WINDOWS\system32\divx_xx07.dll
9/25/2009 11:41:26 AM 847872 32 C:\WINDOWS\system32\divx_xx0a.dll
9/25/2009 11:41:26 AM 856064 32 C:\WINDOWS\system32\divx_xx0c.dll
9/25/2009 11:41:26 AM 839680 32 C:\WINDOWS\system32\divx_xx11.dll
9/25/2009 11:41:26 AM 843776 32 C:\WINDOWS\system32\divx_xx16.dll
9/25/2009 11:41:28 AM 90112 32 C:\WINDOWS\system32\dpl100.dll
9/13/2009 9:49:55 PM 135168 32 C:\WINDOWS\system32\java.exe
9/13/2009 9:49:55 PM 73728 32 C:\WINDOWS\system32\javacpl.cpl
9/13/2009 9:49:55 PM 135168 32 C:\WINDOWS\system32\javaw.exe
9/13/2009 9:49:55 PM 139264 32 C:\WINDOWS\system32\javaws.exe
9/13/2009 9:49:32 PM 6587 32 C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log
9/16/2009 6:57:03 PM 132796 34 C:\WINDOWS\system32\mlfcache.dat
10/12/2009 12:59:34 AM 994304 32 C:\WINDOWS\system32\msgina.dll.xpize
8/25/2009 9:47:58 PM 5632 32 C:\WINDOWS\system32\ptpusb.dll
8/25/2009 9:47:57 PM 159232 32 C:\WINDOWS\system32\ptpusd.dll
10/16/2009 11:28:51 PM 66296 0 C:\WINDOWS\system32\pxcpya64.exe
10/16/2009 11:28:51 PM 120056 0 C:\WINDOWS\system32\pxcpyi64.exe
10/16/2009 11:28:51 PM 72440 0 C:\WINDOWS\system32\pxhpinst.exe
10/16/2009 11:28:51 PM 64760 0 C:\WINDOWS\system32\pxinsa64.exe
10/16/2009 11:28:51 PM 118520 0 C:\WINDOWS\system32\pxinsi64.exe
9/5/2009 1:54:48 AM 69632 32 C:\WINDOWS\system32\QuickTime.qts
9/5/2009 1:54:48 AM 94208 32 C:\WINDOWS\system32\QuickTimeVR.qtx
9/20/2009 2:00:58 PM 14048 0 C:\WINDOWS\system32\spmsg2.dll
8/25/2009 9:50:22 PM 2065696 32 C:\WINDOWS\system32\usbaaplrc.dll
10/12/2009 12:56:39 AM 218624 32 C:\WINDOWS\system32\uxtheme.backup
10/20/2009 8:28:07 PM 0 32 C:\WINDOWS\system32\winhelper.dll
10/20/2009 8:17:58 PM 27136 32 C:\WINDOWS\system32\winupdate.exe
10/20/2009 8:17:44 PM 99840 32 C:\WINDOWS\system32\~.exe

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======


====== Files and Folders under "\Program Files" Last 60 Days======

8/25/2009 9:53:34 PM 3136854 C:\Program Files\Bonjour
10/20/2009 5:26:07 PM 41206117 C:\Program Files\Digiarty
10/16/2009 11:28:14 PM 70749308 C:\Program Files\DivX
9/18/2009 1:27:08 PM C:\Program Files\DVD Shrink
9/1/2009 7:31:12 PM 2226727 C:\Program Files\ImgBurn
9/15/2009 5:27:08 PM 1582699 C:\Program Files\iPod
9/20/2009 2:04:17 PM 10670390 C:\Program Files\ManicTime
9/20/2009 2:02:08 PM 23758 C:\Program Files\MSBuild
10/19/2009 5:47:03 PM 79002983 C:\Program Files\Orbitdownloader
9/20/2009 2:01:52 PM 31308314 C:\Program Files\Reference Assemblies
9/21/2009 9:31:31 PM 11479908 C:\Program Files\Remote PC Suite
9/13/2009 9:50:01 PM 44617942 C:\Program Files\Stanza
10/12/2009 12:59:42 AM 1000873 C:\Program Files\TaskSwitchXP

====== Files under "\System32\Drivers" Last 60 Days======


====== Files Deleted under "%Temp%" ======


318 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

9/1/2009 7:27:32 PM 69863 C:\Documents and Settings\All Users\Application Data\DVD Shrink
9/12/2009 7:52:36 PM 3887568 C:\Documents and Settings\All Users\Application Data\NOS
9/12/2009 7:52:47 PM 3887568 C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads
9/15/2009 5:27:02 PM 542947 C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
9/15/2009 5:28:08 PM 542947 C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86
9/15/2009 5:28:08 PM 133968 C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86
8/25/2009 9:54:54 PM 3654 C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
8/25/2009 9:55:25 PM 3654 C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86
9/20/2009 2:05:02 PM 111 32 C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKLM\Software\microsoft\shared tools\msconfig\startupreg\BackupClient.exe
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe

====== Services ( Services that are Whitelisted are not shown) ======

APPDRV (APPDRV)- C:\WINDOWS\system32\DRIVERS\APPDRV.SYS - System/Running
aswFsBlk (aswFsBlk)- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys - Auto/Running
aswSP (avast! Self Protection)- C:\WINDOWS\system32\drivers\aswSP.sys - System/Running
BCM43XX (Dell Wireless WLAN Card Driver)- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys - Manual/Running
BthEnum (Bluetooth Request Block Driver)- C:\WINDOWS\system32\DRIVERS\BthEnum.sys - Manual/Stopped
BthPan (Bluetooth Device (Personal Area Network))- C:\WINDOWS\system32\DRIVERS\bthpan.sys - Manual/Stopped
BTHPORT (Bluetooth Port Driver)- C:\WINDOWS\system32\Drivers\BTHport.sys - Manual/Stopped
BTHUSB (Bluetooth Radio USB Driver)- C:\WINDOWS\system32\Drivers\BTHUSB.sys - Manual/Stopped
BTSERIAL (Bluetooth Serial Driver)- \??\C:\WINDOWS\system32\drivers\btserial.sys - Auto/Running
BTSLBCSP (Bluetooth Port Client Driver)- \??\C:\WINDOWS\system32\drivers\btslbcsp.sys - Auto/Running
cpuz130 (cpuz130)- \??\C:\DOCUME~1\Mitch\LOCALS~1\Temp\cpuz130\cpuz_x32.sys - Manual/Stopped
DLABMFSM (DLABMFSM)- C:\WINDOWS\system32\DLA\DLABMFSM.SYS - Auto/Running
DLABOIOM (DLABOIOM)- C:\WINDOWS\system32\DLA\DLABOIOM.SYS - Auto/Running
DLACDBHM (DLACDBHM)- C:\WINDOWS\system32\Drivers\DLACDBHM.SYS - System/Running
DLADResM (DLADResM)- C:\WINDOWS\system32\DLA\DLADResM.SYS - Auto/Running
DLAIFS_M (DLAIFS_M)- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - Auto/Running
DLAOPIOM (DLAOPIOM)- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - Auto/Running
DLAPoolM (DLAPoolM)- C:\WINDOWS\system32\DLA\DLAPoolM.SYS - Auto/Running
DLARTL_M (DLARTL_M)- C:\WINDOWS\system32\Drivers\DLARTL_M.SYS - System/Running
DLAUDFAM (DLAUDFAM)- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - Auto/Running
DLAUDF_M (DLAUDF_M)- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - Auto/Running
DRVMCDB (DRVMCDB)- C:\WINDOWS\system32\Drivers\DRVMCDB.SYS - Boot/Running
DRVNDDM (DRVNDDM)- C:\WINDOWS\system32\Drivers\DRVNDDM.SYS - Auto/Running
DXEC02 (DXEC02)- C:\WINDOWS\system32\drivers\dxec02.sys - Manual/Running
E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Stopped
HSFHWAZL (HSFHWAZL)- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys - Manual/Running
HSF_DPV (HSF_DPV)- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys - Manual/Running
iaStor (Intel RAID Controller)- C:\WINDOWS\system32\drivers\iaStor.sys - Boot/Running
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
n558 (N558 Bluetooth USB Filter Driver)- C:\WINDOWS\system32\Drivers\n558.sys - Manual/Stopped
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
NVR0Dev (NVR0Dev)- \??\C:\WINDOWS\nvoclock.sys - Manual/Running
OEM02Dev (Creative Camera OEM002 Driver)- C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys - Manual/Running
OEM02Vfx (Creative Camera OEM002 Video VFX Driver)- C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys - Manual/Running
PalmUSBD (PalmUSBD)- C:\WINDOWS\system32\drivers\PalmUSBD.sys - Manual/Stopped
RFCOMM (Bluetooth Device (RFCOMM Protocol TDI))- C:\WINDOWS\system32\DRIVERS\rfcomm.sys - Manual/Stopped
rimmptsk (rimmptsk)- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys - Auto/Running
rimsptsk (rimsptsk)- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys - Auto/Running
rismxdp (Ricoh xD-Picture Card Driver)- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys - Auto/Running
sdbus (sdbus)- C:\WINDOWS\system32\DRIVERS\sdbus.sys - Manual/Running
sffdisk (SFF Storage Class Driver)- C:\WINDOWS\system32\DRIVERS\sffdisk.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\WINDOWS\system32\DRIVERS\sffp_sd.sys - Manual/Stopped
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
STHDA (SigmaTel High Definition Audio CODEC)- C:\WINDOWS\system32\drivers\sthda.sys - Manual/Running
SynTP (Synaptics TouchPad Driver)- C:\WINDOWS\system32\DRIVERS\SynTP.sys - Manual/Running
TIEHDUSB (TIEHDUSB)- C:\WINDOWS\system32\drivers\tiehdusb.sys - Manual/Stopped
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
usbser (Motorola USB Modem Driver)- C:\WINDOWS\system32\DRIVERS\usbser.sys - Manual/Stopped
usbvideo (USB Video Device (WDM))- C:\WINDOWS\system32\Drivers\usbvideo.sys - Manual/Stopped
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\WINDOWS\system32\DRIVERS\wmiacpi.sys - System/Running
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon MP3 Downloader 1.0.3
AOL Instant Messenger
AutoHotkey 1.0.48.00
avast! Antivirus
Dell Wireless WLAN Card
CCleaner (remove only)
CinemaForge
Conexant HDA D330 MDC V.92 Modem
Laptop Integrated Webcam Driver (1.03.02.0719)
CutePDF Writer 2.7
Dell Webcam Center
Dell Webcam Manager
DivX Plus DirectShow Filters
DVD Shrink 3.2
E.M. Total Video Player 1.31
ffdshow [rev 2202] [2008-10-10]
FlashGet 1.9.6.1073
FoxyTunes for Firefox
HP Imaging Device Functions 9.0
HP Solution Center 9.0
HP OCR Software 9.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
ImgBurn
Inspiration 6
TBS WMP Plug-in
NVIDIA nTune
IrfanView (remove only)
High Definition Audio Driver Package - KB835221
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Hotfix for Windows XP (KB896256)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Hotfix for Windows XP (KB906569)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Update for Windows XP (KB912945)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows Internet Explorer 7 (KB961260)
Update for Windows XP (KB967715)
K-Lite Codec Pack 4.3.4 (Full)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5
Mozilla Firefox (3.5.3)
Nero Suite
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
Orbit Downloader
Photodex Presenter
PolarClock3 Screen Saver
PowerMenu 1.51
RealPlayer
Registry Mechanic 8.0
Remote PC Suite 1.3
Scripts for iTunes
SearchAssist
SolSuite
Stanza
Starcraft
StorageSync Backup Software
Student Backup 2008
Dell Touchpad
System Requirements Lab
TaskSwitchXP
Tweak UI
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VLC media player 0.9.8a
Windows Imaging Component
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
WinRAR archiver
WinX DVD Author 5.5.8
Windows Media Format 11 runtime
Microsoft User-Mode Driver Framework Feature Pack 1.0
Xiph QuickTime Components
XPize 4.7 Beta 2
XML Paper Specification Shared Components Pack 1.0
DocProc
Palm
Roxio Creator Tools
Bonjour
Apple Application Support
Roxio Creator Data
Microsoft Plus! Photo Story 2 LE
QualxServ Service Agreement
TrayApp
TBS WMP Plug-in
DivX Converter
Copy
AutoUpdate
MSXML 6 Service Pack 2 (KB954459)
Live! Cam Avatar v1.0
DeviceDiscovery
WebReg
Microsoft .NET Framework 3.0 Service Pack 1
Scan
Roxio Drag-to-Disc
Microsoft .NET Framework 3.5
Roxio Update Manager
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
Windows Media Player 10
WebFldrs XP
Oblivion
Sonic Activation Module
MobileMe Control Panel
NetWaiting
DivX Version Checker
HP Smart Web Printing
Dell Resource CD
Windows 7 Upgrade Advisor Beta
Bonjour
Alarm Clock of Justice
ManicTime
Dell DataSafe Online
UnloadSupport
neroxml
Skype™ 3.6
VC80CRTRedist - 8.0.50727.4053
Broadcom 440x 10/100 Integrated Controller
Roxio Creator Copy
Browser Address Error Redirector
Live! Cam Avatar Creator
Roxio Express Labeler
eSupportQFolder
Apple Software Update
pcPROXSonar
Microsoft Plus! Digital Media Edition Installer
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
DivX Codec
NVIDIA nTune
Roxio Creator Audio
MSXML 4.0 SP2 (KB954430)
DocProcQFolder
Microsoft Silverlight
DivX Player
Compatibility Pack for the 2007 Office system
Microsoft Office XP Professional with FrontPage
Microsoft Office OneNote 2003
Microsoft Office PowerPoint Viewer 2007 (English)
OutlookAddinSetup
MediaDirect
Mavis Beacon Teaches Typing 15
QuickTime
F4100_Help
F4100
TI Connect 1.6
H.264 Decoder
MKV Splitter
Apple Mobile Device Support
HP Update
DeviceManagementQFolder
Adobe Reader 8.1.0
HPProductAssistant
AAC Decoder
dirLock
AIO_Scan
Documentation & Support Launcher
DivX Converter
LightScribe 1.8.15.1
F4100_doccd
DJ_AIO_Software_min
Microsoft .NET Framework 2.0 Service Pack 1
Games, Music, & Photos Launcher
DivX Web Player
SolutionCenter
Futuremark SystemInfo
MSXML 4.0 SP2 (KB936181)
Morrowind
QuickSet
Roxio Creator DE
Broadcom Management Programs
ClearType Tuning Control Panel Applet
DJ_AIO_Software
Microsoft .NET Framework 1.1
HBO on Broadband
Destination Component
IntelliSonic Speech Enhancement
TES Construction Set
Ad-Aware
BufferChm
Dell Support Center (Support Software)
Internet Service Offers Launcher
DJ_AIO_ProductContext
Digital Line Detect
Toolbox
iTunes
SplashShopper
32 Bit HP CIO Components Installer
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Modem Diagnostic Tool
HP Deskjet All-In-One Software 9.0
Status
WIDCOMM Bluetooth Software
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

======== Other Info ========

TOTAL PHYSICAL RAM: 2145 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlogo


OS Type: Microsoft Windows XP Home Edition
Build: 5.1.2600
Service Pack: 2.0


====== Files with Hidden Attributes======

C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\ntuser.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009031620090317\index.dat

==End of Report==
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 7:43 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
After each of these steps, I've turned my computer off waiting for your reply.
Is this what I should be doing? or should I leave it on?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-21-2009 8:00 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Is this what I should be doing?
Yes, it is the right thing to do.
 
Please download  http://swandog46.geekstogo.com/avenger2/download.php
 
  by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop
 
Start Avenger
 
Begin copying here:
Files to delete:
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\calc.dll
C:\DOCUME~1\Mitch\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\Mitch\LOCALS~1\Temp\wow64main.exe
C:\Documents and Settings\Mitch\Application Data\seres.exe
C:\Documents and Settings\Mitch\Application Data\svcst.exe
C:\DOCUME~1\LOCALS~1\ntuser.dll
C:\ldvx.exe
C:\vyiy.exe
C:\WINDOWS\system32\winhelper.dll
C:\WINDOWS\system32\~.exe

 
Copy/Paste all the text  in the above codebox into the main window
Click Execute
 
The Avenger will automatically do the following:
It will Restart your computer.
 
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
 
This log file will be located at  C:\avenger.txt
 
Post C:\avenger.txt in next reply, along with a combofix log and malwarebyte log ->
 
 
Please download Combofix from:
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.
 And save to the desktop.

Close all other browser windows.
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 
 
Please download Malwarebytes' Anti-Malware:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
 NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 8:28 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
I am currently using a friend's computer to check your posts; should i connect to the internet to update Malwarebytes?
I believe I already have the software, but I don't know about updates.

Should I connect to the internet for updating malware bytes?

I am currently starting to run avenger, then combofix, and hoepfully I'll have an answer about updating malware bytes.
I will post logs as soon as I am finished.


Thank you!
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-21-2009 8:56 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
should i connect to the internet to update Malwarebytes?
It is necessary you are connected, otherwise it won´t be easy to get updates ;-)

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 10:36 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\winupdate.exe" deleted successfully.
File "C:\WINDOWS\system32\calc.dll" deleted successfully.
File "C:\DOCUME~1\Mitch\LOCALS~1\Temp\smss.exe" deleted successfully.
File "C:\DOCUME~1\Mitch\LOCALS~1\Temp\wow64main.exe" deleted successfully.
File "C:\Documents and Settings\Mitch\Application Data\seres.exe" deleted successfully.
File "C:\Documents and Settings\Mitch\Application Data\svcst.exe" deleted successfully.
File "C:\DOCUME~1\LOCALS~1\ntuser.dll" deleted successfully.
File "C:\ldvx.exe" deleted successfully.
File "C:\vyiy.exe" deleted successfully.
File "C:\WINDOWS\system32\winhelper.dll" deleted successfully.
File "C:\WINDOWS\system32\~.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 10:36 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
ComboFix 09-10-20.03 - Mitch 10/21/2009 2:54.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1416 [GMT -5:00]
Running from: c:\documents and settings\Mitch\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091011-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mitch\Application Data\lizkavd.exe
c:\documents and settings\Mitch\ntuser.dll
c:\documents and settings\Mitch\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Mitch\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\NetworkService\ntuser.dll
C:\install.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\AVR09.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\foyirosi.dll
c:\windows\system32\hefayole.dll
c:\windows\system32\mscert.dll
c:\windows\system32\walowofu.dll
c:\windows\system32\wbem\proquota.exe

Infected copy of c:\windows\system32\autochk.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\autochk.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 07:58 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-21 01:29 . 2009-10-21 01:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2009-10-21 01:29 . 2009-10-21 01:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2009-10-20 23:26 . 2009-10-20 23:26 -------- d-----w- c:\temp\DVD_DISC
2009-10-20 22:26 . 2009-10-20 22:26 -------- d-----w- c:\program files\Digiarty
2009-10-19 22:47 . 2009-10-19 22:47 -------- d-----w- c:\documents and settings\Mitch\Application Data\GrabPro
2009-10-19 22:47 . 2009-10-21 01:06 -------- d-----w- c:\documents and settings\Mitch\Application Data\Orbit
2009-10-19 22:47 . 2009-10-19 22:47 -------- d-----w- c:\program files\Orbitdownloader
2009-10-17 07:36 . 2009-10-17 07:36 -------- d-----w- c:\documents and settings\Mitch\Application Data\DivX
2009-10-17 04:28 . 2009-09-25 16:42 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-17 04:28 . 2009-09-25 16:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-17 04:28 . 2009-10-17 04:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-17 04:28 . 2009-10-17 04:28 -------- d-----w- c:\program files\DivX
2009-10-12 05:59 . 2009-10-12 05:59 -------- d-----w- c:\program files\TaskSwitchXP
2009-10-12 05:56 . 2009-10-12 05:56 218624 ----a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-10-12 05:56 . 2009-10-12 05:59 -------- d--h--w- c:\windows\XPize
2009-10-10 20:29 . 2009-10-10 20:29 -------- d-----w- c:\documents and settings\Mitch\dwhelper
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-22 02:31 . 2009-09-23 01:16 -------- d-----w- c:\program files\Remote PC Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 08:03 . 2008-08-26 05:42 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-10-21 08:03 . 2008-08-21 20:34 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-10-21 07:34 . 2008-05-31 02:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 01:25 . 2008-08-26 05:43 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-10-20 21:21 . 2008-12-02 02:03 -------- d-----w- c:\program files\FlashGet
2009-10-17 03:10 . 2009-09-16 23:57 132796 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-12 05:56 . 2004-08-10 18:51 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-02 04:29 . 2008-01-24 13:27 139339 ----a-w- c:\windows\system32\nvModes.dat
2009-10-01 05:30 . 2008-09-28 20:31 -------- d-----w- c:\program files\Student Backup
2009-09-26 20:17 . 2008-04-19 04:56 -------- d-----w- c:\documents and settings\Mitch\Application Data\Move Networks
2009-09-25 16:42 . 2006-09-14 21:13 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-09-25 16:42 . 2006-07-24 08:00 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-22 01:43 . 2009-09-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-22 01:35 . 2009-09-13 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-22 01:27 . 2009-09-20 19:02 335320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-20 19:04 . 2008-01-30 02:28 196256 ----a-w- c:\documents and settings\Mitch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 19:04 . 2009-09-20 19:04 -------- d-----w- c:\program files\ManicTime
2009-09-20 19:02 . 2009-09-20 19:02 -------- d-----w- c:\program files\MSBuild
2009-09-20 19:01 . 2009-09-20 19:01 -------- d-----w- c:\program files\Reference Assemblies
2009-09-18 18:27 . 2009-09-18 18:27 -------- d-----w- c:\program files\DVD Shrink
2009-09-16 23:24 . 2008-07-17 18:06 -------- d-----w- c:\documents and settings\Mitch\Application Data\Apple Computer
2009-09-16 02:02 . 2009-04-15 03:11 -------- d-----w- c:\program files\Starcraft
2009-09-16 01:52 . 2009-09-16 01:52 967 ----a-w- c:\windows\ScUnin.pif
2009-09-16 01:52 . 2009-09-16 01:52 94208 ----a-w- c:\windows\ScUnin.exe
2009-09-16 01:52 . 2009-09-16 01:52 13044 ----a-w- c:\windows\scunin.dat
2009-09-16 00:19 . 2009-09-16 00:16 -------- d-----w- c:\documents and settings\Mitch\Application Data\ImgBurn
2009-09-15 22:28 . 2009-09-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 22:28 . 2008-11-03 16:55 -------- d-----w- c:\program files\iTunes
2009-09-15 22:27 . 2009-09-15 22:27 -------- d-----w- c:\program files\iPod
2009-09-15 22:27 . 2008-08-20 19:58 -------- d-----w- c:\program files\Common Files\Apple
2009-09-15 22:25 . 2008-04-13 02:12 -------- d-----w- c:\program files\QuickTime
2009-09-14 02:50 . 2009-08-26 02:53 -------- d-----w- c:\program files\Bonjour
2009-09-14 02:50 . 2009-09-14 02:50 -------- d-----w- c:\program files\Stanza
2009-09-14 02:49 . 2008-01-24 13:41 -------- d-----w- c:\program files\Java
2009-09-02 00:31 . 2009-09-02 00:31 -------- d-----w- c:\program files\ImgBurn
2009-08-29 00:42 . 2009-08-26 02:50 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:42 . 2008-11-03 16:51 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 23:43 . 2008-08-20 02:10 -------- d-----w- c:\documents and settings\Mitch\Application Data\Ahead
2009-08-26 02:55 . 2009-08-26 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-26 02:50 . 2008-04-13 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-17 16:10 . 2008-02-13 00:30 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-02-13 00:30 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-02-13 00:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-12-17 08:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-12-17 08:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-02-13 00:31 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-02-13 00:31 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-02-13 00:31 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-02-13 00:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 05:26 . 2009-08-17 05:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-07 00:24 . 2004-08-10 19:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 19:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-07-31 01:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 19:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 19:02 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 18:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 19:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 19:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-24 13:44 . 2008-01-24 13:44 76 --sh--r- c:\windows\CT4CET.bin
.

------- Sigcheck -------

[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3gdr\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3qfe\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\mshtml.dll
[-] 2009-01-17 . F2B26B858DFAF8AF25E1490CFBD21F0D . 3496960 . . [7.00.6000.16809] . . c:\windows\system32\mshtml.dll
[-] 2009-01-17 . F2B26B858DFAF8AF25E1490CFBD21F0D . 3496960 . . [7.00.6000.16809] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\XPize\Backup\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\SoftwareDistribution\Download\962265103b0b1c225200a0c86ad8fa77\SP2GDR\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\SoftwareDistribution\Download\962265103b0b1c225200a0c86ad8fa77\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2GDR\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\f6d390a5c8cb03ef1624d5e3583de48b\SP2GDR\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\f6d390a5c8cb03ef1624d5e3583de48b\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2GDR\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mshtml.dll
[7] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-10-31 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-08-23 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll
[7] 2007-08-23 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\ie7\mshtml.dll
[7] 2007-08-22 . 591449BD8F2C8090B9259E88C78AE61D . 3058176 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB939653$\mshtml.dll
[7] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[7] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 3F974A1F66D156B1D49D02693E9FCB4A . 1183744 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 3F974A1F66D156B1D49D02693E9FCB4A . 1183744 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\XPize\Backup\explorer.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . DE8FA9CF18F95341079C7E6A215C226A . 30208 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2009-08-06 612352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 30208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-07-03 1228800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-07-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

c:\documents and settings\Mitch\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-11 59080]
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-24 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kbdnet.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
backup=c:\windows\pss\Personal Coach.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mitch^Start Menu^Programs^Startup^Palm Registration.lnk]
backup=c:\windows\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Remote PC Suite\\RemotePC.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2009 4:06 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/17/2008 3:48 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/17/2008 3:48 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2008 4:09 PM 24652]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [1/24/2008 8:20 AM 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [1/24/2008 8:20 AM 7424]
S3 cpuz130;cpuz130;\??\c:\docume~1\Mitch\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Mitch\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 951632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:06]

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-10-20 c:\windows\Tasks\User_Feed_Synchronization-{B23990F5-E3EF-4B2A-89EB-9B1FC97258C8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080124
uInternet Settings,ProxyServer = 10.10.1.10:80
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Mitch\Application Data\Mozilla\Firefox\Profiles\7z1boied.default\
FF - prefs.js: browser.startup.homepage - hxxp://minutesplease.com/
FF - component: c:\documents and settings\Mitch\Application Data\Mozilla\Firefox\Profiles\7z1boied.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\Mitch\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Mitch\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Mitch\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\HBO\HBO on Broadband\plugins\npbroadband.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{e6cc125e-d354-459d-befc-156e752b0796} - walowofu.dll
HKLM-Run-sopetijape - foyirosi.dll
AddRemove-DVD Shrink_is1 - c:\program files\DVD Shrink\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 03:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1243580924-884081480-1834681411-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE901474-3557-00BE-0B74D16C6C9B8223}\{8B1B0984-A0E2-36AE-AE0ABC7DD3EE1D9C}\{C1D3D6EB-516B-0CD4-D732D0B608CDF1EA}*]
"AXBBEZDR5GG1RHH1SV4GCUI36H1"=hex:01,00,01,00,00,00,00,00,ea,70,b2,10,82,71,5d,
44,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\SHDOCVW.dll
c:\program files\PowerMenu\PowerMenuHook.dll
c:\windows\System32\cscui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rpcnet.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\combofix\CF24943.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 3:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 08:14

Pre-Run: 61,615,726,592 bytes free
Post-Run: 63,274,471,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlogo

- - End Of File - - ECAA7A6EA4B49C30939920772053E522
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 10:37 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Malwarebytes' Anti-Malware 1.41
Database version: 3004
Windows 5.1.2600 Service Pack 2

10/21/2009 4:29:01 AM
mbam-log-2009-10-21 (04-29-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 212264
Time elapsed: 1 hour(s), 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Mitch\ntuser.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mitch\Application Data\lizkavd.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mitch\Start Menu\Programs\Startup\scandisk.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\foyirosi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hefayole.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\walowofu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.




Thank you SO much! It seems to be working just like normal.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-21-2009 11:06 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Open notepad and copy/paste the bold text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop
 
Code:
Killall::
Snapshot::
Mia::
c:\windows\system32\mshtml.dll
c:\windows\system32\dllcache\mshtml.dll
c:\windows\explorer.exe
c:\windows\system32\dllcache\explorer.exe
Restore::
c:\windows\system32\mshtml.dll
c:\windows\system32\dllcache\mshtml.dll
c:\windows\explorer.exe
c:\windows\system32\dllcache\explorer.exe
 
 
 
 
 
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
 
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply
 
 
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 8:40 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
I did that but I got a pop up saying that I should install a fresh version of combo fix. I clicked okay an then it showed the same command prompt as before. After that all the icons and taskbar disappeared like when you reset explorer. Then it went to the windows is shutting down screen and it's been stuck like that for at least 12 minutes if not more. What should I do now?
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-21-2009 9:11 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
So I read about all those people who do what they think is the right thing to do and it turns out to be wrong, so hopefully I didn't do anything that bad. Since the shutdown screen had been up for at least 45 minutes and the little gold line that slides from left to right to show it's working stopped moving, I manually shut it down for fear of the virus. Please tell me that won't mess up my computer too badly. :-/
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-22-2009 3:44 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Sorry to triple post, but I mrleant to ask yesterday if I should back up my most important documents while my computer's on. What do you think?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-22-2009 6:08 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Please tell me that won't mess up my computer too badly. :-/
Hopefully no. Are you able to post a new combofix log, without running CFScript ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-22-2009 4:43 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
I will try that after I'm done with class at 315. There is a chance I'll have time in between classes but if not I'll do it right when I get back after class is done at 315.

Thanks
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-22-2009 9:57 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
ComboFix 09-10-20.03 - Mitch 10/21/2009 14:18.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1567 [GMT -5:00]
Running from: c:\documents and settings\Mitch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mitch\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091011-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

Infected copy of c:\windows\system32\dllcache\mshtml.dll was found and disinfected
Restored copy from - c:\windows\XPize\Backup\mshtml.dll

c:\windows\system32\dllcache\explorer.exe was missing
Restored copy from - c:\windows\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-21 19:23 . 2007-06-13 11:26 1033216 ----a-w- c:\windows\system32\dllcache\explorer.exe
2009-10-21 19:18 . 2009-01-17 03:35 3594752 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-21 08:16 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 08:16 . 2009-10-21 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 08:16 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 07:58 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-21 01:29 . 2009-10-21 01:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2009-10-21 01:29 . 2009-10-21 01:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2009-10-20 23:26 . 2009-10-20 23:26 -------- d-----w- c:\temp\DVD_DISC
2009-10-20 22:26 . 2009-10-20 22:26 -------- d-----w- c:\program files\Digiarty
2009-10-19 22:47 . 2009-10-19 22:47 -------- d-----w- c:\documents and settings\Mitch\Application Data\GrabPro
2009-10-19 22:47 . 2009-10-21 01:06 -------- d-----w- c:\documents and settings\Mitch\Application Data\Orbit
2009-10-19 22:47 . 2009-10-19 22:47 -------- d-----w- c:\program files\Orbitdownloader
2009-10-17 07:36 . 2009-10-17 07:36 -------- d-----w- c:\documents and settings\Mitch\Application Data\DivX
2009-10-17 04:28 . 2009-09-25 16:42 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-17 04:28 . 2009-09-25 16:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-17 04:28 . 2009-10-17 04:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-17 04:28 . 2009-10-17 04:28 -------- d-----w- c:\program files\DivX
2009-10-12 05:59 . 2009-10-12 05:59 -------- d-----w- c:\program files\TaskSwitchXP
2009-10-12 05:56 . 2009-10-12 05:56 218624 ----a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-10-12 05:56 . 2009-10-12 05:59 -------- d--h--w- c:\windows\XPize
2009-10-10 20:29 . 2009-10-10 20:29 -------- d-----w- c:\documents and settings\Mitch\dwhelper
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 20:35 . 2008-08-26 05:42 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-10-22 20:35 . 2008-08-21 20:34 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-10-21 07:34 . 2008-05-31 02:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 01:25 . 2008-08-26 05:43 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-10-20 21:21 . 2008-12-02 02:03 -------- d-----w- c:\program files\FlashGet
2009-10-17 03:10 . 2009-09-16 23:57 132796 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-12 05:56 . 2004-08-10 18:51 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-02 04:29 . 2008-01-24 13:27 139339 ----a-w- c:\windows\system32\nvModes.dat
2009-10-01 05:30 . 2008-09-28 20:31 -------- d-----w- c:\program files\Student Backup
2009-09-26 20:17 . 2008-04-19 04:56 -------- d-----w- c:\documents and settings\Mitch\Application Data\Move Networks
2009-09-25 16:42 . 2006-09-14 21:13 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-09-25 16:42 . 2006-07-24 08:00 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-23 01:16 . 2009-09-22 02:31 -------- d-----w- c:\program files\Remote PC Suite
2009-09-22 01:43 . 2009-09-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-22 01:35 . 2009-09-13 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-22 01:27 . 2009-09-20 19:02 335320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-20 19:04 . 2008-01-30 02:28 196256 ----a-w- c:\documents and settings\Mitch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 19:04 . 2009-09-20 19:04 -------- d-----w- c:\program files\ManicTime
2009-09-20 19:02 . 2009-09-20 19:02 -------- d-----w- c:\program files\MSBuild
2009-09-20 19:01 . 2009-09-20 19:01 -------- d-----w- c:\program files\Reference Assemblies
2009-09-18 18:27 . 2009-09-18 18:27 -------- d-----w- c:\program files\DVD Shrink
2009-09-16 23:24 . 2008-07-17 18:06 -------- d-----w- c:\documents and settings\Mitch\Application Data\Apple Computer
2009-09-16 02:02 . 2009-04-15 03:11 -------- d-----w- c:\program files\Starcraft
2009-09-16 01:52 . 2009-09-16 01:52 967 ----a-w- c:\windows\ScUnin.pif
2009-09-16 01:52 . 2009-09-16 01:52 94208 ----a-w- c:\windows\ScUnin.exe
2009-09-16 01:52 . 2009-09-16 01:52 13044 ----a-w- c:\windows\scunin.dat
2009-09-16 00:19 . 2009-09-16 00:16 -------- d-----w- c:\documents and settings\Mitch\Application Data\ImgBurn
2009-09-15 22:28 . 2009-09-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 22:28 . 2008-11-03 16:55 -------- d-----w- c:\program files\iTunes
2009-09-15 22:27 . 2009-09-15 22:27 -------- d-----w- c:\program files\iPod
2009-09-15 22:27 . 2008-08-20 19:58 -------- d-----w- c:\program files\Common Files\Apple
2009-09-15 22:25 . 2008-04-13 02:12 -------- d-----w- c:\program files\QuickTime
2009-09-14 02:50 . 2009-08-26 02:53 -------- d-----w- c:\program files\Bonjour
2009-09-14 02:50 . 2009-09-14 02:50 -------- d-----w- c:\program files\Stanza
2009-09-14 02:49 . 2008-01-24 13:41 -------- d-----w- c:\program files\Java
2009-09-02 00:31 . 2009-09-02 00:31 -------- d-----w- c:\program files\ImgBurn
2009-08-29 00:42 . 2009-08-26 02:50 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:42 . 2008-11-03 16:51 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 23:43 . 2008-08-20 02:10 -------- d-----w- c:\documents and settings\Mitch\Application Data\Ahead
2009-08-26 02:55 . 2009-08-26 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-26 02:50 . 2008-04-13 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-17 16:10 . 2008-02-13 00:30 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-02-13 00:30 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-02-13 00:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-12-17 08:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-12-17 08:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-02-13 00:31 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-02-13 00:31 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-02-13 00:31 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-02-13 00:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 05:26 . 2009-08-17 05:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-07 00:24 . 2004-08-10 19:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 19:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-07-31 01:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 19:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 19:02 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 18:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 19:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 19:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-24 13:44 . 2008-01-24 13:44 76 --sh--r- c:\windows\CT4CET.bin
.

------- Sigcheck -------

[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3gdr\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\sp3qfe\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\mshtml.dll
[-] 2009-01-17 . F2B26B858DFAF8AF25E1490CFBD21F0D . 3496960 . . [7.00.6000.16809] . . c:\windows\system32\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\XPize\Backup\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\SoftwareDistribution\Download\962265103b0b1c225200a0c86ad8fa77\SP2GDR\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\SoftwareDistribution\Download\962265103b0b1c225200a0c86ad8fa77\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2GDR\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\f6d390a5c8cb03ef1624d5e3583de48b\SP2GDR\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\f6d390a5c8cb03ef1624d5e3583de48b\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2GDR\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mshtml.dll
[7] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-10-31 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-08-23 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll
[7] 2007-08-23 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\ie7\mshtml.dll
[7] 2007-08-22 . 591449BD8F2C8090B9259E88C78AE61D . 3058176 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB939653$\mshtml.dll
[7] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[7] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . DE8FA9CF18F95341079C7E6A215C226A . 30208 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2009-08-06 612352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 30208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-07-03 1228800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-07-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

c:\documents and settings\Mitch\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-11 59080]
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-24 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kbdnet.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
backup=c:\windows\pss\Personal Coach.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mitch^Start Menu^Programs^Startup^Palm Registration.lnk]
backup=c:\windows\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Remote PC Suite\\RemotePC.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2009 4:06 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/17/2008 3:48 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/17/2008 3:48 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2008 4:09 PM 24652]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [1/24/2008 8:20 AM 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [1/24/2008 8:20 AM 7424]
S3 cpuz130;cpuz130;\??\c:\docume~1\Mitch\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Mitch\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 951632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:06]

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-10-22 c:\windows\Tasks\User_Feed_Synchronization-{B23990F5-E3EF-4B2A-89EB-9B1FC97258C8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080124
uInternet Settings,ProxyServer = 10.10.1.10:80
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Mitch\Application Data\Mozilla\Firefox\Profiles\7z1boied.default\
FF - prefs.js: browser.startup.homepage - hxxp://minutesplease.com/
FF - plugin: c:\documents and settings\Mitch\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Mitch\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Mitch\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\HBO\HBO on Broadband\plugins\npbroadband.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 15:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1243580924-884081480-1834681411-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CE901474-3557-00BE-0B74D16C6C9B8223}\{8B1B0984-A0E2-36AE-AE0ABC7DD3EE1D9C}\{C1D3D6EB-516B-0CD4-D732D0B608CDF1EA}*]
"AXBBEZDR5GG1RHH1SV4GCUI36H1"=hex:01,00,01,00,00,00,00,00,ea,70,b2,10,82,71,5d,
44,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\SHDOCVW.dll
c:\program files\PowerMenu\PowerMenuHook.dll
c:\windows\System32\cscui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rpcnet.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF10640.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 15:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 20:47

Pre-Run: 63,316,746,240 bytes free
Post-Run: 63,267,749,888 bytes free

- - End Of File - - 859F0DFC8CF27F6DC494E2D93F6D63A4
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-22-2009 10:01 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
So I think that it worked; I turned on my computer and the ComboFix blue command prompt looking screen popped up and said it was creating a log and not to start any programs until it was finished.

It took like 10-15 minutes to do so, but then the log i just posted came up; I read what I could off of it and it looks like it ran the CFScript txt file, but that's for you to know. :)

It does seem to still be running more slowly, and firefox took a REALLY long time to close once I opened it.

Everything else looks the same, I think.

I didn't run the regular ComboFix program since it looks like it just finished up the CFScript.

Should I run the regular ComboFix program now?

I'm just going to turn my computer off until you respond.

Thanks for sticking with me!
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-23-2009 6:48 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
No need to run combofix again  smile
 
 
I´ll suggest you  check to see if there are any corrupt system files using scannow sfc.
To do this simply go to the Run box on the Start Menu and type in:
sfc /scannow
This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-23-2009 7:27 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
So I ran that, and it asked for my XP Home Edition disc, which I put in, and hten it replaced DLLCache.

Also, when I went to close Manic time (Time management program), I got this error message; It's titled Microsoft .Net Framework, and states:

Unhandled exception has occurred in a component in your application. If you click continue, the application will ignore this error and attempt to continue

Object reference not set to an instance of an object.

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
at System.Windows.Forms.NotifyIcon.ShowContextMenu()
at System.Windows.Forms.NotifyIcon.WndProc(Message& msg)
at System.Windows.Forms.NotifyIcon.NotifyIconNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///c:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
ManicTime
Assembly Version: 1.2.1.0
Win32 Version: 1.2.1.0
CodeBase: file:///C:/Program%20Files/ManicTime/ManicTime.exe
----------------------------------------
PresentationFramework
Assembly Version: 3.0.0.0
Win32 Version: 3.0.6920.1109 (lh_tools_devdiv_wpf.071009-1109)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/PresentationFramework/3.0.0.0__31bf3856ad364e35/PresentationFramework.dll
----------------------------------------
PresentationCore
Assembly Version: 3.0.0.0
Win32 Version: 3.0.6920.1109 (lh_tools_devdiv_wpf.071009-1109)
CodeBase: file:///C:/WINDOWS/assembly/GAC_32/PresentationCore/3.0.0.0__31bf3856ad364e35/PresentationCore.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
WindowsBase
Assembly Version: 3.0.0.0
Win32 Version: 3.0.6920.1109 (lh_tools_devdiv_wpf.071009-1109)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/WindowsBase/3.0.0.0__31bf3856ad364e35/WindowsBase.dll
----------------------------------------
Finkit.ManicTime.Common
Assembly Version: 1.2.1.0
Win32 Version: 1.2.1.0
CodeBase: file:///C:/Program%20Files/ManicTime/Finkit.ManicTime.Common.DLL
----------------------------------------
Finkit.ManicTime.Client.Main
Assembly Version: 1.2.1.0
Win32 Version: 1.2.1.0
CodeBase: file:///C:/Program%20Files/ManicTime/Finkit.ManicTime.Client.Main.DLL
----------------------------------------
Microsoft.Practices.Unity
Assembly Version: 1.2.0.0
Win32 Version: 1.2.0.0
CodeBase: file:///C:/Program%20Files/ManicTime/Microsoft.Practices.Unity.DLL
----------------------------------------
Microsoft.Practices.Unity.StaticFactory
Assembly Version: 1.2.0.0
Win32 Version: 1.2.0.0
CodeBase: file:///C:/Program%20Files/ManicTime/Microsoft.Practices.Unity.StaticFactory.DLL
----------------------------------------
Microsoft.Practices.ObjectBuilder2
Assembly Version: 2.2.0.0
Win32 Version: 2.2.0.0
CodeBase: file:///C:/Program%20Files/ManicTime/Microsoft.Practices.ObjectBuilder2.DLL
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.ServiceModel.Web
Assembly Version: 3.5.0.0
Win32 Version: 3.5.0594.0
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.ServiceModel.Web/3.5.0.0__31bf3856ad364e35/System.ServiceModel.Web.dll
----------------------------------------
System.ServiceModel
Assembly Version: 3.0.0.0
Win32 Version: 3.0.4506.648 (Winfxred.004506-0648)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.ServiceModel/3.0.0.0__b77a5c561934e089/System.ServiceModel.dll
----------------------------------------
Finkit.ManicTime.Server.Services.Interfaces
Assembly Version: 1.2.1.0
Win32 Version: 1.2.1.0
CodeBase: file:///C:/Program%20Files/ManicTime/Finkit.ManicTime.Server.Services.Interfaces.DLL
----------------------------------------
SMDiagnostics
Assembly Version: 3.0.0.0
Win32 Version: 3.0.4506.648 (Winfxred.004506-0648)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/SMDiagnostics/3.0.0.0__b77a5c561934e089/SMDiagnostics.dll
----------------------------------------
System.Runtime.Serialization
Assembly Version: 3.0.0.0
Win32 Version: 3.0.4506.648 (Winfxred.004506-0648)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Runtime.Serialization/3.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
----------------------------------------
System.Web
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.Web/2.0.0.0__b03f5f7f11d50a3a/System.Web.dll
----------------------------------------
System.Data.SqlServerCe
Assembly Version: 3.5.1.0
Win32 Version: 3.5.5692.0
CodeBase: file:///C:/Program%20Files/ManicTime/System.Data.SqlServerCe.DLL
----------------------------------------
System.Data
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll
----------------------------------------
System.Transactions
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.Transactions/2.0.0.0__b77a5c561934e089/System.Transactions.dll
----------------------------------------
Finkit.ManicTime.Client.Plugins
Assembly Version: 1.2.1.0
Win32 Version: 1.2.1.0
CodeBase: file:///C:/Program%20Files/ManicTime/Finkit.ManicTime.Client.Plugins.DLL
----------------------------------------
Finkit.ManicTime.Tracker.Services
Assembly Version: 1.2.1.0
Win32 Version: 1.2.1.0
CodeBase: file:///C:/Program%20Files/ManicTime/Finkit.ManicTime.Tracker.Services.DLL
----------------------------------------
System.Core
Assembly Version: 3.5.0.0
Win32 Version: 3.5.21022.8 built by: RTM
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.IdentityModel
Assembly Version: 3.0.0.0
Win32 Version: 3.0.4506.648 (Winfxred.004506-0648)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.IdentityModel/3.0.0.0__b77a5c561934e089/System.IdentityModel.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.EnterpriseServices
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.dll
----------------------------------------
g2dqlcpb
Assembly Version: 1.2.1.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Data.Linq
Assembly Version: 3.5.0.0
Win32 Version: 3.5.21022.8
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Data.Linq/3.5.0.0__b77a5c561934e089/System.Data.Linq.dll
----------------------------------------
Anonymously Hosted DynamicMethods Assembly
Assembly Version: 0.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_32/mscorlib/2.0.0.0__b77a5c561934e089/mscorlib.dll
----------------------------------------
System.Xml.Linq
Assembly Version: 3.5.0.0
Win32 Version: 3.5.21022.8 built by: RTM
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml.Linq/3.5.0.0__b77a5c561934e089/System.Xml.Linq.dll
----------------------------------------
Accessibility
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------
PresentationFramework.Luna
Assembly Version: 3.0.0.0
Win32 Version: 3.0.6920.1109 (lh_tools_devdiv_wpf.071009-1109)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/PresentationFramework.Luna/3.0.0.0__31bf3856ad364e35/PresentationFramework.Luna.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-23-2009 7:57 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Ok. Look here:
http://msdn.microsoft.com/en-us/library/k8kf6y2a(VS.80).aspx

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-23-2009 4:13 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
So I looked at that website. Should I disable it or do you think it may have been an isolated incident?

So besides that, is is my computer fixed?

Thank you! :)
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-24-2009 11:02 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
I turned on my computer to see if I could write a paper and the little windows security center taskbar icon gave me a tooltip (the little speech bubble thing) that said something about antivirus, but it was seemed like it was just gibberish besides antivirus; gibberish was even at the end of antivirus, making it nonsense.

What issue do you think I have now?
Back to Top
 

durojaiyedaudi
New Member


Date Joined Oct 2009
Total Posts : 17
  		   Posted 10-24-2009 11:03 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
oh, and I just turned off my computer when that tooltip popped up.
Back to Top
 

miltonhork
New Member


Date Joined Oct 2009
Total Posts : 3
  		   Posted 10-26-2009 1:43 (GMT +1)    Quote: Virus.Win32.Gpcode.akAlert an admin about: Virus.Win32.Gpcode.ak
Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak. Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers.

fathers day

Back to Top
 
New Topic Post reply to : Virus.Win32.Gpcode.ak Printable version of : Virus.Win32.Gpcode.ak
 
Forum Information
Currently it is Saturday, November 21, 2009 6:03 AM (GMT +1)
There are a total of 73.023 posts in 17.111 threads.
In the last 3 days there were 9 new threads and 75 reply posts. View Active Threads
Who's Online
This forum has 30331 registered members. Please welcome our newest member, bigpapa97.
43 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Please help with Redirecting and virus scan virus (0)21-11-2009 04:02:23 (bigpapa97)
Help Needed...Win32.Trojan (13)21-11-2009 03:53:58 (manutd83)
Cannot install anti-virus softeware or do window updates... need help (16)21-11-2009 02:44:45 (Touch)
How to remove VBS:Malware-gen virus??? (4)20-11-2009 22:26:03 (DarkPrincess)
Unable to start COM+ Event, BITs and Windows Update on Win2000 (13)20-11-2009 22:10:54 (sjrsquared)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard