also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot

TechSpot News Products Downloads Forums

[Active] Removal of win32/zbot.g

Discussion in 'Virus and Malware Removal' started by chuzzle, Aug 6, 2011.

Thread Status:: Not open for further replies.

Page 1 of 2

chuzzle Newcomer, in training

Hi,

Seems quite common to have this nasty bugger at the moment. Have been getting AVG alerts since last night - starting with firefox plugins and now running to virtually every program I have installed Have run malware; GMER and DDS and will post the logs below. If anyone could help out I would be eternally grateful as I have a thesis to hand in in three weeks time which is all on this laptop!!

Many Thanks

Marty

p.s. incidentally there are two GMER logs below as the first time I only scanned one partition of my hardrive (did the second one the second time around - it took an hour or so?!?! Is that OK?)
*******************

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7393

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

06/08/2011 16:22:22
mbam-log-2011-08-06 (16-22-22).txt

Scan type: Quick scan
Objects scanned: 193264
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**************

chuzzle, Aug 6, 2011

#1
chuzzle Newcomer, in training

Sorry here are the rest of my scans:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 18:41:22
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723225L9A360 rev.FCDOC30F
Running: rt60ln90.exe; Driver: C:\DOCUME~1\marty\LOCALS~1\Temp\awldqpow.sys

---- System - GMER 1.0.15 ----

SSDT spdb.sys ZwCreateKey [0xB7EB50E0]
SSDT spdb.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spdb.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spdb.sys ZwOpenKey [0xB7EB50C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB83C1738]
SSDT spdb.sys ZwQueryKey [0xB7ECE20A]
SSDT spdb.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spdb.sys ZwSetValueKey [0xB7ECE29C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB83C17DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB83C1878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB83C1914]

INT 0x63 ? 8A515BF8
INT 0x63 ? 8A515BF8
INT 0x63 ? 8A515BF8
INT 0x63 ? 8A515BF8
INT 0x63 ? 8A2A5F00
INT 0x63 ? 8A2A5F00
INT 0x63 ? 8A2A5F00
INT 0x63 ? 8A515BF8
INT 0x83 ? 8A2A5F00
INT 0x83 ? 8A517BF8
INT 0x83 ? 8A517BF8
INT 0x83 ? 8A517BF8
INT 0x94 ? 8A2A5F00
INT 0xA4 ? 8A2A5F00
INT 0xB4 ? 8A2A5F00

---- Kernel code sections - GMER 1.0.15 ----

? spdb.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73193A0, 0x5FE082, 0xE8000020]
.text USBPORT.SYS!DllUnload B72FA62C 5 Bytes JMP 8A2A54E0

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
.text C:\WINDOWS\system32\ctfmon.exe[240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
.text C:\WINDOWS\system32\ctfmon.exe[240] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
.text C:\WINDOWS\system32\ctfmon.exe[240] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
.text C:\WINDOWS\system32\RUNDLL32.EXE[440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
.text C:\WINDOWS\system32\RUNDLL32.EXE[440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
.text C:\WINDOWS\system32\RUNDLL32.EXE[440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
.text C:\WINDOWS\system32\RUNDLL32.EXE[440] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
.text C:\WINDOWS\BisonCam\DeLay.exe[444] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
.text C:\WINDOWS\BisonCam\DeLay.exe[444] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
.text C:\WINDOWS\BisonCam\DeLay.exe[444] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
.text C:\WINDOWS\BisonCam\DeLay.exe[444] user32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
.text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
.text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
.text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
.text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
? C:\WINDOWS\system32\services.exe[916] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
.text C:\WINDOWS\system32\services.exe[916] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
.text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
.text C:\WINDOWS\system32\nvsvc32.exe[1124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
.text C:\WINDOWS\system32\nvsvc32.exe[1124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
.text C:\WINDOWS\system32\nvsvc32.exe[1124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
.text C:\WINDOWS\system32\nvsvc32.exe[1124] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
.text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200658BF
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20059E20
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2006573B
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200605B1
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2002573B
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200211A3
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200214CD
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!send 71AB428A 5 Bytes JMP 20021155
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2002162A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2002145E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20021542
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200217E6
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20021705
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200215B3
.text C:\Program Files\Java\jre6\bin\jqs.exe[1264] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200205B1
? C:\WINDOWS\system32\svchost.exe[1304] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
? C:\WINDOWS\System32\svchost.exe[1360] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2002573B
.text C:\WINDOWS\System32\svchost.exe[1360] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200205B1
? C:\WINDOWS\system32\svchost.exe[1408] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
.text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
? C:\WINDOWS\system32\svchost.exe[1464] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpOpenRequestA 771C3674 5 Bytes JMP 202E291B
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 202E1EBB
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 202E2975
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 202E1E27
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 202E2860
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestExW 771CE989 5 Bytes JMP 202E1D9B
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpOpenRequestW 771CF3BE 5 Bytes JMP 202E2948
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 202E299C
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 202E2541
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetWriteFile 771F8147 5 Bytes JMP 202E1E8E
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 202E269E
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetReadFileExW 771F90DE 5 Bytes JMP 202E2745
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 202E1E5C
.text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestExA 772124B1 5 Bytes JMP 202E1DE1
? C:\WINDOWS\system32\svchost.exe[1488] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
? C:\WINDOWS\system32\svchost.exe[1568] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
.text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
.text C:\WINDOWS\RTHDCPL.EXE[1712] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
? C:\WINDOWS\system32\svchost.exe[1776] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
.text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
.text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpOpenRequestA 771C3674 5 Bytes JMP 202E291B
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 202E1EBB
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 202E2975
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 202E1E27
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 202E2860
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestExW 771CE989 5 Bytes JMP 202E1D9B
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpOpenRequestW 771CF3BE 5 Bytes JMP 202E2948
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 202E299C
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 202E2541
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetWriteFile 771F8147 5 Bytes JMP 202E1E8E
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 202E269E
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetReadFileExW 771F90DE 5 Bytes JMP 202E2745
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 202E1E5C
.text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestExA 772124B1 5 Bytes JMP 202E1DE1
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!recv 71AB615A 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
.text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
? C:\WINDOWS\Explorer.EXE[1808] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: OLEAUT32.dllunknown module: BROWSEUI.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll

chuzzle, Aug 6, 2011

#2
chuzzle Newcomer, in training

Edit: Excess GMER log deleted by Bobbye

chuzzle, Aug 6, 2011

#3
chuzzle Newcomer, in training

GMER log #2

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 19:16:14
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723225L9A360 rev.FCDOC30F
Running: rt60ln90.exe; Driver: C:\DOCUME~1\marty\LOCALS~1\Temp\awldqpow.sys

Edit: Second excess GMER log deleted by Bobbye

chuzzle, Aug 6, 2011

#4
chuzzle Newcomer, in training

Edit: Excess duplicate GMER log deleted by Bobbye

chuzzle, Aug 6, 2011

#5
chuzzle Newcomer, in training

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by marty at 19:41:01 on 2011-08-06
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3037.1717 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\WINDOWS\BisonCam\DeLay.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HotKey_Driver\HotKeyDriver.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\marty\local settings\application data\efbbjphn\mlsntpqe.exe,
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeBridge]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MlsNtpqe] c:\documents and settings\marty\local settings\application data\efbbjphn\mlsntpqe.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
mRun: [DeLay] c:\windows\bisoncam\DeLay.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup 2.0\bin\EuWatch.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotkey~1.lnk - c:\program files\hotkey_driver\HotKeyDriver.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F72F2F1-8B41-494E-9159-32DE9C61C292} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\marty\application data\mozilla\firefox\profiles\vix162iz.default\
FF - component: c:\documents and settings\marty\application data\mozilla\firefox\profiles\vix162iz.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\marty\application data\mozilla\firefox\profiles\vix162iz.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader\npnitromozilla.dll
FF - plugin: c:\windows\system32\npnipp.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-4-23 30472]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-4-23 20744]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-4-23 14216]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2011-5-11 34593]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup 2.0\bin\Agent.exe [2011-6-2 55688]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2011-4-23 187400]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-1-5 84240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-1-5 100456]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-1-5 340096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-1-19 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-1-19 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-08-03 20:28:49 -------- d-----w- c:\documents and settings\marty\local settings\application data\efbbjphn
2011-07-20 10:33:41 -------- d-----w- C:\GIS
2011-07-11 23:57:59 -------- d-----w- c:\documents and settings\marty\application data\Safe Software
2011-07-11 23:49:17 -------- d-----w- c:\documents and settings\marty\.idlerc
.
==================== Find3M ====================
.
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 19:36:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 17:56:44 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-06-21 17:56:42 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-05-18 21:22:07 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-05-11 01:02:16 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-11 01:02:16 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-11 01:01:58 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-05-21 15:59:50 3095040 ----a-w- c:\program files\openofficeorg32.msi
2010-05-21 15:58:20 460088 ----a-w- c:\program files\setup.exe
.
============= FINISH: 19:41:42.50 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 05/01/2011 12:16:53
System Uptime: 06/08/2011 15:54:17 (4 hours ago)
.
Motherboard: CLEVO Co. | | M740TU/M760TU/W7X0TUN
Processor: Intel Pentium III Xeon processor | U2E1 | 1994/200mhz
Processor: Intel Pentium III Xeon processor | U2E1 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 38 GiB total, 0.563 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 195 GiB total, 98.672 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_08061558&REV_02\4&3905AE0C&0&00E3
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_08061558&REV_02\4&3905AE0C&0&00E3
Service: RTLE8023xp
.
==== System Restore Points ===================
.
RP69: 11/07/2011 19:51:26 - Removed AVG 2011
RP70: 19/07/2011 08:37:24 - Removed AVG 2011
RP71: 25/07/2011 17:45:12 - Removed Skype™ 5.1
RP72: 25/07/2011 17:47:01 - Removed Skype Toolbars
.
==== Installed Programs ======================
.
.
32 Bit HP BiDi Channel Components Installer
Active@ ISO Burner
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Illustrator CS5
Adobe InDesign CS5
Adobe Media Player
Adobe Photoshop CS5
ArcGIS Desktop
ArcGIS Explorer
ArcGIS Tutorial Data
AVG 2011
Beer Engine 1.0.1.0
BisonCam
CCleaner
CometBird (3.6.13)
Conduit Engine
EASEUS Partition Master 6.5.2 Home Edition
EASEUS Todo Backup Home 2.0
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HotKey_Driver
Java Auto Updater
Java(TM) 6 Update 23
JMicron JMB38X Flash Media Controller
Live 8.0.1
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Motorola SM56 Data Fax Modem
Mozilla Firefox 5.0 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nitro PDF Reader 2
Novell iPrint Client v05.30.00
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OpenOffice.org 3.2
PandoraRecovery (Remove Only)
PDF Settings CS5
Python 2.5 numpy-1.0.3
Python 2.5.1
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Recuva
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Skype Toolbars
Skype™ 5.3
SoulSeek 157 NS 13e
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
SyncBack
TweakNow PowerPack 2011 SP1a
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VLC media player 1.1.10
Vuze
Vuze Remote Toolbar
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
30/07/2011 08:48:03, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
30/07/2011 08:48:03, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
30/07/2011 08:48:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06/08/2011 18:47:13, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================

chuzzle, Aug 6, 2011

#6
Bobbye Helper on the Fringe
Welcome to TechSpot! As you will have seen, I deleted some of the GMER log. The directions specifically say:

Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

When Show All is selected, post after post of useless entries are displayed.
==================================================
I haven't checked the AVG forums in a couple of days to see whether the Zbot is a False Positive. AVG tends to put out updates that cause their users to have incidences like this. So please run the following:

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the on your desktop.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button

Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.

Read my instructions carefully. If you don't understand or have a problem, ask me.

If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.

Follow the order of the tasks I give you. Order is crucial in cleaning process.

File sharing programs should be uninstalled or disabled during the cleaning process..

Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Bobbye, Aug 6, 2011

#7
chuzzle Newcomer, in training

Hi,

Thankyou so much for getting back to me so quickly.

OK so I ran GMER again - no boxes ticked:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-06 21:45:19
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723225L9A360 rev.FCDOC30F
Running: rt60ln90.exe; Driver: C:\DOCUME~1\marty\LOCALS~1\Temp\awldqpow.sys

---- System - GMER 1.0.15 ----

SSDT spbm.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spbm.sys ZwEnumerateValueKey [0xB7ECE132]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5141F8
Device \Driver\atapi \Device\Ide\IdePort0 8A5141F8
Device \Driver\atapi \Device\Ide\IdePort1 8A5141F8
Device \Driver\atapi \Device\Ide\IdePort2 8A5141F8
Device \Driver\atapi \Device\Ide\IdePort3 8A5141F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A5141F8
Device \Driver\JMCR \Device\Scsi\JMCR1 8A22B500
Device \Driver\JMCR \Device\Scsi\JMCR2 8A22B500
Device \Driver\JMCR \Device\Scsi\JMCR3 8A22B500
Device \FileSystem\Ntfs \Ntfs 8A5131F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fastfat \Fat 8975F1F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

That website is not happening though. I don't seem to be able to access that site. I'm getting this error mesage:

'Unable to Connect: Firefor can't establish a connection'

I can access other websites but not any that you have posted up here. I downloaded that eset.com scanner to another laptop though and copied it across with a memory stick and installed. However, it fails at the first stage of installation as it says 'Cannot Get update: is proxy configured'?

Any ideas?

Cheers

Marty

chuzzle, Aug 6, 2011

#8
Bobbye Helper on the Fringe
Please uninstall the following:
Vuze
Vuze Remote Toolbar
If you have any other file sharing software, remove it also:

P2P or 'file sharing' Warning: Uninstalling is recommended for these reasons:

Even if you are using a "safe" P2P program, it is only the program that is safe.

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.

Malware writers use these program to include malicious content.

File sharing is usually unmonitored and there is a danger that your private files might be accessed.

The 'sharing' also includes malware that the shared system has on it.

Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
===========================================
Can't let this go by without a comment on the Beer Engine! Homebrewers haven, huh? Took look at the site- too bad the picture didn't come out!
================
You can't do the Eset Online Scan using a flash drive. You must be online to use it. So let do the following:
The Java is outdated. That will most certainly mean you have malware in the Java cache. So you should empty it as follows:
To clear the Java Plug-in cache:

[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel. The Java Control Panel appears.

[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.

[4] Click Delete Files.The Delete Temporary Files dialog box appears.

[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
================================
Use the flash drive to download all of the following programs, then connect the drive and run them on the problem computer. Load one of the temporary AV: Do not run until after you have removed AVG with the AppRemover.

Follow the run order below:
1. Run Java update
2. Run App Remover for AVG
3. Run the temporary AV
4. Run Combofix
===============================
1. When that has been done, use the flash drive to download the current Java update: Java Updates Connect the flash and install the new Java. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
=================================
2. Download AppRemover and save to the desktop

Double click the setup on the desktop> click Next

Select “Remove Security Application”

Let scan finish to determine security apps

A screen like below will appear:

Click on Next after choice has been made

Check the AVG program you want to uninstall

After uninstall shows complete, follow online prompts to Exit the program.

==================================
3. Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
==============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
4. Download Combofix from HERE or HERE and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================
The only log you will have to leave in the next rely is the Combofix log.
Bobbye, Aug 6, 2011

#9
chuzzle Newcomer, in training

Hey man,

Thanks again for getting back to me so soon. Got rid of Vuze, but am unable to either unisntall my older version of Java or reinstall the offline version.

I am getting the error meesage:

'Error 1606.Could not access network location :.'

Any ideas?

p.s. yep, it's all about the homebrew

chuzzle, Aug 7, 2011

#10
chuzzle Newcomer, in training

Ok, finally got that sorted. Got Java reinstalled and followed all the posts in your last message. Here's the ComboFix log:

ComboFix 11-08-06.02 - marty 07/08/2011 13:44:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3037.2405 [GMT 1:00]
Running from: c:\documents and settings\marty\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\marty\Application Data\Adobe\plugs
c:\documents and settings\marty\Application Data\Adobe\shed
c:\documents and settings\marty\Application Data\Help
c:\documents and settings\marty\Application Data\winrar
c:\documents and settings\marty\Application Data\winrar\version.dat
c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}
c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\chrome.manifest
c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\chrome\content\_cfg.js
c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\chrome\content\overlay.xul
c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\install.rdf
c:\documents and settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe
c:\program files\explorer
c:\program files\explorer\AddressParser\AddressParserConfiguration.xml
c:\program files\explorer\AddressParser\parser_andorra.xml
c:\program files\explorer\AddressParser\parser_austria.xml
c:\program files\explorer\AddressParser\parser_belgium.xml
c:\program files\explorer\AddressParser\parser_canada.xml
c:\program files\explorer\AddressParser\parser_denmark.xml
c:\program files\explorer\AddressParser\parser_france.xml
c:\program files\explorer\AddressParser\parser_germany.xml
c:\program files\explorer\AddressParser\parser_ireland.xml
c:\program files\explorer\AddressParser\parser_italy.xml
c:\program files\explorer\AddressParser\parser_liechtenstein.xml
c:\program files\explorer\AddressParser\parser_luxembourg.xml
c:\program files\explorer\AddressParser\parser_monaco.xml
c:\program files\explorer\AddressParser\parser_netherlands.xml
c:\program files\explorer\AddressParser\parser_norway.xml
c:\program files\explorer\AddressParser\parser_portugal.xml
c:\program files\explorer\AddressParser\parser_spain.xml
c:\program files\explorer\AddressParser\parser_sweden.xml
c:\program files\explorer\AddressParser\parser_switzerland.xml
c:\program files\explorer\AddressParser\parser_uk.xml
c:\program files\explorer\AddressParser\parser_usa.xml
c:\program files\explorer\basemaps\basemaps.de.xml
c:\program files\explorer\basemaps\basemaps.es.xml
c:\program files\explorer\basemaps\basemaps.fr.xml
c:\program files\explorer\basemaps\basemaps.ja-jp.xml
c:\program files\explorer\basemaps\basemaps.xml
c:\program files\explorer\basemaps\basemaps.zh-CN.xml
c:\program files\explorer\basemaps\Server\basemap0.nmf
c:\program files\explorer\basemaps\Server\basemap0.png
c:\program files\explorer\basemaps\Server\basemap1.nmf
c:\program files\explorer\basemaps\Server\basemap1.png
c:\program files\explorer\basemaps\Server\basemap10.nmf
c:\program files\explorer\basemaps\Server\basemap10.png
c:\program files\explorer\basemaps\Server\basemap11.nmf
c:\program files\explorer\basemaps\Server\basemap11.png
c:\program files\explorer\basemaps\Server\basemap2.nmf
c:\program files\explorer\basemaps\Server\basemap2.png
c:\program files\explorer\basemaps\Server\basemap3.nmf
c:\program files\explorer\basemaps\Server\basemap3.png
c:\program files\explorer\basemaps\Server\basemap4.nmf
c:\program files\explorer\basemaps\Server\basemap4.png
c:\program files\explorer\basemaps\Server\basemap5.nmf
c:\program files\explorer\basemaps\Server\basemap5.png
c:\program files\explorer\basemaps\Server\basemap6.nmf
c:\program files\explorer\basemaps\Server\basemap6.png
c:\program files\explorer\basemaps\Server\basemap7.nmf
c:\program files\explorer\basemaps\Server\basemap7.png
c:\program files\explorer\basemaps\Server\basemap8.nmf
c:\program files\explorer\basemaps\Server\basemap8.png
c:\program files\explorer\basemaps\Server\basemap9.nmf
c:\program files\explorer\basemaps\Server\basemap9.png
c:\program files\explorer\basemaps\Server\basemaps.de.xml
c:\program files\explorer\basemaps\Server\basemaps.es.xml
c:\program files\explorer\basemaps\Server\basemaps.fr.xml
c:\program files\explorer\basemaps\Server\basemaps.ja-jp.xml
c:\program files\explorer\basemaps\Server\basemaps.xml
c:\program files\explorer\basemaps\Server\basemaps.zh-CN.xml
c:\program files\explorer\bin\3dAnalystUtil.dll
c:\program files\explorer\bin\3DSymbols.dll
c:\program files\explorer\bin\3DSymbolsLib.dll
c:\program files\explorer\bin\AfCore.dll
c:\program files\explorer\bin\AfUtil.dll
c:\program files\explorer\bin\AGSClient.dll
c:\program files\explorer\bin\aibase.dll
c:\program files\explorer\bin\aifeat.dll
c:\program files\explorer\bin\AISClient.dll
c:\program files\explorer\bin\AISGlobalLib.dll
c:\program files\explorer\bin\aishape.dll
c:\program files\explorer\bin\Animation.dll
c:\program files\explorer\bin\AnnoLayer.dll
c:\program files\explorer\bin\Annotation.dll
c:\program files\explorer\bin\AnnotationLib.dll
c:\program files\explorer\bin\AoInitializer.dll
c:\program files\explorer\bin\AppInitializerLib.dll
c:\program files\explorer\bin\ApplicationConfigurationManager.exe
c:\program files\explorer\bin\ArcGISExplorer.ISCConfig
c:\program files\explorer\bin\atl71.dll
c:\program files\explorer\bin\BasemapLayer.dll
c:\program files\explorer\bin\BasicRasterPicture.dll
c:\program files\explorer\bin\BGLAPI.dll
c:\program files\explorer\bin\BGLAPILib.dll
c:\program files\explorer\bin\BGLFontEngine.dll
c:\program files\explorer\bin\BGLGeomChestLib.dll
c:\program files\explorer\bin\BGLGeometricEffects.dll
c:\program files\explorer\bin\BGLImageCoders.dll
c:\program files\explorer\bin\BGLRasterizerLib.dll
c:\program files\explorer\bin\BGLRasterizerSW.dll
c:\program files\explorer\bin\BGLSymbols.dll
c:\program files\explorer\bin\BGLSymbolsLib.dll
c:\program files\explorer\bin\BGLToGDIHelper.dll
c:\program files\explorer\bin\bin.zreg
c:\program files\explorer\bin\CacheRasterDB.dll
c:\program files\explorer\bin\CadastralFabric.dll
c:\program files\explorer\bin\CadastralFabricLayer.dll
c:\program files\explorer\bin\CadEngine.dll
c:\program files\explorer\bin\CadFDB.dll
c:\program files\explorer\bin\CadLayer.dll
c:\program files\explorer\bin\CadWorkspaceFactory.dll
c:\program files\explorer\bin\Camera.dll
c:\program files\explorer\bin\CartoControlsLib.dll
c:\program files\explorer\bin\CartoConverter.dll
c:\program files\explorer\bin\CartoXLib.dll
c:\program files\explorer\bin\CIM.dll
c:\program files\explorer\bin\CIMLib.dll
c:\program files\explorer\bin\Color.dll
c:\program files\explorer\bin\ComplexSymbols.dll
c:\program files\explorer\bin\CompressedDataFile.dll
c:\program files\explorer\bin\Configuration\CATID\esri.catid.ecfg
c:\program files\explorer\bin\Configuration\CLSID\esri.clsid.ecfg
c:\program files\explorer\bin\DADFLib.dll
c:\program files\explorer\bin\DaeFile.dll
c:\program files\explorer\bin\DataConverterLib.dll
c:\program files\explorer\bin\dbghelp.dll
c:\program files\explorer\bin\de\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\de\DADFRes.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\de\ResToolkitPro.dll
c:\program files\explorer\bin\DECoreLib.dll
c:\program files\explorer\bin\DFORRT.DLL
c:\program files\explorer\bin\Display.dll
c:\program files\explorer\bin\DisplayFeedback.dll
c:\program files\explorer\bin\DisplayGraph.dll
c:\program files\explorer\bin\DisplayLib.dll
c:\program files\explorer\bin\DistributedGeodbLib.dll
c:\program files\explorer\bin\DynamicDisplay.dll
c:\program files\explorer\bin\e3.config.xml
c:\program files\explorer\bin\E3.exe
c:\program files\explorer\bin\E3.exe.config
c:\program files\explorer\bin\E3Control.dll
c:\program files\explorer\bin\E3EmailHelper.exe
c:\program files\explorer\bin\EngineGraphics.dll
c:\program files\explorer\bin\EnginePackager.dll
c:\program files\explorer\bin\es\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\es\DADFRes.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\es\ResToolkitPro.dll
c:\program files\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.Application.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll
c:\program files\explorer\bin\ESRI.DADF.Core.dll
c:\program files\explorer\bin\ESRI.DADF.dll
c:\program files\explorer\bin\esrizip.exe
c:\program files\explorer\bin\Export.dll
c:\program files\explorer\bin\ExtTopoEngine.dll
c:\program files\explorer\bin\FdaCore.dll
c:\program files\explorer\bin\FdaCoreLib.dll
c:\program files\explorer\bin\FdaRel.dll
c:\program files\explorer\bin\FeatureDataConverter.dll
c:\program files\explorer\bin\FeatureDataElements.dll
c:\program files\explorer\bin\FeatureLayer.dll
c:\program files\explorer\bin\FeatureLayerLib.dll
c:\program files\explorer\bin\FgdbRasterDB.dll
c:\program files\explorer\bin\FgdbUtilLib.dll
c:\program files\explorer\bin\FileDataElements.dll
c:\program files\explorer\bin\FileDBCoreLib.dll
c:\program files\explorer\bin\FileGDB.dll
c:\program files\explorer\bin\FileGDBWorkspaceFactory.dll
c:\program files\explorer\bin\fr\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\fr\DADFRes.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\fr\ResToolkitPro.dll
c:\program files\explorer\bin\FunctionRasterDB.dll
c:\program files\explorer\bin\gdal16.dll
c:\program files\explorer\bin\GdalRasterDB.dll
c:\program files\explorer\bin\GdbCatalog.dll
c:\program files\explorer\bin\GdbCore.dll
c:\program files\explorer\bin\GdbCoreLib.dll
c:\program files\explorer\bin\GdbNet.dll
c:\program files\explorer\bin\GdbTopo.dll
c:\program files\explorer\bin\GeoDataExtraction.dll
c:\program files\explorer\bin\GeoDataServer.dll
c:\program files\explorer\bin\GeoDataTransfer.dll
c:\program files\explorer\bin\Geometry.dll
c:\program files\explorer\bin\GeoprocessingLib.dll
c:\program files\explorer\bin\GeoProcessor.dll
c:\program files\explorer\bin\GeoRSSPlugin.dll
c:\program files\explorer\bin\glew32.dll
c:\program files\explorer\bin\Globe.dll
c:\program files\explorer\bin\GlobeCamera.dll
c:\program files\explorer\bin\GlobeClient.dll
c:\program files\explorer\bin\GlobeCoreLib.dll
c:\program files\explorer\bin\GlobeDisplay.dll
c:\program files\explorer\bin\GlobeLayers.dll
c:\program files\explorer\bin\GlobeServer.dll
c:\program files\explorer\bin\GlobeServerLayer.dll
c:\program files\explorer\bin\GlobeViewerCoreLib.dll
c:\program files\explorer\bin\GPClient.dll
c:\program files\explorer\bin\GpObjects.dll
c:\program files\explorer\bin\GpPythonCore.dll
c:\program files\explorer\bin\GPRasterFunctions.dll
c:\program files\explorer\bin\GraphicElements.dll
c:\program files\explorer\bin\hd420m.dll
c:\program files\explorer\bin\hdf5dll.dll
c:\program files\explorer\bin\hm420m.dll
c:\program files\explorer\bin\icudt40.dll
c:\program files\explorer\bin\icuin40.dll
c:\program files\explorer\bin\icuio40.dll
c:\program files\explorer\bin\icule40.dll
c:\program files\explorer\bin\icuuc40.dll
c:\program files\explorer\bin\ImageAccessLib.dll
c:\program files\explorer\bin\ImageClient.dll
c:\program files\explorer\bin\ImageServer.dll
c:\program files\explorer\bin\ImageServerLayer.dll
c:\program files\explorer\bin\IMSConnector.dll
c:\program files\explorer\bin\ImsFDB.dll
c:\program files\explorer\bin\IMSLayer.dll
c:\program files\explorer\bin\IMSLayerLib.dll
c:\program files\explorer\bin\IMSServiceLib.dll
c:\program files\explorer\bin\ImsWorkspaceFactory.dll
c:\program files\explorer\bin\InMemoryWorkspaceFactory.dll
c:\program files\explorer\bin\InputDevice3Dx.dll
c:\program files\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\ja-JP\DADFRes.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\ja-JP\ResToolkitPro.dll
c:\program files\explorer\bin\kdu61.dll
c:\program files\explorer\bin\KmlLayer.dll
c:\program files\explorer\bin\LabelPlacement.dll
c:\program files\explorer\bin\Layer.dll
c:\program files\explorer\bin\LayerLib.dll
c:\program files\explorer\bin\lcms117lib.dll
c:\program files\explorer\bin\libcollada14dom21.dll
c:\program files\explorer\bin\libcurl.dll
c:\program files\explorer\bin\lti_dsdk_dll.dll
c:\program files\explorer\bin\Map.dll
c:\program files\explorer\bin\MapClient.dll
c:\program files\explorer\bin\MapDB.dll
c:\program files\explorer\bin\MapElements.dll
c:\program files\explorer\bin\MaplexEngineLib.dll
c:\program files\explorer\bin\MapLib.dll
c:\program files\explorer\bin\MappingCore.dll
c:\program files\explorer\bin\MappingCoreLib.dll
c:\program files\explorer\bin\MappingServicesLib.dll
c:\program files\explorer\bin\MapServer.dll
c:\program files\explorer\bin\MapServerLayer.dll
c:\program files\explorer\bin\Marker3DFile.dll
c:\program files\explorer\bin\MessageSupport.dll
c:\program files\explorer\bin\Microsoft.VC90.ATL\atl90.dll
c:\program files\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest
c:\program files\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest
c:\program files\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest
c:\program files\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll
c:\program files\explorer\bin\MosaicDB.dll
c:\program files\explorer\bin\msvcp71.dll
c:\program files\explorer\bin\msvcr71.dll
c:\program files\explorer\bin\Navigation.dll
c:\program files\explorer\bin\NetEngine80.dll
c:\program files\explorer\bin\Network.dll
c:\program files\explorer\bin\NetworkAnalystSolvers.dll
c:\program files\explorer\bin\NetworkDataset.dll
c:\program files\explorer\bin\OGCClient.dll
c:\program files\explorer\bin\OutputLib.dll
c:\program files\explorer\bin\PageLayout.dll
c:\program files\explorer\bin\pe.dll
c:\program files\explorer\bin\PlugInDataSource.dll
c:\program files\explorer\bin\PlugInWorkspaceFactory.dll
c:\program files\explorer\bin\PrintOut.dll
c:\program files\explorer\bin\RasterAnalysisUtilLib.dll
c:\program files\explorer\bin\RasterCatalog.dll
c:\program files\explorer\bin\RasterCoreLib.dll
c:\program files\explorer\bin\RasterDB.dll
c:\program files\explorer\bin\RasterEngine.dll
c:\program files\explorer\bin\RasterFormats.dat
c:\program files\explorer\bin\RasterGraphicElements.dll
c:\program files\explorer\bin\RasterIO.dll
c:\program files\explorer\bin\RasterLayer.dll
c:\program files\explorer\bin\RasterRenderer.dll
c:\program files\explorer\bin\RasterWorkspaceFactory.dll
c:\program files\explorer\bin\Renderers.dll
c:\program files\explorer\bin\RepresentationDB.dll
c:\program files\explorer\bin\RepresentationEffects.dll
c:\program files\explorer\bin\RepresentationLayer.dll
c:\program files\explorer\bin\RepresentationLib.dll
c:\program files\explorer\bin\RepresentationSymbols.dll
c:\program files\explorer\bin\SceneFilters.dll
c:\program files\explorer\bin\SceneGraph.dll
c:\program files\explorer\bin\sdcdbx.dll
c:\program files\explorer\bin\SDCPlugIn.dll
c:\program files\explorer\bin\sde.dll
c:\program files\explorer\bin\SdeFDB.dll
c:\program files\explorer\bin\SdeRasterDB.dll
c:\program files\explorer\bin\sdesetup.dll
c:\program files\explorer\bin\SdeWorkspaceFactory.dll
c:\program files\explorer\bin\ServerStyleGallery.dll
c:\program files\explorer\bin\sg.dll
c:\program files\explorer\bin\ShapefileFDB.dll
c:\program files\explorer\bin\ShapefileWorkspaceFactory.dll
c:\program files\explorer\bin\SimpleDataConverter.dll
c:\program files\explorer\bin\StyleGalleryClasses.dll
c:\program files\explorer\bin\SystemUIUtil.dll
c:\program files\explorer\bin\Terrain.dll
c:\program files\explorer\bin\TerrainLayer.dll
c:\program files\explorer\bin\TextureCookerService.exe
c:\program files\explorer\bin\TinDb.dll
c:\program files\explorer\bin\TinEngine.dll
c:\program files\explorer\bin\TinLayer.dll
c:\program files\explorer\bin\TinRenderer.dll
c:\program files\explorer\bin\TinWorkspaceFactory.dll
c:\program files\explorer\bin\ViewerCoreLib.dll
c:\program files\explorer\bin\VpfFDB.dll
c:\program files\explorer\bin\VpfWorkspaceFactory.dll
c:\program files\explorer\bin\WebServices.dll
c:\program files\explorer\bin\WMSLayer.dll
c:\program files\explorer\bin\xerces-c_2_7.dll
c:\program files\explorer\bin\XmlSupport.dat
c:\program files\explorer\bin\XMLSupport.dll
c:\program files\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll
c:\program files\explorer\bin\zh-CN\DADFRes.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\zh-CN\ResToolkitPro.dll
c:\program files\explorer\bin\zlib1.dll
c:\program files\explorer\bin\zlibwapi.dll
c:\program files\explorer\ColorProfiles\esriGray22.icc
c:\program files\explorer\ColorProfiles\Lab2Lab.icm
c:\program files\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc
c:\program files\explorer\ColorProfiles\USWebCoatedSWOP.icc
c:\program files\explorer\ColorProfiles\Xyz2Xyz.icm
c:\program files\explorer\com\com.zreg
c:\program files\explorer\com\esriE3.olb
c:\program files\explorer\license\ExplorerEnglishLicense.pdf
c:\program files\explorer\license\ExplorerFrenchLicense.pdf
c:\program files\explorer\license\ExplorerGermanLicense.pdf
c:\program files\explorer\license\ExplorerJapaneseLicense.pdf
c:\program files\explorer\license\ExplorerSimplChineseLicense.pdf
c:\program files\explorer\license\ExplorerSpanishLicense.pdf
c:\program files\explorer\PackageTemplates\ArcGISExplorer.stylesheet
c:\program files\explorer\PackageTemplates\Package931.template
c:\program files\explorer\pedata\gdaldata\coordinate_axis.csv
c:\program files\explorer\pedata\gdaldata\cubewerx_extra.wkt
c:\program files\explorer\pedata\gdaldata\ecw_cs.dat
c:\program files\explorer\pedata\gdaldata\ellipsoid.csv
c:\program files\explorer\pedata\gdaldata\epsg.wkt
c:\program files\explorer\pedata\gdaldata\esri_extra.wkt
c:\program files\explorer\pedata\gdaldata\gcs.csv
c:\program files\explorer\pedata\gdaldata\gdal_datum.csv
c:\program files\explorer\pedata\gdaldata\gdalicon.png
c:\program files\explorer\pedata\gdaldata\pcs.csv
c:\program files\explorer\pedata\gdaldata\prime_meridian.csv
c:\program files\explorer\pedata\gdaldata\projop_wparm.csv
c:\program files\explorer\pedata\gdaldata\s57attributes.csv
c:\program files\explorer\pedata\gdaldata\s57expectedinput.csv
c:\program files\explorer\pedata\gdaldata\s57objectclasses.csv
c:\program files\explorer\pedata\gdaldata\seed_2d.dgn
c:\program files\explorer\pedata\gdaldata\seed_3d.dgn
c:\program files\explorer\pedata\gdaldata\stateplane.csv
c:\program files\explorer\pedata\gdaldata\unit_of_measure.csv
c:\program files\explorer\plugins\explorerCore.ecfg
c:\program files\explorer\schemas\ExplorerAddIn.xsd
c:\program files\explorer\schemas\ExplorerGeometry.xsd
c:\program files\explorer\schemas\NmfDocument.xsd
c:\program files\explorer\Styles\default.css
c:\program files\explorer\Styles\Directions\CheckeredFlag16.png
c:\program files\explorer\Styles\Directions\GreenFlag16.png
c:\program files\explorer\Styles\Directions\Print16.png
c:\program files\explorer\Styles\ExplorerColors.de.xml
c:\program files\explorer\Styles\ExplorerColors.es.xml
c:\program files\explorer\Styles\ExplorerColors.fr.xml
c:\program files\explorer\Styles\ExplorerColors.ja-JP.xml
c:\program files\explorer\Styles\ExplorerColors.xml
c:\program files\explorer\Styles\ExplorerColors.zh-CN.xml
c:\program files\explorer\Styles\ExplorerSymbols.de.xml
c:\program files\explorer\Styles\ExplorerSymbols.es.xml
c:\program files\explorer\Styles\ExplorerSymbols.fr.xml
c:\program files\explorer\Styles\ExplorerSymbols.ja-JP.xml
c:\program files\explorer\Styles\ExplorerSymbols.xml
c:\program files\explorer\Styles\ExplorerSymbols.zh-CN.xml
c:\program files\explorer\Styles\kml.css
c:\program files\explorer\Styles\KMLIcons\american-flag.png
c:\program files\explorer\Styles\KMLIcons\arrow.png
c:\program files\explorer\Styles\KMLIcons\asian-flag.png
c:\program files\explorer\Styles\KMLIcons\auto-service.png
c:\program files\explorer\Styles\KMLIcons\auto.png
c:\program files\explorer\Styles\KMLIcons\bang.png
c:\program files\explorer\Styles\KMLIcons\bars.png
c:\program files\explorer\Styles\KMLIcons\building.png
c:\program files\explorer\Styles\KMLIcons\coffee_house_16.png
c:\program files\explorer\Styles\KMLIcons\crosshair.png
c:\program files\explorer\Styles\KMLIcons\dining.png
c:\program files\explorer\Styles\KMLIcons\dining_16.png
c:\program files\explorer\Styles\KMLIcons\dot.png
c:\program files\explorer\Styles\KMLIcons\fast-food.png
c:\program files\explorer\Styles\KMLIcons\four-dollars.png
c:\program files\explorer\Styles\KMLIcons\french-flag.png
c:\program files\explorer\Styles\KMLIcons\hand.png
c:\program files\explorer\Styles\KMLIcons\high_res_places.png
c:\program files\explorer\Styles\KMLIcons\highway_16.png
c:\program files\explorer\Styles\KMLIcons\italian-flag.png
c:\program files\explorer\Styles\KMLIcons\large_traffic_count_16.png
c:\program files\explorer\Styles\KMLIcons\mexican-flag.png
c:\program files\explorer\Styles\KMLIcons\misc_dining.png
c:\program files\explorer\Styles\KMLIcons\note.png
c:\program files\explorer\Styles\KMLIcons\one-dollar.png
c:\program files\explorer\Styles\KMLIcons\palette-2.png
c:\program files\explorer\Styles\KMLIcons\palette-3.png
c:\program files\explorer\Styles\KMLIcons\palette-4.png
c:\program files\explorer\Styles\KMLIcons\palette-5.png
c:\program files\explorer\Styles\KMLIcons\parks.png
c:\program files\explorer\Styles\KMLIcons\recreation.png
c:\program files\explorer\Styles\KMLIcons\school_16.png
c:\program files\explorer\Styles\KMLIcons\search.png
c:\program files\explorer\Styles\KMLIcons\streamed_layer.png
c:\program files\explorer\Styles\KMLIcons\streamed_layers.png
c:\program files\explorer\Styles\KMLIcons\terrain_16.png
c:\program files\explorer\Styles\KMLIcons\three-dollars.png
c:\program files\explorer\Styles\KMLIcons\transportation.png
c:\program files\explorer\Styles\KMLIcons\two-dollars.png
c:\program files\explorer\Styles\KMLIcons\webcam_16.png
c:\program files\explorer\Styles\SlideTitleStyles.de.xml
c:\program files\explorer\Styles\SlideTitleStyles.es.xml
c:\program files\explorer\Styles\SlideTitleStyles.fr.xml
c:\program files\explorer\Styles\SlideTitleStyles.ja-JP.xml
c:\program files\explorer\Styles\SlideTitleStyles.xml
c:\program files\explorer\Styles\SlideTitleStyles.zh-CN.xml
c:\program files\explorer\Styles\StyleSheet.xsl
c:\program files\explorer\Styles\SymbolImages\Civic\ATM.png
c:\program files\explorer\Styles\SymbolImages\Civic\Bank.png
c:\program files\explorer\Styles\SymbolImages\Civic\Bell.png
c:\program files\explorer\Styles\SymbolImages\Civic\Cemetery.png
c:\program files\explorer\Styles\SymbolImages\Civic\City.png
c:\program files\explorer\Styles\SymbolImages\Civic\Clue.png
c:\program files\explorer\Styles\SymbolImages\Civic\Crowd.png
c:\program files\explorer\Styles\SymbolImages\Civic\GhostTown.png
c:\program files\explorer\Styles\SymbolImages\Civic\Horn.png
c:\program files\explorer\Styles\SymbolImages\Civic\Housing.png
c:\program files\explorer\Styles\SymbolImages\Civic\MailPost.png
c:\program files\explorer\Styles\SymbolImages\Civic\Office.png
c:\program files\explorer\Styles\SymbolImages\Civic\Radioactive.png
c:\program files\explorer\Styles\SymbolImages\Civic\School.png
c:\program files\explorer\Styles\SymbolImages\Civic\StarsStripes.png
c:\program files\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\GreenFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\RedFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\WhiteFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\YellowFlag.png
c:\program files\explorer\Styles\SymbolImages\Health\AidStation.png
c:\program files\explorer\Styles\SymbolImages\Health\Ambulance.png
c:\program files\explorer\Styles\SymbolImages\Health\Doctor.png
c:\program files\explorer\Styles\SymbolImages\Health\Health.png
c:\program files\explorer\Styles\SymbolImages\Health\Hospital.png
c:\program files\explorer\Styles\SymbolImages\Health\Pharmacy.png
c:\program files\explorer\Styles\SymbolImages\Marine\AmberBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BlackBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BlueBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png
c:\program files\explorer\Styles\SymbolImages\Marine\ControlledArea.png
c:\program files\explorer\Styles\SymbolImages\Marine\Danger.png
c:\program files\explorer\Styles\SymbolImages\Marine\DiverDown.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\PersonOverboard.png
c:\program files\explorer\Styles\SymbolImages\Marine\RadioBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png
c:\program files\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png
c:\program files\explorer\Styles\SymbolImages\Marine\VioletBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\Wreck.png
c:\program files\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Capital1.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Capital2.png
c:\program files\explorer\Styles\SymbolImages\Placemark\CircleX.png
c:\program files\explorer\Styles\SymbolImages\Placemark\CrossHair.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated1.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated2.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated3.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated4.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated5.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated6.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated7.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Star.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Bar.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Camera.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Coffee.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dam.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dining.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\FastFood.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Forest.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Globe.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Information.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\LandLine.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Light.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Mine.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Museum.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\News.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Note.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\OilWell.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pizza.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pub.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Question.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Restroom.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shopping.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shower.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Stadium.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Zoo.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Burglary.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireFighter.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireStation.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireTruck.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Homicide.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Police.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Theft.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Beach.png
c:\program files\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Bowling.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Camping.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Deer.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Fishing.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Geocache.png
c:\program files\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Gliding.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Golf.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Hiking.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Mountain.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Park.png
c:\program files\explorer\Styles\SymbolImages\Recreation\RestArea.png
c:\program files\explorer\Styles\SymbolImages\Recreation\RVPark.png
c:\program files\explorer\Styles\SymbolImages\Recreation\SkyDiving.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Sports.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Swimming.png
c:\program files\explorer\Styles\SymbolImages\Recreation\TrackBack.png
c:\program files\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png
c:\program files\explorer\Styles\SymbolImages\Sphere\BlueSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\GreenSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\RedSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\YellowSphere.png
c:\program files\explorer\Styles\SymbolImages\Square\BlackWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Square\BlueWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png
c:\program files\explorer\Styles\SymbolImages\Transparent\Transparent.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Airplane.png
c:\program files\explorer\Styles\SymbolImages\Transportation\AirStrip.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Breakdown.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Bus.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRental.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRepair.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Crossing.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Fuel.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Landingpad.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Lodging.png
c:\program files\explorer\Styles\SymbolImages\Transportation\MileMarker.png
c:\program files\explorer\Styles\SymbolImages\Transportation\MountainPass.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Overpass.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Parking.png
c:\program files\explorer\Styles\SymbolImages\Transportation\PrivateField.png
c:\program files\explorer\Styles\SymbolImages\Transportation\RoadClosure.png
c:\program files\explorer\Styles\SymbolImages\Transportation\RoadWork.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Sailing.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Scales.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Seaplane.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Tank.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Toll.png
c:\program files\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Tunnel.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Ultralight.png
c:\program files\explorer\Styles\SymbolImages\Transportation\WarningRed.png
c:\program files\explorer\Styles\SymbolImages\Transportation\WarningYellow.png
c:\program files\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png
c:\program files\explorer\Styles\SymbolImages\Weather\Cloudy.png
c:\program files\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png
c:\program files\explorer\Styles\SymbolImages\Weather\Lightning.png
c:\program files\explorer\Styles\SymbolImages\Weather\PartlySunny.png
c:\program files\explorer\Styles\SymbolImages\Weather\Rain.png
c:\program files\explorer\Styles\SymbolImages\Weather\Snow.png
c:\program files\explorer\Styles\SymbolImages\Weather\Sunny.png
c:\program files\explorer\Styles\Template.ncfg
c:\program files\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml
c:\program files\explorer\TilingSchemes\GoogleMapsVersions.xml
c:\program files\explorer\TilingSchemes\Yahoo.xml
c:\program files\Setup.exe
c:\windows\ST6UNST.000
c:\windows\system32\regobj.dll
.
.

chuzzle, Aug 7, 2011

#11
chuzzle Newcomer, in training

and the rest of it!..................

((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-07 12:35 . 2011-07-20 10:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-07 12:35 . 2011-07-20 10:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-07 12:35 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-07 12:35 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-07 12:35 . 2011-08-07 12:35 -------- d-----w- c:\program files\Avira
2011-08-07 12:35 . 2011-08-07 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-07 12:19 . 2011-08-07 12:18 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-07 11:03 . 2011-08-07 11:03 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-08-07 11:03 . 2011-08-07 12:15 -------- d-----w- c:\program files\MSECACHE
2011-08-07 10:53 . 2011-08-07 10:55 -------- d-s---w- c:\documents and settings\marty\Application Data\\Roaming
2011-08-07 10:53 . 2011-08-07 10:53 -------- d-----w- C:\Sun
2011-08-06 20:33 . 2011-08-06 20:33 -------- d-----w- c:\program files\ESET
2011-08-03 20:28 . 2011-08-07 12:55 -------- d-----w- c:\documents and settings\marty\Local Settings\Application Data\efbbjphn
2011-07-20 10:33 . 2011-07-20 10:34 -------- d-----w- C:\GIS
2011-07-11 23:57 . 2011-07-11 23:57 -------- d-----w- c:\documents and settings\marty\Application Data\\Safe Software
2011-07-11 23:49 . 2011-07-11 23:51 -------- d-----w- c:\documents and settings\marty\.idlerc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-07 12:18 . 2011-01-12 18:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-07 12:18 . 2011-01-12 18:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-06 18:52 . 2011-04-15 12:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-04-15 12:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 19:36 . 2011-05-17 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 17:56 . 2011-06-23 13:48 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-06-21 17:56 . 2011-06-23 13:48 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-05-18 21:22 . 2011-05-18 21:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-21 15:59 . 2010-05-21 15:59 3095040 ----a-w- c:\program files\openofficeorg32.msi
2011-06-24 00:34 . 2011-05-08 11:35 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 520204]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2009-09-18 53248]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2009-09-18 57344]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotKeyDriver.lnk - c:\program files\HotKey_Driver\HotKeyDriver.exe [2011-1-5 3633152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^marty^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\marty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [23/04/2011 17:29 30472]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [23/04/2011 17:29 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/01/2011 03:41 691696]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [23/04/2011 17:29 14216]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [11/05/2011 15:03 34593]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/08/2011 13:35 136360]
R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe [02/06/2011 11:26 55688]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [21/06/2011 18:57 196912]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [23/04/2011 17:29 187400]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [05/01/2011 13:46 84240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [05/01/2011 13:40 100456]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [05/01/2011 14:05 340096]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\marty\LOCALS~1\Temp\twtutmjq.sys --> c:\docume~1\marty\LOCALS~1\Temp\twtutmjq.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2011 21:11 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [19/01/2011 19:36 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [19/01/2011 19:36 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2011 21:11 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-BLUEMAN-marty.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-05 03:44]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc542f7217a4d0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 20:11]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\marty\Application Data\Mozilla\Firefox\Profiles\vix162iz.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-MlsNtpqe - c:\documents and settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe
AddRemove-Live 8.0.1 - c:\progra~1\Ableton\LIVE80~1.1\Install\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 13:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\marty\Start Menu\Programs\Startup\mlsntpqe.exe 114625 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-08-07 14:00:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-07 13:00
.
Pre-Run: 1,040,424,960 bytes free
Post-Run: 1,514,852,352 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FAAF3E08F078B3DDDAE0FD53FABCFB7D

Cheers

Marty

chuzzle, Aug 7, 2011

#12
Bobbye Helper on the Fringe
Marty, are these just in Firefox?

'Unable to Connect: Firefor can't establish a connection'
I can access other websites but not any that you have posted up here
'Cannot Get update: is proxy configured'?

=================================
Please do the following:
Reset your browser proxies

For Firefox:
o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
o Click on the "Network" tab, and then on the "Settings" button.
o Please make sure that the "No Proxy" option is selected.

For Internet Explorer:
o Open Internet Explorer.
o Click on "Tools" and then select "Internet Options".
o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
o Uncheck "Use a Proxy server for your LAN".
o Click Ok to close the Local Area Network (LAN) Settings window.
o Click Ok to close the Internet Options window.

============================================
See if that makes a difference in accessing a site.
If it does not, clarify whether the access problem is just in Firefox. Try to access using Internet explorer. Does that work on site you can't get in Firefox? If so, please run the Eset Online Virus scan> online.

Let me know either way. Combofix removed a large number of files and that alone could possibly have caused the connection problem. We have more work to do.

I'd also like you to run the following:

Download CKScanner and save to your desktop.

Doubleclick CKScanner.exe and click Search For Files.

When the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
in your next reply.
Bobbye, Aug 7, 2011

#13
chuzzle Newcomer, in training

hey dude, here you go:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\marty\my documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
c:\python25\lib\site-packages\numpy\f2py\crackfortran.py
c:\python25\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\python25\lib\site-packages\numpy\f2py\crackfortran.pyo
scanner sequence 3.BB.11.HPAPXJ
----- EOF -----

Confirm both Firefox and IE will do not let me access the esnet scanner. I have reset the proxy settings in both. Still no joy. Should I try another browser i.e. chrome?

chuzzle, Aug 7, 2011

#14
Bobbye Helper on the Fringe

You have the following installed:
ArcGIS Desktop
ArcGIS Explorer
ArcGIS Tutorial Data

Multiple entries were deleted in Combofix for c:\program files\explorer\bin....... Ot appears that you used the ArcGIS Explorer to set up some programming. What did you set up in the bin files?

Information HERE>> Using the ArcGIS Explorer samples

I am not a programmer.
==============================
Another deletion was the Windows system 32 regpbj.dll:

This is an ActiveX server that allows Visual Basic developers to programmatically control the Registry without having to resort to the Windows API. Included is a document which discusses the object model of RegObj.dll, and includes some Visual Basic code to illustrate using the objects in the server to perform common types of registrymanipulation. Although the code in the article is constructed in Visual Basic, any other language capable of constructing ActiveX client applications, such as Java or C/C++ can use this ActiveX DLL.<<

So I need t know what you are manipulating. It bothers me that I'm not seeing the WGA update in the Attach.txt log.
I note you have SP2, so you are behind in the SP3 update.

Edit: It also appears that you did not update the antivirus after you installed it:
AV: AntiVir Desktop *Disabled/Outdated

Bobbye, Aug 7, 2011

#15
chuzzle Newcomer, in training

Hey,

I use Arc GIS Explorer for map making. I'm not a programmer either, and haven't (consciously) done anything to the BIN files. I'm not quite sure what you mean by 'manipulating'. I think the losest I may have got is run some reg. cleaning/optimising software a while back. Nothing else I can think of.

As for WIn XP. I'm running SP2 as I have an old licensed copy of it which I installed myself on this laptop. I haven't got round to upgrading to SP3 nor have I been updating windows. Should I do that??

I tried updating Antivir and it failed with the following report:

Avira AntiVir Personal - Free Antivirus Updater
Complete product update

Creation time: Mon Aug 08 21:09:00 2011

Operating system:
Windows XP (Service Pack 2) [5.1.2600] 32 bit

Product information:
Product version: 10.0.0.652
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.39
Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8
GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
Updater folder: C:\Program Files\Avira\AntiVir Desktop\
AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\

Proxy settings:
System settings used

21:09:02 [UPD] [INFO] Checking whether newer files are available.
21:09:02 [UPD] [INFO] Select update server 'http://127.0.0.1/update'.
21:09:02 [UPD] [INFO] Downloading of 'http://127.0.0.1/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
21:09:03 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://127.0.0.1/update/idx/master.idx' failed. Error: A connection with the server could not be established
21:09:03 [UPD] [INFO] Select update server 'http://127.0.0.1/update'.
21:09:03 [UPD] [INFO] Downloading of 'http://127.0.0.1/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
21:09:04 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://127.0.0.1/update/idx/master.idx' failed. Error: A connection with the server could not be established
21:09:04 [UPDLIB] [ERROR] No additional servers found, the update will be canceled.
21:09:04 [UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 537.

Summary:
********
0 Files downloaded
0 Files installed

Mon Aug 08 21:09:04 2011
The update failed!

Thanks again!

Marty

chuzzle, Aug 8, 2011

#16
Bobbye Helper on the Fringe

I have an old licensed copy of it which I installed myself on this laptop.

What is the source of this 'old licensed copy'?

Bobbye, Aug 9, 2011

#17
chuzzle Newcomer, in training

Do you mean is it a pirate copy?!! If so, no. I bought Windows XP SP2 about 5 or 6 years ago, so I have an official version, which is registered/activated etc. I had previously upgraded to SP3 but my laptop hard drive dies about 3 months ago and when I rebuilt on a new hard drive, I never got round to installing any updates. Should I do this now?

Cheers

Martyh

chuzzle, Aug 10, 2011

#18
Bobbye Helper on the Fringe

No, wait on the updates. Please give me an update of the specific malware related problems you're having now.

Are you able to connect to the internet yet? Message when you try? What?

Bobbye, Aug 11, 2011

#19
chuzzle Newcomer, in training

Hey Bobbye,

No still can't connect to certain pages i.e. Microsoft, anything virus software/malware removal related, a few of the tech forums. So selectively, and I guess all the stuff I need to connect to. The error message is the following (from Firefox):

Unable to connect

'Firefox can't establish a connection to the server at......'

Antivir still won't update (says it won't connect) and the Antivir guard won't start, so I guess I have no anti virus. Still can't boot into safe mode - getting BSOD when I try and then laptop reboots.

Any help GREATLY appreciated!!

Cheers

Marty

chuzzle, Aug 12, 2011

#20

(You must log in or sign up to reply here.)

Page 1 of 2

Thread Status:: Not open for further replies.

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved