Hi Dan, thanks again for all of your help. I appreciate your time and effort. Below is the information you requested:
1. Jotti File Analysis (all 3 files scanned and passed with no abnormalities)
C:\WINDOWS\system32\649B6611F4.sys
C:\WINDOWS\system32\whawfbkn.ini
C:\WINDOWS\system32\MRT.INI
======================================================
2. ComboFix
ComboFix 08-03-18.1 - Kevin 2008-03-21 0:07:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -7:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\system32\dr6
C:\WINDOWS\system32\ech5
C:\WINDOWS\system32\lows8
C:\WINDOWS\system32\MCROSO~1\nopdb.exe
C:\WINDOWS\system32\sbc2
C:\WINDOWS\system32\typ2
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.
2008-03-19 19:41 . 2008-03-21 00:04 <DIR> d-------- C:\Program Files\CPV
2008-03-19 19:21 . 2008-03-19 19:21 <DIR> d-------- C:\Program Files\CCleaner
2008-03-12 20:05 . 2008-03-13 20:14 1,320,173 ---hs---- C:\WINDOWS\system32\whawfbkn.ini
2008-03-12 01:15 . 2008-03-12 01:15 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 00:55 . 2008-03-19 19:26 <DIR> d-------- C:\Program Files\nvcoi
2008-03-11 00:56 . 2008-03-11 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-11 00:51 . 2008-03-11 00:55 <DIR> d-------- C:\Program Files\Dell Support Center
2008-03-11 00:51 . 2008-03-11 00:51 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-10 23:57 . 2008-03-10 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-10 23:56 . 2008-03-10 23:56 <DIR> d-------- C:\WINDOWS\system32\typ2
2008-03-10 23:56 . 2008-03-11 00:01 <DIR> d-------- C:\WINDOWS\system32\sbc2
2008-03-10 23:56 . 2008-03-10 23:56 <DIR> d-------- C:\WINDOWS\system32\lows8
2008-03-10 23:56 . 2008-03-10 23:56 <DIR> d-------- C:\WINDOWS\system32\ech5
2008-03-10 23:56 . 2008-03-10 23:56 <DIR> d-------- C:\WINDOWS\system32\dr6
2008-03-10 23:56 . 2008-03-19 19:48 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 06:24 --------- d-----w C:\Program Files\Viewpoint
2008-03-21 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-20 02:54 --------- d-----w C:\Program Files\Windows Plus
2008-03-11 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-25 05:30 88 --sh--r C:\WINDOWS\system32\649B6611F4.sys
2007-10-25 05:30 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24 20480]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2005-08-15 17:38 20553]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49 4670968]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 08:09 171464]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 00:38 7118848]
"nwiz"="nwiz.exe" [2005-12-15 00:38 1519616 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 02:56 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 09:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 09:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 19:35 397312 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 08:44 839680]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 14:30 823362]
"HostManager"="C:\Program Files\Common Files\AOL\1147155041\ee\AOLSoftware.exe" [2006-04-20 10:10 50792]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59 124520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-26 11:54:54 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147155041\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147155041\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-25 20:37:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-21 00:09:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-21 0:09:43
ComboFix-quarantined-files.txt 2008-03-21 07:09:41
ComboFix2.txt 2008-03-20 02:59:37
.
2008-03-12 08:15:05 --- E O F ---
======================================================
3. Malwarebytes log
Malwarebytes' Anti-Malware 1.09
Database version: 518
Scan type: Full Scan (C:\|)
Objects scanned: 86964
Time elapsed: 28 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 93
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{89cc26bc-9256-4cca-a7f3-b9d6c48dba71} (Adware.RABCO) -> No action taken.
HKEY_CLASSES_ROOT\rabio.rabiobho (Adware.RABCO) -> No action taken.
HKEY_CLASSES_ROOT\rabio.rabiobho.1 (Adware.RABCO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{923ca88a-ae69-49af-bf65-9a3123b14ccb} (Adware.RABCO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8c36d71b-0a48-4d38-9def-2a2a2669d0c9} (Adware.RABCO) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\nvcoi (Trojan.Stars) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rabio.RabioBHO (Adware.RABCO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RABCO (Adware.RABCO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RABCO (Adware.RABCO) -> No action taken.
HKEY_CURRENT_USER\Software\RABCO (Adware.RABCO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RABCO (Adware.RABCO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Rabio.DLL (Adware.RABCO) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\nvcoi (Trojan.Stars) -> No action taken.
C:\WINDOWS\system32\dr6 (Adware.Rabio) -> No action taken.
C:\WINDOWS\system32\ech5 (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\lows8 (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\sbc2 (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\typ2 (Trojan.Downloader) -> No action taken.
C:\Program Files\CPV (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> No action taken.
Files Infected:
C:\Documents and Settings\Kevin\Application Data\Microsoft\Windows\rayiou.exe (Trojan.Agent) -> No action taken.
C:\Program Files\HijackThis\backups\backup-20080321-000445-486.dll (Trojan.Downloader) -> No action taken.
C:\Program Files\nvcoi\nvcoi.exe (Trojan.Agent) -> No action taken.
C:\QooBox\Quarantine\C\Documents and Settings\Kevin\Application Data\WinTouch\WTUninstaller.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir (Adware.PurityScan) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir (Adware.PurityScan) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\InetGet2\MTE3MTk6ODoxNg.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir (Trojan.Insider) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir (Trojan.DNSChanger) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\NoDNS\NoDNS.exe.vir (Trojan.Agent) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Online Services\lavupaxo.dll.vir (Trojan.BHO) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Online Services\lavupaxo947.dll.vir (Trojan.BHO) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir (Adware.ClickSpring) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\RABCO\RABCO.dll.vir (Adware.RABCO) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\RABCO\RABCOse.exe.vir (Adware.RABCO) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\RABCO\un_RABCOSetup_16230.exe.vir (Adware.Rabio) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\RABCO\X_RABCOse.exe.vir (Adware.RABCO) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Web Buying\v1.8.8\webbuying.exe.vir (Adware.WebBuying) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Windows Plus\jilawixy89104.dll.vir (Adware.TTC) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b116.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir (Trojan.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir (Trojan.Insider) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir (Trojan.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b154.exe.vir (Trojan.Matcash) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b155.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir (Trojan.DownLoader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir (Trojan.BHO) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir (Malware.Trace) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\S2V2aW4\asappsrv.dll.vir (AdWare.CommAd) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\S2V2aW4\command.exe.vir (AdWare.CommAd) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir (Adware.TargetSaver) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir (Adware.TargetSaver) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mvfqonj.dll.vir (Adware.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yvqam.dll.vir (Adware.ClickSpring) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\iDlo01\iDlo011065.exe.vir (Trojan.DownLoader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\MCROSO~1\nopdb.exe.vir (Adware.Purityscan) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0015242.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0015244.exe (Adware.WebBuying) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0015255.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0015283.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0015299.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015326.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015329.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015348.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015381.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015412.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015414.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015418.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015419.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015526.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015527.exe (Trojan.Insider) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015529.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015532.dll (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015534.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015535.exe (Adware.Rabio) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015536.exe (Adware.RABCO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015537.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015538.exe (Trojan.DNSChanger) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015540.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015542.exe (Adware.WebBuying) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015543.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015544.exe (Adware.Purityscan) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015546.exe (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015548.exe (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015549.exe (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015550.dll (Adware.TargetSaver) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015551.vbs (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015552.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015553.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015554.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015555.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015556.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015557.exe (Trojan.Insider) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015558.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015559.exe (Trojan.Matcash) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015560.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015561.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015562.dll (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015574.exe (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015575.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015576.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015577.dll (Adware.TTC) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015579.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015582.dll (AdWare.CommAd) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015723.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\dr6\crecomdll1.exe (Adware.RABCO) -> No action taken.
C:\WINDOWS\system32\ech5\vomb33dll.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\lows8\spgdn65.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\typ2\key89104.exe (Adware.TTC) -> No action taken.
C:\Program Files\nvcoi\mst.stt (Trojan.Stars) -> No action taken.
C:\Program Files\nvcoi\nvcoi.exe.lzma (Trojan.Stars) -> No action taken.
======================================================
4. Kaspersky Webscanner
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 21, 2008 3:49:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/03/2008
Kaspersky Anti-Virus database records: 649944
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 58097
Number of viruses found: 30
Number of infected objects: 97
Number of suspicious objects: 0
Duration of the scan process: 00:50:14
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Kevin\Application Data\Microsoft\Windows\rayiou.exe Infected: Trojan-Downloader.Win32.Agent.lhu skipped
C:\Documents and Settings\Kevin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\MSHist012008032120080322\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kevin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kevin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\nvcoi\nvcoi.exe Infected: Trojan-Downloader.Win32.Agent.ltf skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan.Win32.Scapur.k skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\InetGet2\MTE3MTk6ODoxNg.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\QooBox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\QooBox\Quarantine\C\Program Files\NoDNS\NoDNS.exe.vir Infected: Trojan-Downloader.Win32.Agent.kji skipped
C:\QooBox\Quarantine\C\Program Files\Online Services\lavupaxo.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\Online Services\lavupaxo947.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\RABCO\RABCO.dll.vir Infected: not-a-virus:AdWare.Win32.Rabio.h skipped
C:\QooBox\Quarantine\C\Program Files\Windows Plus\jilawixy89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\Program Files\YSTEM~1\eхplorer.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\b116.exe.vir Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\QooBox\Quarantine\C\WINDOWS\b154.exe.vir Infected: Trojan-Downloader.Win32.Agent.kha skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.lak skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.lqu skipped
C:\QooBox\Quarantine\C\WINDOWS\S2V2aW4\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\QooBox\Quarantine\C\WINDOWS\S2V2aW4\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aaxxcafx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iDlo01\iDlo011065.exe.vir Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ighwlleh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lduwnnpc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mcjpiwwm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\MCROSO~1\nopdb.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mcvaemvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mvfqonj.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.acn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\npxibqem.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qiwiugah.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qlspdvho.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\urqnmjh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yvqam.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\catchme2008-03-19_195653.93.zip/crusoee.sys Infected: Rootkit.Win32.Agent.to skipped
C:\QooBox\Quarantine\catchme2008-03-19_195653.93.zip/gebcc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-19_195653.93.zip/WinTouch.exe Infected: Trojan-Downloader.Win32.Agent.ktb skipped
C:\QooBox\Quarantine\catchme2008-03-19_195653.93.zip ZIP: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0015242.exe Infected: Trojan-Downloader.Win32.Agent.lak skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0015244.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015313.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015329.exe Infected: Trojan-Downloader.Win32.Agent.lak skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015366.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015414.exe Infected: Trojan-Downloader.Win32.Agent.lbx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015418.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP103\A0015419.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015526.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015527.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015529.exe Infected: Trojan-Downloader.Win32.Agent.kji skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015532.dll Infected: not-a-virus:AdWare.Win32.Rabio.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015537.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015538.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015540.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015543.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015544.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015546.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015548.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015549.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015549.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015552.exe Infected: Trojan-Downloader.Win32.Agent.lak skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015553.exe Infected: Trojan-Downloader.Win32.Agent.lqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015554.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015554.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015554.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015554.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015555.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015556.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015557.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015558.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015559.exe Infected: Trojan-Downloader.Win32.Agent.kha skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015561.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015562.dll Infected: not-a-virus:AdWare.Win32.Agent.acn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015563.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015565.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015566.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015567.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015568.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015569.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015570.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015571.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015572.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015574.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015575.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015576.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015577.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP104\A0015582.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP105\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{44760E83-DBE2-4193-BDE7-6CFDC6C460F9}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5311F8C4-2A12-46FF-A1CB-6D16493D76BB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\ech5\vomb33dll.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\typ2\key89104.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\WINDOWS\system32\typ2\key89104.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
======================================================
5. New Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:29 AM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\AOL\1147155041\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\removal.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147155041\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10121 bytes
======================================================
6. Uninstall List
Adobe Reader 7.0.9
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
Broadcom Management Programs
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
CPV
Dell Digital Jukebox Driver
Dell Game Console
Dell Support Center
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
ESPNMotion
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NetZeroInstallers
NoDNS
nvcoi
NVIDIA Drivers
Otto
PowerDVD 5.7
QuickSet
QuickTime
RABCO
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
TMASOEDL
TMASOLDL
Trend Micro PC-cillin Internet Security 12
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6c
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
Win-Touch.com
XChange 360
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger