Hello,
ComboFix Script
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
- They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:
Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:
Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')
KillAll::
AWF::
c:\program files\Analog Devices\Core\bak\smax4pnp.exe
c:\program files\Citrix\GoToMyPC\bak\g2svc.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
Suspect::[100]
c:\windows\Installer\1f05f7.msi
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')
Save this file to your desktop, Save this as "CFScript"
Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you.
- Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 10-08-15.04 - Palladium Tan 08/16/2010 14:15:50.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1996 [GMT -5:00]
Running from: c:\documents and settings\Palladium Tan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Palladium Tan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
file zipped: c:\windows\Installer\1f05f7.msi
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\gotomon.log
.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.
2010-08-16 15:17 . 2010-08-16 15:17 -------- d-----w- c:\documents and settings\Palladium Tan\Local Settings\Application Data\PCHealth
2010-08-15 17:14 . 2010-08-15 17:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\DroidExplorer
2010-08-15 17:13 . 2010-08-15 17:13 1868800 ----a-r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{4B745BD6-9AEE-49CF-9DA3-B1BEF136AD71}\AppIcon.exe
2010-08-15 17:13 . 2010-08-15 17:14 -------- d-----w- c:\program files\Droid Explorer
2010-08-15 14:44 . 2010-08-15 14:45 -------- d-----w- c:\documents and settings\Palladium Tan\Local Settings\Application Data\Temp
2010-08-14 01:48 . 2010-08-14 01:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-13 15:09 . 2010-08-13 15:09 -------- d-----w- c:\documents and settings\Palladium Tan\DoctorWeb
2010-08-13 01:02 . 2010-08-13 01:02 -------- d-----w- c:\documents and settings\Palladium Tan\Local Settings\Application Data\VS Revo Group
2010-08-13 01:02 . 2009-12-30 17:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-08-13 01:02 . 2010-08-13 01:02 -------- d-----w- c:\program files\VS Revo Group
2010-08-12 18:24 . 2010-08-12 18:24 -------- d-----w- C:\_OTL
2010-08-07 01:34 . 2010-08-07 01:34 -------- d-----w- c:\program files\CCleaner
2010-08-06 22:27 . 2010-08-13 20:21 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-06 22:26 . 2010-08-07 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-06 22:26 . 2010-08-06 22:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 20:26 . 2010-08-06 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 20:26 . 2010-08-06 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 20:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 16:51 . 2010-08-06 16:51 388096 ------r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-05 23:43 . 2010-08-05 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-08-05 23:42 . 2010-08-06 15:44 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-08-05 14:30 . 2010-08-05 14:30 -------- d-----w- c:\program files\Trend Micro
2010-08-05 02:40 . 2010-08-05 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-05 02:35 . 2010-08-05 02:39 -------- d-----w- c:\documents and settings\Palladium Tan\Application Data\GetRightToGo
2010-08-05 01:23 . 2010-08-05 01:23 503808 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcp71.dll
2010-08-05 01:23 . 2010-08-05 01:23 499712 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\jmc.dll
2010-08-05 01:23 . 2010-08-05 01:23 348160 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-56bf27ec-n\msvcr71.dll
2010-08-05 01:23 . 2010-08-05 01:23 61440 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-sse.dll
2010-08-05 01:23 . 2010-08-05 01:23 12800 ------w- c:\documents and settings\Palladium Tan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc3e528-n\decora-d3d.dll
2010-08-05 01:23 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-28 16:53 . 2010-07-28 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-28 16:46 . 2010-07-28 17:34 104247 ----a-w- c:\windows\hpoins04.dat
2010-07-28 16:46 . 2004-06-22 15:04 17176 ------w- c:\windows\hpomdl04.dat
2010-07-28 16:45 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-07-28 16:45 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-07-28 16:23 . 2010-07-28 16:23 -------- d-----w- c:\temp\FixEngine
2010-07-28 16:23 . 2010-07-28 16:23 10134 ------r- c:\documents and settings\Palladium Tan\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-07-28 16:10 . 2010-07-28 16:10 -------- d-----w- c:\program files\Common Files\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 19:14 . 2005-02-27 23:58 -------- d-----w- c:\program files\PCCW
2010-08-16 15:50 . 2005-02-08 13:19 -------- d-----w- c:\program files\Yahoo!
2010-08-14 01:48 . 2006-11-17 20:04 -------- d-----w- c:\program files\PokerStars
2010-08-13 15:39 . 2005-02-07 15:44 -------- d-----w- c:\program files\UltraVNC
2010-08-11 15:24 . 2005-01-08 03:09 -------- d-----w- c:\program files\Java
2010-08-05 13:43 . 2008-06-11 13:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 01:23 . 2005-01-08 03:09 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 16:53 . 2005-01-22 03:54 -------- d-----w- c:\program files\HP
2010-07-07 19:38 . 2010-07-07 19:38 137216 ------w- c:\documents and settings\All Users\Application Data\WorldWinner\shared\fmod.dll
2010-07-07 19:38 . 2010-07-07 19:38 339968 ------w- c:\documents and settings\All Users\Application Data\WorldWinner\dealornodeal\dealornodeal.dll
2010-07-07 19:38 . 2010-07-07 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner
2010-07-01 02:59 . 2009-10-27 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-30 12:31 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 14:38 . 2009-05-08 16:00 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 14:38 . 2010-06-22 14:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 14:37 . 2009-05-08 16:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 15:27 . 2004-08-04 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-31 14:49 . 2008-05-25 15:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
1998-05-15 05:00 . 2005-02-27 23:58 73184 -c--a-w- c:\program files\Common Files\dao2535.tlb
1998-04-27 05:00 . 2005-02-27 23:58 570128 ----a-w- c:\program files\Common Files\Dao350.dll
2002-08-01 00:55 . 2009-10-16 20:39 108 -csh--w- c:\windows\WSYS049.SYS
2005-04-10 17:36 . 2005-02-01 02:30 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-24 22:05 . 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\bak\smax4pnp.exe
2007-03-24 22:05 . 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe
2007-01-30 21:57 . 2007-01-12 23:45 249904 c:\program files\Citrix\GoToMyPC\bak\g2svc.exe
2008-04-09 12:43 . 2007-06-20 16:09 258856 c:\program files\Citrix\GoToMyPC\g2svc.exe
2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2004-02-12 18:38 . 2004-02-12 18:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
2006-03-08 17:23 . 2007-12-20 04:06 579072 c:\qoobox\Quarantine\C\Program Files\Grisoft\AVG7\bak\avgcc.exe.vir
2005-12-05 17:23 . 2007-12-20 04:06 406528 c:\qoobox\Quarantine\C\Program Files\Grisoft\AVG7\bak\avgemc.exe.vir
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Palladium Tan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-15 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 258856]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-06-20 16:09 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\PCCW\\Pccw.exe"=
"c:\\WINDOWS\\SYSTEM32\\FTP.EXE"=
"c:\\Program Files\\Nichesoft\\TanTrack\\TanTrack.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Citrix\\GoToMyPC\\g2svc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/8/2009 11:00 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/8/2009 11:00 AM 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/22/2010 9:37 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 9:38 AM 308136]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\SYSTEM32\DRIVERS\ESDPDX01.SYS [12/25/2003 1:00 PM 95485]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [4/12/2006 4:36 AM 23552]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\SYSTEM32\DRIVERS\TMUSBXP.SYS [12/27/2003 1:00 AM 40320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [8/1/2010 12:20 PM 253952]
S3 MagEpNt;MagEpNt;c:\windows\SYSTEM32\DRIVERS\magepnt.sys [2/27/2005 6:58 PM 26304]
S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [8/12/2010 8:02 PM 27064]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558789043-3926735607-631273063-1005Core.job
- c:\documents and settings\Palladium Tan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-15 14:44]
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558789043-3926735607-631273063-1005UA.job
- c:\documents and settings\Palladium Tan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-15 14:44]
2010-08-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?r998=1239739352
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--fd864c10-f423-45bb-8447-230cc71ef3c3/online/diner_dash/en/DinerDash.1.0.0.80.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-16 14:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\netdde.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\EpStsSrv.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\OpenVPN\bin\openvpnserv.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\OpenVPN\bin\openvpn.exe
c:\windows\system32\ESDUSBMon.EXE
c:\windows\system32\fxssvc.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-16 14:24:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 19:24
ComboFix2.txt 2010-08-16 18:49
ComboFix3.txt 2010-08-11 14:57
ComboFix4.txt 2010-08-11 14:15
ComboFix5.txt 2010-08-16 19:14
Pre-Run: 55,088,705,536 bytes free
Post-Run: 55,120,564,224 bytes free
- - End Of File - - CCD55D30FEC7F165C777C17EBB3A8C12