Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help security suite virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 adh66

adh66

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 September 2010 - 01:47 PM

hi i was wondering if anyone can help me remove the security suite virus please , ive tried to delete some files associated with this virus using regedit but without any joy an now i am stuck ,i would be really grateful for any help as i can only log onto internet using safemode with networking , my ie has dissapeared too .manay thanks regards adrian

hi think i done this properly so heres what i got from the dds Attached File  DDS.txt   9.71KB   6 downloads

Edited by hamluis, 13 September 2010 - 05:37 PM.
Merged posts, moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 19 September 2010 - 11:43 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 adh66

adh66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 20 September 2010 - 12:59 PM

hi and thankyou for your time ,
i did as requested and everything went ok with the defogger and the dds reports as posted below but i had a problem with th rkunhooker as detailed below
i downloaded the hooker programme and on opening it came up with detection of a parasite as mentioned and if i click ok it says parasite removed continue loading so i click ok and then it says error loading / opening driver and closes the programme
if i click on cancel when it says parasite detected it then says programme integrity damaged i then click ok and it comes up with the error loading / opening driver and then closes ,can you advise on this ? thanks again




DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 18:40:26.92 on Mon 09/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.602 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator.HASCON-064CC94E\My Documents\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{1947ED7C-40FF-7968-B844-BCC7CDF15DC3}] "c:\documents and settings\administrator.hascon-064cc94e\application data\fupe\apkou.exe"
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [Jcodewec] rundll32.exe "c:\windows\exrczexp.dll",Startup
mExplorerRun: [a5x3tq] c:\docume~1\lewis\locals~1\temp\202fbh.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259691630346
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://192.168.1.126/ocx/IMMP4.cab
TCP: NameServer = 93.188.162.71,93.188.161.4
TCP: {1CB72EEF-8F22-4AE3-83B9-D1244DD35EE3} = 93.188.162.71,93.188.161.4
TCP: {30305447-D22B-4915-A0F8-19511C3B8F47} = 192.168.2.20
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-18 243024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-18 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-18 29584]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-19 308136]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-15 54752]
S2 gupdate1ca2b477fc15bf2;Google Update Service (gupdate1ca2b477fc15bf2);c:\program files\google\update\GoogleUpdate.exe [2009-9-1 133104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-17 430152]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-09-19 17:47:52 0 d-----w- c:\windows\system32\wbem\Repository
2010-09-18 14:14:32 0 d-----w- c:\docume~1\admini~1.has\applic~1\Huqumo
2010-09-13 22:20:22 0 ----a-w- c:\documents and settings\administrator.hascon-064cc94e\defogger_reenable
2010-09-13 21:58:15 0 d-----w- c:\program files\Secunia
2010-09-13 18:06:16 0 d-----w- c:\docume~1\admini~1.has\applic~1\Office Genuine Advantage
2010-09-13 17:14:43 112 ----a-w- c:\docume~1\alluse~1\applic~1\GM1K8j5.dat
2010-09-12 17:37:52 0 d-----w- c:\docume~1\admini~1.has\applic~1\Fupe
2010-09-12 17:36:06 0 d-sh--w- c:\documents and settings\administrator.hascon-064cc94e\IETldCache
2010-09-11 13:16:14 2838 ----a-w- c:\windows\onidimenipavu.dll

==================== Find3M ====================

2010-07-19 13:01:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2009-09-08 19:53:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090820090909\index.dat

============= FINISH: 18:44:45.92 ===============

Attached Files

  • Attached File  DDS.txt   8.84KB   3 downloads


#4 adh66

adh66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 20 September 2010 - 01:01 PM

please note that this is all done in safemode with networking if that helps

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 20 September 2010 - 01:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 adh66

adh66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 21 September 2010 - 11:38 AM

hi i ran the combo porgramme and all went well it seems to have restored windows back but i still cannot connect to the internet even after repairing and ie still seems to be missing ,on startup i get a windows security box asking me that ie keeps trying to access the internet and even if i allow it doesnt seem to change connection ,the combo post is below and i am accessing a different computer n ow to post these messages
thank you

ComboFix 10-09-20.01 - Dad 09/20/2010 22:35:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.602 [GMT 1:00]
Running from: c:\documents and settings\Administrator.HASCON-064CC94E\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Fupe
c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Fupe\apkou.exe
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Documents\Server\server.dat
c:\documents and settings\Harvey\Application Data\Dealio
c:\documents and settings\Lewis\.COMMgr
c:\documents and settings\Lewis\Start Menu\Programs\Security Tool.lnk
c:\windows\exrczexp.dll
c:\windows\onidimenipavu.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 00:16 . 2010-09-20 00:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-09-19 17:47 . 2010-09-19 17:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-18 14:14 . 2010-09-19 23:20 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Huqumo
2010-09-17 06:21 . 2010-09-17 06:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-15 15:20 . 2010-09-15 15:20 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-15 15:17 . 2010-09-15 15:17 -------- d-----w- c:\windows\system32\config\systemprofile\PrivacIE
2010-09-15 15:10 . 2010-09-15 15:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-09-15 13:04 . 2010-09-15 13:04 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-09-13 22:11 . 2010-09-13 22:11 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\Apple Computer
2010-09-13 22:10 . 2010-09-17 08:01 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\Adobe
2010-09-13 21:58 . 2010-09-13 21:58 -------- d-----w- c:\program files\Secunia
2010-09-13 18:06 . 2010-09-13 18:06 69232 ----a-w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-13 18:06 . 2010-09-13 18:06 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Office Genuine Advantage
2010-09-13 16:58 . 2010-09-13 16:58 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\Google
2010-09-12 22:12 . 2010-09-12 22:12 -------- d-----w- c:\documents and settings\Harvey\Application Data\dvdcss
2010-09-12 22:12 . 2010-09-12 22:21 -------- d-----w- c:\documents and settings\Harvey\Application Data\vlc
2010-09-12 17:36 . 2010-09-12 17:36 -------- d-sh--w- c:\documents and settings\Administrator.HASCON-064CC94E\IETldCache
2010-09-12 17:07 . 2010-09-12 17:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-11 13:13 . 2010-09-20 00:30 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\vdkvchuuv
2010-09-11 13:13 . 2010-09-20 00:30 -------- d-----w- c:\documents and settings\Lewis\Application Data\vdkvchuuv
2010-09-11 13:11 . 2010-09-11 13:14 -------- d-----w- c:\documents and settings\Lewis\Application Data\48072AE7060B552B13BD673EDEF97A12
2010-09-11 13:07 . 2010-09-11 13:07 69232 ----a-w- c:\documents and settings\Lewis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-29 11:19 . 2010-08-29 11:19 -------- d-sh--w- c:\documents and settings\Harvey\PrivacIE
2010-08-29 11:19 . 2010-08-29 11:19 -------- d-----w- c:\documents and settings\Harvey\Local Settings\Application Data\Conduit
2010-08-29 11:19 . 2010-08-29 11:20 -------- d-----w- c:\documents and settings\Harvey\Local Settings\Application Data\iUserbar
2010-08-29 11:19 . 2010-09-11 13:12 -------- d-----w- c:\documents and settings\Harvey\Application Data\Apple Computer
2010-08-28 15:10 . 2010-08-28 15:10 -------- d-sh--w- c:\documents and settings\Lewis\PrivacIE
2010-08-28 15:10 . 2010-08-28 15:10 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\Conduit
2010-08-28 15:10 . 2010-09-11 12:39 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\Google
2010-08-28 15:09 . 2010-08-28 15:10 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\iUserbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 20:16 . 2009-06-13 10:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-19 17:47 . 2010-04-20 20:11 -------- d-----w- c:\program files\iTunes
2010-09-19 17:47 . 2009-12-11 16:17 -------- d-----w- c:\program files\QuickTime
2010-09-19 13:47 . 2010-09-13 17:14 112 ----a-w- c:\documents and settings\All Users\Application Data\GM1K8j5.dat
2010-09-11 17:57 . 2009-05-24 21:25 -------- d-----w- c:\program files\EPSON
2010-09-11 17:57 . 2009-05-14 23:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-11 13:12 . 2010-08-15 08:50 -------- d-----w- c:\documents and settings\Lewis\Application Data\Apple Computer
2010-08-24 19:30 . 2010-08-17 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-13 02:09 . 2009-05-14 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 17:02 . 2010-04-29 17:42 -------- d-----w- c:\program files\Safari
2010-08-09 17:00 . 2010-08-09 17:00 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-20 13:07 . 2010-07-20 13:07 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 13:01 . 2009-05-18 19:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 13:01 . 2010-07-19 13:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 13:01 . 2009-05-18 19:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2004-08-04 01:07 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 22:31 . 2010-06-25 22:31 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-24 12:22 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 01:07 1851904 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-20 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"{1947ED7C-40FF-7968-1FD7-42CC6A62A3C8}"="c:\documents and settings\Dad\Application Data\Cuyvl\pasii.exe" [2009-11-20 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
ighyw.exe [2010-9-20 145920]

c:\documents and settings\Harvey\Start Menu\Programs\Startup\
arcyom.exe [2010-9-20 145920]

c:\documents and settings\Lewis\Start Menu\Programs\Startup\
utsoro.exe [2010-9-20 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 13:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IPCameraSearcher\\IPCameraSearcher.exe"=
"c:\\Program Files\\MultiWindow\\MultiWindow.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Rendezvous
"2082:TCP"= 2082:TCP:compila cpanel
"2083:TCP"= 2083:TCP:compila cpanel
"82:TCP"= 82:TCP:camera
"9002:TCP"= 9002:TCP:c
"13186:TCP"= 13186:TCP:BitComet 13186 TCP
"13186:UDP"= 13186:UDP:BitComet 13186 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/18/2009 8:40 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/18/2009 8:40 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 2:01 PM 308136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
S2 gupdate1ca2b477fc15bf2;Google Update Service (gupdate1ca2b477fc15bf2);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2009 10:02 PM 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/17/2010 10:00 PM 430152]
S3 Normandy;Normandy SR2; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 21:02]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 21:02]

2010-09-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?d8b0d8d2787243738a0ceb12ba8297ab
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?d8b0d8d2787243738a0ceb12ba8297ab
TCP: {30305447-D22B-4915-A0F8-19511C3B8F47} = 192.168.2.20
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://192.168.1.126/ocx/IMMP4.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKU-Default-Run-Jcodewec - c:\windows\exrczexp.dll
HKLM-Explorer_Run-a5x3tq - c:\docume~1\Lewis\LOCALS~1\Temp\202fbh.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 23:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3148)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-20 23:19:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 22:18

Pre-Run: 79,672,602,624 bytes free
Post-Run: 82,338,394,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A85A9050D006863CD64353F44FC941BD


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 21 September 2010 - 08:10 PM

Hello

lets try this to get you back online, let me know if it works

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.
  • Double click on WinsockXPFix.exe to open.
  • On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  • On the ERDNT Welcome screen, click "OK".
  • On the Backup to: screen, click "OK".
  • On the Folder does not exist question screen click "Yes".
  • You will see a status screen as your registry is being backed up.
  • On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  • On the Winsock and TCP Repair Utility screen, click "Fix".
  • On the Apply the VB_Winsock fix? screen click "Yes".
  • The screen will display a status message "repair completed please reboot."
  • On the Repair Completed screen click "OK" to reboot your computer.
  • If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  • You should have connectivity restored.
If you have internet back come back and let me know if not go to next step

Download LSPFix and save to your desktop.
alternate download site
alternate download site
  • Disconnect from the Internet, go to the LSPfix file and extract (unzip) LSP-Fix into its own folder such as C:\lspfix. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.
  • Open the lspfix folder and double-click on LSPFix.exe to start the program.
  • Check the "I know what I am doing" checkbox.
  • Click "Finish" and LSPfix will restore the chain numbers.
  • restart the computer


Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 23 September 2010 - 11:37 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 adh66

adh66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 24 September 2010 - 02:48 AM

hi gringo
sorry for the delay but due to no internet access i had to borrow a friends pc to down load the programme onto an external hdd then load it on to my laptop and i now have internet access after running winsock application althou still do not have internet explorer showing anywhere ?
i couldnt run the reg back up as it came up with a box stating where you would like to save the back up but a security warning came up with everyfile it was trying to dload ?
many thanks for all your help once again i am extremely impressed with your time and efforts with helping me with this .
does everything look ok on the files i have uploaded to you so far

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 24 September 2010 - 03:05 AM

Hello

althou still do not have internet explorer showing anywhere ?Ok I want you to download it from here and install it don't uninstall the other just install it over the other

http://www.microsoft.com/windows/internet-...wide-sites.aspx

but a security warning came up with everyfile it was trying to dload ?
tell me more about this please.

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
c:\documents and settings\Dad\Application Data\Cuyvl\pasii.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\ighyw.exe
c:\documents and settings\Harvey\Start Menu\Programs\Startup\arcyom.exe
c:\documents and settings\Lewis\Start Menu\Programs\Startup\utsoro.exe

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 adh66

adh66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 24 September 2010 - 06:10 AM

i have tried what you have suggested with combo fix but it comes up with a box stating avg is still running please disable to carry on but avg no longer has a disable function and it will not allow me to delete it thru add remove programmes ,i can still run combo fix but it says its at my own discression .
the reg back up programme associated with winsocks comes up with an error saying error saving file c:erdnt/security continue with the next file and it repeats itself over and over

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 24 September 2010 - 06:12 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan. Even if it says AVG is active please continue.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 adh66

adh66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 24 September 2010 - 01:19 PM

hi here is the results


ComboFix 10-09-20.01 - Administrator 09/24/2010 12:43:01.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.709 [GMT 1:00]
Running from: c:\documents and settings\Administrator.HASCON-064CC94E\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Fupe\apkou.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 09:52 . 2010-09-24 09:52 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-24 09:52 . 2010-09-24 09:52 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-24 09:52 . 2010-09-24 09:52 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-24 09:52 . 2010-09-24 09:52 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-24 09:52 . 2010-09-24 09:52 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-24 09:52 . 2010-09-24 09:52 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-24 09:52 . 2010-09-24 09:52 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-24 09:52 . 2010-09-24 09:52 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-24 09:51 . 2010-09-24 09:51 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-24 07:38 . 2010-09-24 11:14 -------- d-----w- C:\ERDNT
2010-09-24 07:37 . 2010-09-24 07:38 -------- d-----w- C:\backup
2010-09-20 22:26 . 2010-09-20 22:26 -------- d-sh--w- c:\documents and settings\Administrator.HASCON-064CC94E\PrivacIE
2010-09-20 00:16 . 2010-09-20 00:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-09-19 17:47 . 2010-09-19 17:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-18 14:14 . 2010-09-19 23:20 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Huqumo
2010-09-17 06:21 . 2010-09-17 06:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-15 15:20 . 2010-09-15 15:20 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-15 15:17 . 2010-09-15 15:17 -------- d-----w- c:\windows\system32\config\systemprofile\PrivacIE
2010-09-15 15:10 . 2010-09-15 15:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-09-15 13:04 . 2010-09-15 13:04 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-09-13 22:11 . 2010-09-13 22:11 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\Apple Computer
2010-09-13 22:10 . 2010-09-17 08:01 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\Adobe
2010-09-13 21:58 . 2010-09-13 21:58 -------- d-----w- c:\program files\Secunia
2010-09-13 18:06 . 2010-09-13 18:06 69232 ----a-w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-13 18:06 . 2010-09-13 18:06 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Office Genuine Advantage
2010-09-13 16:58 . 2010-09-13 16:58 -------- d-----w- c:\documents and settings\Administrator.HASCON-064CC94E\Local Settings\Application Data\Google
2010-09-12 22:12 . 2010-09-12 22:12 -------- d-----w- c:\documents and settings\Harvey\Application Data\dvdcss
2010-09-12 22:12 . 2010-09-12 22:21 -------- d-----w- c:\documents and settings\Harvey\Application Data\vlc
2010-09-12 17:36 . 2010-09-12 17:36 -------- d-sh--w- c:\documents and settings\Administrator.HASCON-064CC94E\IETldCache
2010-09-12 17:07 . 2010-09-12 17:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-11 13:13 . 2010-09-20 00:30 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\vdkvchuuv
2010-09-11 13:13 . 2010-09-20 00:30 -------- d-----w- c:\documents and settings\Lewis\Application Data\vdkvchuuv
2010-09-11 13:11 . 2010-09-11 13:14 -------- d-----w- c:\documents and settings\Lewis\Application Data\48072AE7060B552B13BD673EDEF97A12
2010-09-11 13:07 . 2010-09-11 13:07 69232 ----a-w- c:\documents and settings\Lewis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-29 11:19 . 2010-08-29 11:19 -------- d-sh--w- c:\documents and settings\Harvey\PrivacIE
2010-08-29 11:19 . 2010-08-29 11:19 -------- d-----w- c:\documents and settings\Harvey\Local Settings\Application Data\Conduit
2010-08-29 11:19 . 2010-08-29 11:20 -------- d-----w- c:\documents and settings\Harvey\Local Settings\Application Data\iUserbar
2010-08-29 11:19 . 2010-09-11 13:12 -------- d-----w- c:\documents and settings\Harvey\Application Data\Apple Computer
2010-08-28 15:10 . 2010-08-28 15:10 -------- d-sh--w- c:\documents and settings\Lewis\PrivacIE
2010-08-28 15:10 . 2010-08-28 15:10 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\Conduit
2010-08-28 15:10 . 2010-09-11 12:39 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\Google
2010-08-28 15:09 . 2010-08-28 15:10 -------- d-----w- c:\documents and settings\Lewis\Local Settings\Application Data\iUserbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 11:32 . 2010-03-20 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-20 20:16 . 2009-06-13 10:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-19 17:47 . 2010-04-20 20:11 -------- d-----w- c:\program files\iTunes
2010-09-19 17:47 . 2009-12-11 16:17 -------- d-----w- c:\program files\QuickTime
2010-09-19 13:47 . 2010-09-13 17:14 112 ----a-w- c:\documents and settings\All Users\Application Data\GM1K8j5.dat
2010-09-11 17:57 . 2009-05-24 21:25 -------- d-----w- c:\program files\EPSON
2010-09-11 17:57 . 2009-05-14 23:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-11 13:12 . 2010-08-15 08:50 -------- d-----w- c:\documents and settings\Lewis\Application Data\Apple Computer
2010-08-24 19:30 . 2010-08-17 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-13 02:09 . 2009-05-14 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 17:02 . 2010-04-29 17:42 -------- d-----w- c:\program files\Safari
2010-08-09 17:00 . 2010-08-09 17:00 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-20 13:07 . 2010-07-20 13:07 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 13:01 . 2009-05-18 19:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 13:01 . 2010-07-19 13:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 13:01 . 2009-05-18 19:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2004-08-04 01:07 149504 ----a-w- c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 13:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IPCameraSearcher\\IPCameraSearcher.exe"=
"c:\\Program Files\\MultiWindow\\MultiWindow.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Rendezvous
"2082:TCP"= 2082:TCP:compila cpanel
"2083:TCP"= 2083:TCP:compila cpanel
"82:TCP"= 82:TCP:camera
"9002:TCP"= 9002:TCP:c
"13186:TCP"= 13186:TCP:BitComet 13186 TCP
"13186:UDP"= 13186:UDP:BitComet 13186 UDP

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/18/2009 8:40 PM 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/18/2009 8:40 PM 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 2:01 PM 308136]
S2 gupdate1ca2b477fc15bf2;Google Update Service (gupdate1ca2b477fc15bf2);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2009 10:02 PM 133104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/17/2010 10:00 PM 430152]
S3 Normandy;Normandy SR2; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 21:02]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 21:02]

2010-09-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://192.168.1.126/ocx/IMMP4.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{1947ED7C-40FF-7968-B844-BCC7CDF15DC3} - c:\documents and settings\Administrator.HASCON-064CC94E\Application Data\Fupe\apkou.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1770027372-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,37,0a,6d,87,4f,3b,4c,87,1d,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,37,0a,6d,87,4f,3b,4c,87,1d,fc,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-09-24 12:54:49
ComboFix-quarantined-files.txt 2010-09-24 11:54
ComboFix2.txt 2010-09-20 22:19

Pre-Run: 81,954,103,296 bytes free
Post-Run: 81,938,665,472 bytes free

- - End Of File - - 35FAC81B622F86A718488DC41A4BD75F


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 24 September 2010 - 04:05 PM

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\Qoobox\Add-Remove Programs.txt
  • click ok
  • copy and paste the report into this topic for me to review


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 adh66

adh66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 25 September 2010 - 02:45 AM

morning gringo here is the report you requested

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AoA DVD Ripper
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 9.0
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bing Maps 3D
Bonjour
Conexant HD Audio
DivX Converter
DivX Player
DivX Version Checker
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR300 Reference Guide
ESPR300 Software Guide
ESPR300 Standalone Guide
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Home Designer Suite 8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Product Detection
HP Quick Launch Buttons 6.30 J1
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
IPCameraSearcher 1.0
iTunes
Java™ 6 Update 17
Junk Mail filter update
LightScribe 1.4.105.1
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSN
MSVCRT
MultiWindow Version 1.1.2.3
OGA Notifier 2.0.0048.0
OneCare Advisor (Windows Live Toolbar)
PIF DESIGNER2.1
Popup Blocker (Windows Live Toolbar)
QuickTime
Safari
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Smart Menus (Windows Live Toolbar)
SmartAudio
Spelling Dictionaries Support For Adobe Reader 9
Tabbed Browsing (Windows Live Toolbar)
THE PATIO DESIGNER 2010 V12.1.3
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TurboFLOORPLAN Home & Interior
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.1
WebFldrs XP
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (01/14/2006 1.0.1.7)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users