Hello,
Locating ComboFix Log
- Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
- Click on Explore
- Click on Local Disk (C:) in the left-hand window pane
- Click on Qoobox in the left-hand window pane
- Look for ComboFix2.txt in the right-hand window pane and right click on it
- Put your cursor (arrow) on Open With
- Move your cursor to the new menu that opens and click on Choose Program...
- Click on Notepad
When file opens, Copy/Paste text here.
Repeat the above process for locating ComboFix2.txt, ComboFix3.txt, and ComboFix4.txt logs, and attach them in your next reply.
NEXT:
Add/Remove Programs
I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:
C:\Qoobox\Add-Remove Programs.txt
A text file should open. Post the contents of that file in your next reply.
ComboFix 10-08-08.03 - Palladium Tan 08/09/2010 11:22:36.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2001 [GMT -5:00]
Running from: c:\documents and settings\Palladium Tan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\gotomon.log
.
---- Previous Run -------
.
c:\windows\system32\gotomon.log
.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.
2010-08-07 01:34 . 2010-08-07 01:34 -------- d-----w- c:\program files\CCleaner
2010-08-06 22:27 . 2010-08-09 15:00 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-06 22:26 . 2010-08-07 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-06 22:26 . 2010-08-06 22:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 20:26 . 2010-08-06 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 16:51 . 2010-08-06 16:51 388096 ------r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-05 23:43 . 2010-08-05 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-08-05 23:42 . 2010-08-06 15:44 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-08-05 14:30 . 2010-08-05 14:30 -------- d-----w- c:\program files\Trend Micro
2010-08-05 02:40 . 2010-08-05 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-05 02:35 . 2010-08-05 02:39 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\GetRightToGo
2010-08-05 01:23 . 2010-08-05 01:23 503808 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcp71.dll
2010-08-05 01:23 . 2010-08-05 01:23 499712 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\jmc.dll
2010-08-05 01:23 . 2010-08-05 01:23 348160 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcr71.dll
2010-08-05 01:23 . 2010-08-05 01:23 61440 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-sse.dll
2010-08-05 01:23 . 2010-08-05 01:23 12800 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-d3d.dll
2010-08-05 01:23 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-28 16:53 . 2010-07-28 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-28 16:46 . 2010-07-28 17:34 104247 ----a-w- c:\windows\hpoins04.dat
2010-07-28 16:46 . 2004-06-22 15:04 17176 ------w- c:\windows\hpomdl04.dat
2010-07-28 16:45 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-07-28 16:45 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-07-28 16:23 . 2010-07-28 16:23 -------- d-----w- c:\temp\FixEngine
2010-07-28 16:23 . 2010-07-28 16:23 10134 ------r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-07-28 16:10 . 2010-07-28 16:10 -------- d-----w- c:\program files\Common Files\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 16:19 . 2005-02-27 23:58 -------- d-----w- c:\program files\PCCW
2010-08-05 13:43 . 2008-06-11 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 01:23 . 2005-01-08 03:09 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 01:23 . 2005-01-08 03:09 -------- d-----w- c:\program files\Java
2010-08-04 14:01 . 2006-11-17 20:04 -------- d-----w- c:\program files\PokerStars
2010-07-28 16:53 . 2005-01-22 03:54 -------- d-----w- c:\program files\HP
2010-07-07 19:38 . 2010-07-07 19:38 137216 ------w- c:\documents and settings\All Users\Application Data\WorldWinner\shared\fmod.dll
2010-07-07 19:38 . 2010-07-07 19:38 339968 ------w- c:\documents and settings\All Users\Application Data\WorldWinner\dealornodeal\dealornodeal.dll
2010-07-07 19:38 . 2010-07-07 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner
2010-07-01 02:59 . 2009-10-27 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-22 14:38 . 2009-05-08 16:00 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 14:38 . 2010-06-22 14:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 14:37 . 2009-05-08 16:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-11 18:46 . 2007-12-29 15:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 18:20 . 2010-06-11 18:20 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\ElevatedDiagnostics
2010-05-31 14:49 . 2008-05-25 15:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
1998-05-15 05:00 . 2005-02-27 23:58 73184 -c--a-w- c:\program files\Common Files\dao2535.tlb
1998-04-27 05:00 . 2005-02-27 23:58 570128 ----a-w- c:\program files\Common Files\Dao350.dll
2002-08-01 00:55 . 2009-10-16 20:39 108 -csh--w- c:\windows\WSYS049.SYS
2005-04-10 17:36 . 2005-02-01 02:30 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-24 22:05 . 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\bak\smax4pnp.exe
2007-03-24 22:05 . 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe
2005-01-08 03:10 . 2004-08-25 18:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
2007-01-30 21:57 . 2007-01-12 23:45 249904 c:\program files\Citrix\GoToMyPC\bak\g2svc.exe
2008-04-09 12:43 . 2007-06-20 16:09 258856 c:\program files\Citrix\GoToMyPC\g2svc.exe
2004-05-28 02:05 . 2005-10-14 04:26 69632 c:\program files\Common Files\Dell\EUSW\bak\Support.exe
2004-01-07 07:01 . 2004-01-07 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
2006-03-08 17:23 . 2007-12-20 04:06 579072 c:\program files\Grisoft\AVG7\bak\avgcc.exe
2005-12-05 17:23 . 2007-12-20 04:06 406528 c:\program files\Grisoft\AVG7\bak\avgemc.exe
2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2004-02-12 18:38 . 2004-02-12 18:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
2005-01-08 03:10 . 2004-06-29 17:23 135168 c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe
2007-07-22 14:30 . 2007-07-12 09:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
2002-08-14 20:21 . 2002-08-14 20:21 94208 c:\program files\Symantec\Norton Ghost 2003\bak\GhostStartTrayApp.exe
2004-06-21 02:45 . 2005-08-07 01:45 974848 c:\program files\UltraVNC\bak\WinVNC.exe
2004-08-04 11:00 . 2004-08-04 11:00 15360 c:\windows\SYSTEM32\bak\ctfmon.exe
2004-08-04 11:00 . 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe
2005-02-27 23:49 . 2004-08-03 22:06 188416 c:\windows\SYSTEM32\bak\ESDUSBMon.exe
2005-01-08 03:13 . 2004-08-13 07:05 122939 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 258856]
"DXDllRegExe"="c:\windows\system32\dxdllreg.exe" [N/A]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-06 6289216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-06-20 16:09 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\PCCW\\Pccw.exe"=
"c:\\WINDOWS\\SYSTEM32\\FTP.EXE"=
"c:\\Program Files\\Nichesoft\\TanTrack\\TanTrack.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Citrix\\GoToMyPC\\g2svc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/8/2009 11:00 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/8/2009 11:00 AM 243024]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/22/2010 9:37 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 9:38 AM 308136]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\SYSTEM32\DRIVERS\ESDPDX01.SYS [12/25/2003 1:00 PM 95485]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [4/12/2006 4:36 AM 23552]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\SYSTEM32\DRIVERS\TMUSBXP.SYS [12/27/2003 1:00 AM 40320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 MagEpNt;MagEpNt;c:\windows\SYSTEM32\DRIVERS\magepnt.sys [2/27/2005 6:58 PM 26304]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?r998=1239739352
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--fd864c10-f423-45bb-8447-230cc71ef3c3/online/diner_dash/en/DinerDash.1.0.0.80.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-09 11:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\netdde.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\EpStsSrv.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\OpenVPN\bin\openvpnserv.exe
c:\program files\OpenVPN\bin\openvpn.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\fxssvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-09 11:32:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 16:32
ComboFix2.txt 2010-08-07 02:10
ComboFix3.txt 2010-08-07 00:56
ComboFix4.txt 2010-08-05 23:14
Pre-Run: 57,212,403,712 bytes free
Post-Run: 57,249,284,096 bytes free
- - End Of File - - 11B65E136948F60757738BD92A1EF86A
ComboFix 10-08-06.01 - Palladium Tan 08/06/2010 21:00:26.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2032 [GMT -5:00]
Running from: c:\documents and settings\Palladium Tan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\gotomon.log
.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.
2010-08-07 01:34 . 2010-08-07 01:34 -------- d-----w- c:\program files\CCleaner
2010-08-06 22:27 . 2010-08-07 00:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-06 22:26 . 2010-08-07 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-06 22:26 . 2010-08-06 22:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 20:26 . 2010-08-06 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 16:51 . 2010-08-06 16:51 388096 ----a-r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-05 23:43 . 2010-08-05 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-08-05 23:42 . 2010-08-06 15:44 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-08-05 14:30 . 2010-08-05 14:30 -------- d-----w- c:\program files\Trend Micro
2010-08-05 02:40 . 2010-08-05 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-05 02:35 . 2010-08-05 02:39 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\GetRightToGo
2010-08-05 01:23 . 2010-08-05 01:23 503808 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcp71.dll
2010-08-05 01:23 . 2010-08-05 01:23 499712 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\jmc.dll
2010-08-05 01:23 . 2010-08-05 01:23 348160 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcr71.dll
2010-08-05 01:23 . 2010-08-05 01:23 61440 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-sse.dll
2010-08-05 01:23 . 2010-08-05 01:23 12800 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-d3d.dll
2010-08-05 01:23 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-28 16:53 . 2010-07-28 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-28 16:46 . 2010-07-28 17:34 104247 ----a-w- c:\windows\hpoins04.dat
2010-07-28 16:46 . 2004-06-22 15:04 17176 ------w- c:\windows\hpomdl04.dat
2010-07-28 16:45 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-07-28 16:45 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-07-28 16:23 . 2010-07-28 16:23 -------- d-----w- c:\temp\FixEngine
2010-07-28 16:23 . 2010-07-28 16:23 10134 ----a-r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-07-28 16:10 . 2010-07-28 16:10 -------- d-----w- c:\program files\Common Files\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 01:59 . 2005-02-27 23:58 -------- d-----w- c:\program files\PCCW
2010-08-05 13:43 . 2008-06-11 13:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 01:23 . 2005-01-08 03:09 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 01:23 . 2005-01-08 03:09 -------- d-----w- c:\program files\Java
2010-08-04 14:01 . 2006-11-17 20:04 -------- d-----w- c:\program files\PokerStars
2010-07-28 16:53 . 2005-01-22 03:54 -------- d-----w- c:\program files\HP
2010-07-07 19:38 . 2010-07-07 19:38 137216 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\shared\fmod.dll
2010-07-07 19:38 . 2010-07-07 19:38 339968 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\dealornodeal\dealornodeal.dll
2010-07-07 19:38 . 2010-07-07 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner
2010-07-01 02:59 . 2009-10-27 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-22 14:38 . 2009-05-08 16:00 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 14:38 . 2010-06-22 14:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 14:37 . 2009-05-08 16:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-11 18:46 . 2007-12-29 15:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 18:20 . 2010-06-11 18:20 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\ElevatedDiagnostics
2010-05-31 14:49 . 2008-05-25 15:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
1998-05-15 05:00 . 2005-02-27 23:58 73184 -c--a-w- c:\program files\Common Files\dao2535.tlb
1998-04-27 05:00 . 2005-02-27 23:58 570128 ----a-w- c:\program files\Common Files\Dao350.dll
2002-08-01 00:55 . 2009-10-16 20:39 108 -csh--w- c:\windows\WSYS049.SYS
2005-04-10 17:36 . 2005-02-01 02:30 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-24 22:05 . 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\bak\smax4pnp.exe
2007-03-24 22:05 . 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe
2005-01-08 03:10 . 2004-08-25 18:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
2007-01-30 21:57 . 2007-01-12 23:45 249904 c:\program files\Citrix\GoToMyPC\bak\g2svc.exe
2008-04-09 12:43 . 2007-06-20 16:09 258856 c:\program files\Citrix\GoToMyPC\g2svc.exe
2004-05-28 02:05 . 2005-10-14 04:26 69632 c:\program files\Common Files\Dell\EUSW\bak\Support.exe
2004-01-07 07:01 . 2004-01-07 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
2006-03-08 17:23 . 2007-12-20 04:06 579072 c:\program files\Grisoft\AVG7\bak\avgcc.exe
2005-12-05 17:23 . 2007-12-20 04:06 406528 c:\program files\Grisoft\AVG7\bak\avgemc.exe
2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2004-02-12 18:38 . 2004-02-12 18:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
2005-01-08 03:10 . 2004-06-29 17:23 135168 c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe
2007-07-22 14:30 . 2007-07-12 09:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
2002-08-14 20:21 . 2002-08-14 20:21 94208 c:\program files\Symantec\Norton Ghost 2003\bak\GhostStartTrayApp.exe
2004-06-21 02:45 . 2005-08-07 01:45 974848 c:\program files\UltraVNC\bak\WinVNC.exe
2004-08-04 11:00 . 2004-08-04 11:00 15360 c:\windows\SYSTEM32\bak\ctfmon.exe
2004-08-04 11:00 . 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe
2005-02-27 23:49 . 2004-08-03 22:06 188416 c:\windows\SYSTEM32\bak\ESDUSBMon.exe
2005-01-08 03:13 . 2004-08-13 07:05 122939 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 258856]
"DXDllRegExe"="c:\windows\system32\dxdllreg.exe" [N/A]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-06 6289216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-06-20 16:09 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\PCCW\\Pccw.exe"=
"c:\\WINDOWS\\SYSTEM32\\FTP.EXE"=
"c:\\Program Files\\Nichesoft\\TanTrack\\TanTrack.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Citrix\\GoToMyPC\\g2svc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/8/2009 11:00 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/8/2009 11:00 AM 243024]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/22/2010 9:37 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 9:38 AM 308136]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\SYSTEM32\DRIVERS\ESDPDX01.SYS [12/25/2003 1:00 PM 95485]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [4/12/2006 4:36 AM 23552]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\SYSTEM32\DRIVERS\TMUSBXP.SYS [12/27/2003 1:00 AM 40320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 MagEpNt;MagEpNt;c:\windows\SYSTEM32\DRIVERS\magepnt.sys [2/27/2005 6:58 PM 26304]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?r998=1239739352
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--fd864c10-f423-45bb-8447-230cc71ef3c3/online/diner_dash/en/DinerDash.1.0.0.80.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-06 21:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
- - - - - - - > 'explorer.exe'(284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\netdde.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\EpStsSrv.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\OpenVPN\bin\openvpnserv.exe
c:\program files\OpenVPN\bin\openvpn.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\fxssvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-06 21:10:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 02:10
ComboFix2.txt 2010-08-07 00:56
ComboFix3.txt 2010-08-05 23:14
Pre-Run: 57,444,413,440 bytes free
Post-Run: 57,457,930,240 bytes free
- - End Of File - - EFD475ECCDE6FD378884086400679808
ComboFix 10-08-06.01 - Palladium Tan 08/06/2010 19:46:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2033 [GMT -5:00]
Running from: c:\documents and settings\Palladium Tan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\gotomon.log
.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.
2010-08-06 22:27 . 2010-08-07 00:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-06 22:26 . 2010-08-07 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-06 22:26 . 2010-08-06 22:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 20:26 . 2010-08-06 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 16:51 . 2010-08-06 16:51 388096 ----a-r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-05 23:43 . 2010-08-05 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-08-05 23:42 . 2010-08-06 15:44 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-08-05 14:30 . 2010-08-05 14:30 -------- d-----w- c:\program files\Trend Micro
2010-08-05 02:40 . 2010-08-05 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-05 02:35 . 2010-08-05 02:39 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\GetRightToGo
2010-08-05 01:23 . 2010-08-05 01:23 503808 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcp71.dll
2010-08-05 01:23 . 2010-08-05 01:23 499712 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\jmc.dll
2010-08-05 01:23 . 2010-08-05 01:23 348160 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcr71.dll
2010-08-05 01:23 . 2010-08-05 01:23 61440 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-sse.dll
2010-08-05 01:23 . 2010-08-05 01:23 12800 ----a-w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-d3d.dll
2010-08-05 01:23 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-28 16:53 . 2010-07-28 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-28 16:46 . 2010-07-28 17:34 104247 ----a-w- c:\windows\hpoins04.dat
2010-07-28 16:46 . 2004-06-22 15:04 17176 ------w- c:\windows\hpomdl04.dat
2010-07-28 16:45 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-07-28 16:45 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-07-28 16:23 . 2010-07-28 16:23 -------- d-----w- c:\temp\FixEngine
2010-07-28 16:23 . 2010-07-28 16:23 10134 ----a-r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-07-28 16:10 . 2010-07-28 16:10 -------- d-----w- c:\program files\Common Files\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 00:37 . 2005-02-27 23:58 -------- d-----w- c:\program files\PCCW
2010-08-05 13:43 . 2008-06-11 13:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 01:23 . 2005-01-08 03:09 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 01:23 . 2005-01-08 03:09 -------- d-----w- c:\program files\Java
2010-08-04 14:01 . 2006-11-17 20:04 -------- d-----w- c:\program files\PokerStars
2010-07-28 16:53 . 2005-01-22 03:54 -------- d-----w- c:\program files\HP
2010-07-07 19:38 . 2010-07-07 19:38 137216 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\shared\fmod.dll
2010-07-07 19:38 . 2010-07-07 19:38 339968 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\dealornodeal\dealornodeal.dll
2010-07-07 19:38 . 2010-07-07 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner
2010-07-01 02:59 . 2009-10-27 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-22 14:38 . 2009-05-08 16:00 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 14:38 . 2010-06-22 14:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 14:37 . 2009-05-08 16:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-11 18:46 . 2007-12-29 15:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 18:20 . 2010-06-11 18:20 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\ElevatedDiagnostics
2010-05-31 14:49 . 2008-05-25 15:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
1998-05-15 05:00 . 2005-02-27 23:58 73184 -c--a-w- c:\program files\Common Files\dao2535.tlb
1998-04-27 05:00 . 2005-02-27 23:58 570128 ----a-w- c:\program files\Common Files\Dao350.dll
2002-08-01 00:55 . 2009-10-16 20:39 108 -csh--w- c:\windows\WSYS049.SYS
2005-04-10 17:36 . 2005-02-01 02:30 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-24 22:05 . 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\bak\smax4pnp.exe
2007-03-24 22:05 . 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe
2005-01-08 03:10 . 2004-08-25 18:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
2007-01-30 21:57 . 2007-01-12 23:45 249904 c:\program files\Citrix\GoToMyPC\bak\g2svc.exe
2008-04-09 12:43 . 2007-06-20 16:09 258856 c:\program files\Citrix\GoToMyPC\g2svc.exe
2004-05-28 02:05 . 2005-10-14 04:26 69632 c:\program files\Common Files\Dell\EUSW\bak\Support.exe
2004-01-07 07:01 . 2004-01-07 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
2006-03-08 17:23 . 2007-12-20 04:06 579072 c:\program files\Grisoft\AVG7\bak\avgcc.exe
2005-12-05 17:23 . 2007-12-20 04:06 406528 c:\program files\Grisoft\AVG7\bak\avgemc.exe
2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2004-02-12 18:38 . 2004-02-12 18:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
2005-01-08 03:10 . 2004-06-29 17:23 135168 c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe
2007-07-22 14:30 . 2007-07-12 09:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
2002-08-14 20:21 . 2002-08-14 20:21 94208 c:\program files\Symantec\Norton Ghost 2003\bak\GhostStartTrayApp.exe
2004-06-21 02:45 . 2005-08-07 01:45 974848 c:\program files\UltraVNC\bak\WinVNC.exe
2004-08-04 11:00 . 2004-08-04 11:00 15360 c:\windows\SYSTEM32\bak\ctfmon.exe
2004-08-04 11:00 . 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe
2005-02-27 23:49 . 2004-08-03 22:06 188416 c:\windows\SYSTEM32\bak\ESDUSBMon.exe
2005-01-08 03:13 . 2004-08-13 07:05 122939 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 258856]
"DXDllRegExe"="c:\windows\system32\dxdllreg.exe" [N/A]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-06 6289216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-06-20 16:09 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\PCCW\\Pccw.exe"=
"c:\\WINDOWS\\SYSTEM32\\FTP.EXE"=
"c:\\Program Files\\Nichesoft\\TanTrack\\TanTrack.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Citrix\\GoToMyPC\\g2svc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/8/2009 11:00 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/8/2009 11:00 AM 243024]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/22/2010 9:37 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 9:38 AM 308136]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\SYSTEM32\DRIVERS\ESDPDX01.SYS [12/25/2003 1:00 PM 95485]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [4/12/2006 4:36 AM 23552]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\SYSTEM32\DRIVERS\TMUSBXP.SYS [12/27/2003 1:00 AM 40320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 MagEpNt;MagEpNt;c:\windows\SYSTEM32\DRIVERS\magepnt.sys [2/27/2005 6:58 PM 26304]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?r998=1239739352
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--fd864c10-f423-45bb-8447-230cc71ef3c3/online/diner_dash/en/DinerDash.1.0.0.80.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-06 19:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
- - - - - - - > 'explorer.exe'(1036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\netdde.exe
c:\windows\system32\EpStsSrv.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\OpenVPN\bin\openvpnserv.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\OpenVPN\bin\openvpn.exe
c:\windows\system32\fxssvc.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-06 19:56:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 00:56
ComboFix2.txt 2010-08-05 23:14
Pre-Run: 57,376,219,136 bytes free
Post-Run: 57,397,305,344 bytes free
- - End Of File - - 0418D29E1A29B43F5EAB84618C4848CA
5500
5500_Help
5500Tour
5500Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
AiO_Scan
AiOSoftware
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Banctec Service Agreement
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
BufferChm
CCleaner
Citrix ICA Web Client
Compatibility Pack for the 2007 Office system
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Support
Dell Support 5.0.0 (766)
Dell System Restore
Destinations
Director
DocProc
DocumentViewer
DynDNS Updater 3.0
EPSON Advanced Printer Driver 3
Fax
FormViewer
GCalc 3 Beta
GdiplusUpgrade
GoToMyPC
HiJackThis
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP Driver Diagnostics
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPODiscovery
HPSystemDiagnostics
InstantShare
Intel Application Accelerator
Intellisync® for Yahoo!
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_06
Java Auto Updater
Java 6 Update 21
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Move Networks Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Need2Find Bar
NETGEAR ProSafe Firewall Router
Norton Ghost
OGA Notifier 2.0.0048.0
OpenVPN 2.0.7
overland
PCCharge Pro
PhotoGallery
PokerStars
PrintScreen
ProductContext
QFolder
QuickProjects
Readme
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SkinsHP1
SkinsHP2
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
SupportSoft Assisted Service
TrayApp
UltraVNC v1.0.1
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell 1.0
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! Toolbar
Yontoo Layers Client for Internet Explorer 1.02.04