TechSpot

Removal of win32/zbot.g

By chuzzle
Aug 6, 2011
  1. Hi,

    Seems quite common to have this nasty bugger at the moment. Have been getting AVG alerts since last night - starting with firefox plugins and now running to virtually every program I have installed:( Have run malware; GMER and DDS and will post the logs below. If anyone could help out I would be eternally grateful as I have a thesis to hand in in three weeks time which is all on this laptop!!

    Many Thanks

    Marty


    p.s. incidentally there are two GMER logs below as the first time I only scanned one partition of my hardrive (did the second one the second time around - it took an hour or so?!?! Is that OK?)
    *******************

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7393

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    06/08/2011 16:22:22
    mbam-log-2011-08-06 (16-22-22).txt

    Scan type: Quick scan
    Objects scanned: 193264
    Time elapsed: 10 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    **************
     
  2. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Sorry here are the rest of my scans:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-06 18:41:22
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723225L9A360 rev.FCDOC30F
    Running: rt60ln90.exe; Driver: C:\DOCUME~1\marty\LOCALS~1\Temp\awldqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT spdb.sys ZwCreateKey [0xB7EB50E0]
    SSDT spdb.sys ZwEnumerateKey [0xB7ECDDA4]
    SSDT spdb.sys ZwEnumerateValueKey [0xB7ECE132]
    SSDT spdb.sys ZwOpenKey [0xB7EB50C0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB83C1738]
    SSDT spdb.sys ZwQueryKey [0xB7ECE20A]
    SSDT spdb.sys ZwQueryValueKey [0xB7ECE08A]
    SSDT spdb.sys ZwSetValueKey [0xB7ECE29C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB83C17DC]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB83C1878]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB83C1914]

    INT 0x63 ? 8A515BF8
    INT 0x63 ? 8A515BF8
    INT 0x63 ? 8A515BF8
    INT 0x63 ? 8A515BF8
    INT 0x63 ? 8A2A5F00
    INT 0x63 ? 8A2A5F00
    INT 0x63 ? 8A2A5F00
    INT 0x63 ? 8A515BF8
    INT 0x83 ? 8A2A5F00
    INT 0x83 ? 8A517BF8
    INT 0x83 ? 8A517BF8
    INT 0x83 ? 8A517BF8
    INT 0x94 ? 8A2A5F00
    INT 0xA4 ? 8A2A5F00
    INT 0xB4 ? 8A2A5F00

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spdb.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73193A0, 0x5FE082, 0xE8000020]
    .text USBPORT.SYS!DllUnload B72FA62C 5 Bytes JMP 8A2A54E0

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\ctfmon.exe[240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
    .text C:\WINDOWS\system32\ctfmon.exe[240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
    .text C:\WINDOWS\system32\ctfmon.exe[240] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
    .text C:\WINDOWS\system32\ctfmon.exe[240] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
    .text C:\WINDOWS\system32\RUNDLL32.EXE[440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
    .text C:\WINDOWS\system32\RUNDLL32.EXE[440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
    .text C:\WINDOWS\system32\RUNDLL32.EXE[440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
    .text C:\WINDOWS\system32\RUNDLL32.EXE[440] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
    .text C:\WINDOWS\BisonCam\DeLay.exe[444] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
    .text C:\WINDOWS\BisonCam\DeLay.exe[444] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
    .text C:\WINDOWS\BisonCam\DeLay.exe[444] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
    .text C:\WINDOWS\BisonCam\DeLay.exe[444] user32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
    .text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
    .text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
    .text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
    .text C:\Program Files\HotKey_Driver\HotKeyDriver.exe[824] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
    ? C:\WINDOWS\system32\services.exe[916] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
    .text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
    .text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
    .text C:\WINDOWS\system32\services.exe[916] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
    .text C:\WINDOWS\system32\services.exe[916] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
    .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
    .text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
    .text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
    .text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
    .text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
    .text C:\WINDOWS\system32\lsass.exe[932] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
    .text C:\WINDOWS\system32\nvsvc32.exe[1124] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200658BF
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20059E20
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2006573B
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1252] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200605B1
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2002573B
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200211A3
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200214CD
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!send 71AB428A 5 Bytes JMP 20021155
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2002162A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2002145E
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20021542
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200217E6
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20021705
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200215B3
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1264] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200205B1
    ? C:\WINDOWS\system32\svchost.exe[1304] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
    .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
    .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
    .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
    ? C:\WINDOWS\System32\svchost.exe[1360] time/date stamp mismatch;
    .text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
    .text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
    .text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2002573B
    .text C:\WINDOWS\System32\svchost.exe[1360] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200205B1
    ? C:\WINDOWS\system32\svchost.exe[1408] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
    .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
    .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
    .text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
    .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
    ? C:\WINDOWS\system32\svchost.exe[1464] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
    .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
    .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
    .text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpOpenRequestA 771C3674 5 Bytes JMP 202E291B
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 202E1EBB
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 202E2975
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 202E1E27
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 202E2860
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestExW 771CE989 5 Bytes JMP 202E1D9B
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpOpenRequestW 771CF3BE 5 Bytes JMP 202E2948
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 202E299C
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 202E2541
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetWriteFile 771F8147 5 Bytes JMP 202E1E8E
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 202E269E
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetReadFileExW 771F90DE 5 Bytes JMP 202E2745
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 202E1E5C
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!HttpSendRequestExA 772124B1 5 Bytes JMP 202E1DE1
    ? C:\WINDOWS\system32\svchost.exe[1488] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
    .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
    .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
    .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
    .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
    ? C:\WINDOWS\system32\svchost.exe[1568] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
    .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
    .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
    .text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
    .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
    .text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B58BF
    .text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200A9E20
    .text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 200B573B
    .text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200B05B1
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200B11A3
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 200B14CD
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!send 71AB428A 5 Bytes JMP 200B1155
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 200B162A
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!recv 71AB615A 5 Bytes JMP 200B145E
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 200B1542
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 200B17E6
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 200B1705
    .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 200B15B3
    .text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200358BF
    .text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20029E20
    .text C:\WINDOWS\RTHDCPL.EXE[1712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2003573B
    .text C:\WINDOWS\RTHDCPL.EXE[1712] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 200305B1
    ? C:\WINDOWS\system32\svchost.exe[1776] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E58BF
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D9E20
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E573B
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!TranslateMessage 77D48BCE 5 Bytes JMP 202E05B1
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpOpenRequestA 771C3674 5 Bytes JMP 202E291B
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 202E1EBB
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 202E2975
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 202E1E27
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 202E2860
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestExW 771CE989 5 Bytes JMP 202E1D9B
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpOpenRequestW 771CF3BE 5 Bytes JMP 202E2948
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 202E299C
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetQueryDataAvailable 771D8A37 5 Bytes JMP 202E2541
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetWriteFile 771F8147 5 Bytes JMP 202E1E8E
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetReadFileExA 771F868E 5 Bytes JMP 202E269E
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetReadFileExW 771F90DE 5 Bytes JMP 202E2745
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 202E1E5C
    .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestExA 772124B1 5 Bytes JMP 202E1DE1
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E11A3
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E14CD
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E1155
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E162A
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!recv 71AB615A 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E145E
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E1542
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E17E6
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E1705
    .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E15B3
    ? C:\WINDOWS\Explorer.EXE[1808] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: OLEAUT32.dllunknown module: BROWSEUI.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
     
  3. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Edit: Excess GMER log deleted by Bobbye
     
  4. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    GMER log #2


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-06 19:16:14
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723225L9A360 rev.FCDOC30F
    Running: rt60ln90.exe; Driver: C:\DOCUME~1\marty\LOCALS~1\Temp\awldqpow.sys

    Edit: Second excess GMER log deleted by Bobbye
     
  5. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Edit: Excess duplicate GMER log deleted by Bobbye
     
  6. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180
    Run by marty at 19:41:01 on 2011-08-06
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3037.1717 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\BisonCam\BisonHK.exe
    C:\WINDOWS\BisonCam\DeLay.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\iprntlgn.exe
    C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HotKey_Driver\HotKeyDriver.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\marty\local settings\application data\efbbjphn\mlsntpqe.exe,
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [AdobeBridge]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MlsNtpqe] c:\documents and settings\marty\local settings\application data\efbbjphn\mlsntpqe.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
    mRun: [DeLay] c:\windows\bisoncam\DeLay.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
    mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
    mRun: [EaseUs Watch] "c:\program files\easeus\todo backup 2.0\bin\EuWatch.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotkey~1.lnk - c:\program files\hotkey_driver\HotKeyDriver.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{6F72F2F1-8B41-494E-9159-32DE9C61C292} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\marty\application data\mozilla\firefox\profiles\vix162iz.default\
    FF - component: c:\documents and settings\marty\application data\mozilla\firefox\profiles\vix162iz.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\documents and settings\marty\application data\mozilla\firefox\profiles\vix162iz.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\nitro pdf\reader\npdf.dll
    FF - plugin: c:\program files\nitro pdf\reader\npnitromozilla.dll
    FF - plugin: c:\windows\system32\npnipp.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-4-23 30472]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-4-23 20744]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-4-23 14216]
    R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2011-5-11 34593]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup 2.0\bin\Agent.exe [2011-6-2 55688]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2011-4-23 187400]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-1-5 84240]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-1-5 100456]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-1-5 340096]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-1-19 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-1-19 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2011-08-03 20:28:49 -------- d-----w- c:\documents and settings\marty\local settings\application data\efbbjphn
    2011-07-20 10:33:41 -------- d-----w- C:\GIS
    2011-07-11 23:57:59 -------- d-----w- c:\documents and settings\marty\application data\Safe Software
    2011-07-11 23:49:17 -------- d-----w- c:\documents and settings\marty\.idlerc
    .
    ==================== Find3M ====================
    .
    2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-30 19:36:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-21 17:56:44 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
    2011-06-21 17:56:42 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
    2011-05-18 21:22:07 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-05-11 01:02:16 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-05-11 01:02:16 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-05-11 01:01:58 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-05-21 15:59:50 3095040 ----a-w- c:\program files\openofficeorg32.msi
    2010-05-21 15:58:20 460088 ----a-w- c:\program files\setup.exe
    .
    ============= FINISH: 19:41:42.50 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 05/01/2011 12:16:53
    System Uptime: 06/08/2011 15:54:17 (4 hours ago)
    .
    Motherboard: CLEVO Co. | | M740TU(n)/M760TU(n)/W7X0TUN
    Processor: Intel Pentium III Xeon processor | U2E1 | 1994/200mhz
    Processor: Intel Pentium III Xeon processor | U2E1 | 1995/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 38 GiB total, 0.563 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 195 GiB total, 98.672 GiB free.
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_08061558&REV_02\4&3905AE0C&0&00E3
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_08061558&REV_02\4&3905AE0C&0&00E3
    Service: RTLE8023xp
    .
    ==== System Restore Points ===================
    .
    RP69: 11/07/2011 19:51:26 - Removed AVG 2011
    RP70: 19/07/2011 08:37:24 - Removed AVG 2011
    RP71: 25/07/2011 17:45:12 - Removed Skype™ 5.1
    RP72: 25/07/2011 17:47:01 - Removed Skype Toolbars
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP BiDi Channel Components Installer
    Active@ ISO Burner
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 Plugin
    Adobe Illustrator CS5
    Adobe InDesign CS5
    Adobe Media Player
    Adobe Photoshop CS5
    ArcGIS Desktop
    ArcGIS Explorer
    ArcGIS Tutorial Data
    AVG 2011
    Beer Engine 1.0.1.0
    BisonCam
    CCleaner
    CometBird (3.6.13)
    Conduit Engine
    EASEUS Partition Master 6.5.2 Home Edition
    EASEUS Todo Backup Home 2.0
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    HotKey_Driver
    Java Auto Updater
    Java(TM) 6 Update 23
    JMicron JMB38X Flash Media Controller
    Live 8.0.1
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Motorola SM56 Data Fax Modem
    Mozilla Firefox 5.0 (x86 en-GB)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nitro PDF Reader 2
    Novell iPrint Client v05.30.00
    NVIDIA Control Panel 266.58
    NVIDIA Graphics Driver 266.58
    NVIDIA HD Audio Driver 1.1.13.1
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    OpenOffice.org 3.2
    PandoraRecovery (Remove Only)
    PDF Settings CS5
    Python 2.5 numpy-1.0.3
    Python 2.5.1
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    REALTEK RTL8187B Wireless LAN Driver
    Recuva
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Skype Toolbars
    Skype™ 5.3
    SoulSeek 157 NS 13e
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    SyncBack
    TweakNow PowerPack 2011 SP1a
    Update for Windows XP (KB898461)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    VLC media player 1.1.10
    Vuze
    Vuze Remote Toolbar
    WebFldrs XP
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR 4.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/07/2011 08:48:03, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    30/07/2011 08:48:03, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    30/07/2011 08:48:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    06/08/2011 18:47:13, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    .
    ==== End Of File ===========================
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! As you will have seen, I deleted some of the GMER log. The directions specifically say:

    When Show All is selected, post after post of useless entries are displayed.
    ==================================================
    I haven't checked the AVG forums in a couple of days to see whether the Zbot is a False Positive. AVG tends to put out updates that cause their users to have incidences like this. So please run the following:

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  8. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Hi,

    Thankyou so much for getting back to me so quickly.

    OK so I ran GMER again - no boxes ticked:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-06 21:45:19
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723225L9A360 rev.FCDOC30F
    Running: rt60ln90.exe; Driver: C:\DOCUME~1\marty\LOCALS~1\Temp\awldqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT spbm.sys ZwEnumerateKey [0xB7ECDDA4]
    SSDT spbm.sys ZwEnumerateValueKey [0xB7ECE132]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5141F8
    Device \Driver\atapi \Device\Ide\IdePort0 8A5141F8
    Device \Driver\atapi \Device\Ide\IdePort1 8A5141F8
    Device \Driver\atapi \Device\Ide\IdePort2 8A5141F8
    Device \Driver\atapi \Device\Ide\IdePort3 8A5141F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A5141F8
    Device \Driver\JMCR \Device\Scsi\JMCR1 8A22B500
    Device \Driver\JMCR \Device\Scsi\JMCR2 8A22B500
    Device \Driver\JMCR \Device\Scsi\JMCR3 8A22B500
    Device \FileSystem\Ntfs \Ntfs 8A5131F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Fastfat \Fat 8975F1F8

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----


    That website is not happening though. I don't seem to be able to access that site. I'm getting this error mesage:

    'Unable to Connect: Firefor can't establish a connection'

    I can access other websites but not any that you have posted up here. I downloaded that eset.com scanner to another laptop though and copied it across with a memory stick and installed. However, it fails at the first stage of installation as it says 'Cannot Get update: is proxy configured'?

    Any ideas?

    Cheers

    Marty
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please uninstall the following:
    Vuze
    Vuze Remote Toolbar

    If you have any other file sharing software, remove it also:

    P2P or 'file sharing' Warning: Uninstalling is recommended for these reasons:
    • Even if you are using a "safe" P2P program, it is only the program that is safe.
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warning to help you better understand these dangers.
    ===========================================
    Can't let this go by without a comment on the Beer Engine! Homebrewers haven, huh? Took look at the site- too bad the picture didn't come out!
    ================
    You can't do the Eset Online Scan using a flash drive. You must be online to use it. So let do the following:
    The Java is outdated. That will most certainly mean you have malware in the Java cache. So you should empty it as follows:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ================================
    Use the flash drive to download all of the following programs, then connect the drive and run them on the problem computer. Load one of the temporary AV: Do not run until after you have removed AVG with the AppRemover.

    Follow the run order below:
    1. Run Java update
    2. Run App Remover for AVG
    3. Run the temporary AV
    4. Run Combofix

    ===============================
    1. When that has been done, use the flash drive to download the current Java update: Java Updates Connect the flash and install the new Java. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    =================================
    2. Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.
    ==================================
    3. Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    ==============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    4. Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ======================================
    The only log you will have to leave in the next rely is the Combofix log.
     
  10. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Hey man,

    Thanks again for getting back to me so soon. Got rid of Vuze, but am unable to either unisntall my older version of Java or reinstall the offline version.

    I am getting the error meesage:

    'Error 1606.Could not access network location :.'

    Any ideas?

    p.s. yep, it's all about the homebrew:)
     
  11. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Ok, finally got that sorted. Got Java reinstalled and followed all the posts in your last message. Here's the ComboFix log:

    ComboFix 11-08-06.02 - marty 07/08/2011 13:44:32.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3037.2405 [GMT 1:00]
    Running from: c:\documents and settings\marty\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\marty\Application Data\Adobe\plugs
    c:\documents and settings\marty\Application Data\Adobe\shed
    c:\documents and settings\marty\Application Data\Help
    c:\documents and settings\marty\Application Data\winrar
    c:\documents and settings\marty\Application Data\winrar\version.dat
    c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}
    c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\chrome.manifest
    c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\chrome\content\_cfg.js
    c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\chrome\content\overlay.xul
    c:\documents and settings\marty\Local Settings\Application Data\{36DDAC0C-07CE-41B3-8A8E-FBA6322D2AA8}\install.rdf
    c:\documents and settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe
    c:\program files\explorer
    c:\program files\explorer\AddressParser\AddressParserConfiguration.xml
    c:\program files\explorer\AddressParser\parser_andorra.xml
    c:\program files\explorer\AddressParser\parser_austria.xml
    c:\program files\explorer\AddressParser\parser_belgium.xml
    c:\program files\explorer\AddressParser\parser_canada.xml
    c:\program files\explorer\AddressParser\parser_denmark.xml
    c:\program files\explorer\AddressParser\parser_france.xml
    c:\program files\explorer\AddressParser\parser_germany.xml
    c:\program files\explorer\AddressParser\parser_ireland.xml
    c:\program files\explorer\AddressParser\parser_italy.xml
    c:\program files\explorer\AddressParser\parser_liechtenstein.xml
    c:\program files\explorer\AddressParser\parser_luxembourg.xml
    c:\program files\explorer\AddressParser\parser_monaco.xml
    c:\program files\explorer\AddressParser\parser_netherlands.xml
    c:\program files\explorer\AddressParser\parser_norway.xml
    c:\program files\explorer\AddressParser\parser_portugal.xml
    c:\program files\explorer\AddressParser\parser_spain.xml
    c:\program files\explorer\AddressParser\parser_sweden.xml
    c:\program files\explorer\AddressParser\parser_switzerland.xml
    c:\program files\explorer\AddressParser\parser_uk.xml
    c:\program files\explorer\AddressParser\parser_usa.xml
    c:\program files\explorer\basemaps\basemaps.de.xml
    c:\program files\explorer\basemaps\basemaps.es.xml
    c:\program files\explorer\basemaps\basemaps.fr.xml
    c:\program files\explorer\basemaps\basemaps.ja-jp.xml
    c:\program files\explorer\basemaps\basemaps.xml
    c:\program files\explorer\basemaps\basemaps.zh-CN.xml
    c:\program files\explorer\basemaps\Server\basemap0.nmf
    c:\program files\explorer\basemaps\Server\basemap0.png
    c:\program files\explorer\basemaps\Server\basemap1.nmf
    c:\program files\explorer\basemaps\Server\basemap1.png
    c:\program files\explorer\basemaps\Server\basemap10.nmf
    c:\program files\explorer\basemaps\Server\basemap10.png
    c:\program files\explorer\basemaps\Server\basemap11.nmf
    c:\program files\explorer\basemaps\Server\basemap11.png
    c:\program files\explorer\basemaps\Server\basemap2.nmf
    c:\program files\explorer\basemaps\Server\basemap2.png
    c:\program files\explorer\basemaps\Server\basemap3.nmf
    c:\program files\explorer\basemaps\Server\basemap3.png
    c:\program files\explorer\basemaps\Server\basemap4.nmf
    c:\program files\explorer\basemaps\Server\basemap4.png
    c:\program files\explorer\basemaps\Server\basemap5.nmf
    c:\program files\explorer\basemaps\Server\basemap5.png
    c:\program files\explorer\basemaps\Server\basemap6.nmf
    c:\program files\explorer\basemaps\Server\basemap6.png
    c:\program files\explorer\basemaps\Server\basemap7.nmf
    c:\program files\explorer\basemaps\Server\basemap7.png
    c:\program files\explorer\basemaps\Server\basemap8.nmf
    c:\program files\explorer\basemaps\Server\basemap8.png
    c:\program files\explorer\basemaps\Server\basemap9.nmf
    c:\program files\explorer\basemaps\Server\basemap9.png
    c:\program files\explorer\basemaps\Server\basemaps.de.xml
    c:\program files\explorer\basemaps\Server\basemaps.es.xml
    c:\program files\explorer\basemaps\Server\basemaps.fr.xml
    c:\program files\explorer\basemaps\Server\basemaps.ja-jp.xml
    c:\program files\explorer\basemaps\Server\basemaps.xml
    c:\program files\explorer\basemaps\Server\basemaps.zh-CN.xml
    c:\program files\explorer\bin\3dAnalystUtil.dll
    c:\program files\explorer\bin\3DSymbols.dll
    c:\program files\explorer\bin\3DSymbolsLib.dll
    c:\program files\explorer\bin\AfCore.dll
    c:\program files\explorer\bin\AfUtil.dll
    c:\program files\explorer\bin\AGSClient.dll
    c:\program files\explorer\bin\aibase.dll
    c:\program files\explorer\bin\aifeat.dll
    c:\program files\explorer\bin\AISClient.dll
    c:\program files\explorer\bin\AISGlobalLib.dll
    c:\program files\explorer\bin\aishape.dll
    c:\program files\explorer\bin\Animation.dll
    c:\program files\explorer\bin\AnnoLayer.dll
    c:\program files\explorer\bin\Annotation.dll
    c:\program files\explorer\bin\AnnotationLib.dll
    c:\program files\explorer\bin\AoInitializer.dll
    c:\program files\explorer\bin\AppInitializerLib.dll
    c:\program files\explorer\bin\ApplicationConfigurationManager.exe
    c:\program files\explorer\bin\ArcGISExplorer.ISCConfig
    c:\program files\explorer\bin\atl71.dll
    c:\program files\explorer\bin\BasemapLayer.dll
    c:\program files\explorer\bin\BasicRasterPicture.dll
    c:\program files\explorer\bin\BGLAPI.dll
    c:\program files\explorer\bin\BGLAPILib.dll
    c:\program files\explorer\bin\BGLFontEngine.dll
    c:\program files\explorer\bin\BGLGeomChestLib.dll
    c:\program files\explorer\bin\BGLGeometricEffects.dll
    c:\program files\explorer\bin\BGLImageCoders.dll
    c:\program files\explorer\bin\BGLRasterizerLib.dll
    c:\program files\explorer\bin\BGLRasterizerSW.dll
    c:\program files\explorer\bin\BGLSymbols.dll
    c:\program files\explorer\bin\BGLSymbolsLib.dll
    c:\program files\explorer\bin\BGLToGDIHelper.dll
    c:\program files\explorer\bin\bin.zreg
    c:\program files\explorer\bin\CacheRasterDB.dll
    c:\program files\explorer\bin\CadastralFabric.dll
    c:\program files\explorer\bin\CadastralFabricLayer.dll
    c:\program files\explorer\bin\CadEngine.dll
    c:\program files\explorer\bin\CadFDB.dll
    c:\program files\explorer\bin\CadLayer.dll
    c:\program files\explorer\bin\CadWorkspaceFactory.dll
    c:\program files\explorer\bin\Camera.dll
    c:\program files\explorer\bin\CartoControlsLib.dll
    c:\program files\explorer\bin\CartoConverter.dll
    c:\program files\explorer\bin\CartoXLib.dll
    c:\program files\explorer\bin\CIM.dll
    c:\program files\explorer\bin\CIMLib.dll
    c:\program files\explorer\bin\Color.dll
    c:\program files\explorer\bin\ComplexSymbols.dll
    c:\program files\explorer\bin\CompressedDataFile.dll
    c:\program files\explorer\bin\Configuration\CATID\esri.catid.ecfg
    c:\program files\explorer\bin\Configuration\CLSID\esri.clsid.ecfg
    c:\program files\explorer\bin\DADFLib.dll
    c:\program files\explorer\bin\DaeFile.dll
    c:\program files\explorer\bin\DataConverterLib.dll
    c:\program files\explorer\bin\dbghelp.dll
    c:\program files\explorer\bin\de\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\de\DADFRes.dll
    c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\de\ResToolkitPro.dll
    c:\program files\explorer\bin\DECoreLib.dll
    c:\program files\explorer\bin\DFORRT.DLL
    c:\program files\explorer\bin\Display.dll
    c:\program files\explorer\bin\DisplayFeedback.dll
    c:\program files\explorer\bin\DisplayGraph.dll
    c:\program files\explorer\bin\DisplayLib.dll
    c:\program files\explorer\bin\DistributedGeodbLib.dll
    c:\program files\explorer\bin\DynamicDisplay.dll
    c:\program files\explorer\bin\e3.config.xml
    c:\program files\explorer\bin\E3.exe
    c:\program files\explorer\bin\E3.exe.config
    c:\program files\explorer\bin\E3Control.dll
    c:\program files\explorer\bin\E3EmailHelper.exe
    c:\program files\explorer\bin\EngineGraphics.dll
    c:\program files\explorer\bin\EnginePackager.dll
    c:\program files\explorer\bin\es\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\es\DADFRes.dll
    c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\es\ResToolkitPro.dll
    c:\program files\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll
    c:\program files\explorer\bin\ESRI.ArcGISExplorer.Application.dll
    c:\program files\explorer\bin\ESRI.ArcGISExplorer.dll
    c:\program files\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll
    c:\program files\explorer\bin\ESRI.DADF.Core.dll
    c:\program files\explorer\bin\ESRI.DADF.dll
    c:\program files\explorer\bin\esrizip.exe
    c:\program files\explorer\bin\Export.dll
    c:\program files\explorer\bin\ExtTopoEngine.dll
    c:\program files\explorer\bin\FdaCore.dll
    c:\program files\explorer\bin\FdaCoreLib.dll
    c:\program files\explorer\bin\FdaRel.dll
    c:\program files\explorer\bin\FeatureDataConverter.dll
    c:\program files\explorer\bin\FeatureDataElements.dll
    c:\program files\explorer\bin\FeatureLayer.dll
    c:\program files\explorer\bin\FeatureLayerLib.dll
    c:\program files\explorer\bin\FgdbRasterDB.dll
    c:\program files\explorer\bin\FgdbUtilLib.dll
    c:\program files\explorer\bin\FileDataElements.dll
    c:\program files\explorer\bin\FileDBCoreLib.dll
    c:\program files\explorer\bin\FileGDB.dll
    c:\program files\explorer\bin\FileGDBWorkspaceFactory.dll
    c:\program files\explorer\bin\fr\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\fr\DADFRes.dll
    c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\fr\ResToolkitPro.dll
    c:\program files\explorer\bin\FunctionRasterDB.dll
    c:\program files\explorer\bin\gdal16.dll
    c:\program files\explorer\bin\GdalRasterDB.dll
    c:\program files\explorer\bin\GdbCatalog.dll
    c:\program files\explorer\bin\GdbCore.dll
    c:\program files\explorer\bin\GdbCoreLib.dll
    c:\program files\explorer\bin\GdbNet.dll
    c:\program files\explorer\bin\GdbTopo.dll
    c:\program files\explorer\bin\GeoDataExtraction.dll
    c:\program files\explorer\bin\GeoDataServer.dll
    c:\program files\explorer\bin\GeoDataTransfer.dll
    c:\program files\explorer\bin\Geometry.dll
    c:\program files\explorer\bin\GeoprocessingLib.dll
    c:\program files\explorer\bin\GeoProcessor.dll
    c:\program files\explorer\bin\GeoRSSPlugin.dll
    c:\program files\explorer\bin\glew32.dll
    c:\program files\explorer\bin\Globe.dll
    c:\program files\explorer\bin\GlobeCamera.dll
    c:\program files\explorer\bin\GlobeClient.dll
    c:\program files\explorer\bin\GlobeCoreLib.dll
    c:\program files\explorer\bin\GlobeDisplay.dll
    c:\program files\explorer\bin\GlobeLayers.dll
    c:\program files\explorer\bin\GlobeServer.dll
    c:\program files\explorer\bin\GlobeServerLayer.dll
    c:\program files\explorer\bin\GlobeViewerCoreLib.dll
    c:\program files\explorer\bin\GPClient.dll
    c:\program files\explorer\bin\GpObjects.dll
    c:\program files\explorer\bin\GpPythonCore.dll
    c:\program files\explorer\bin\GPRasterFunctions.dll
    c:\program files\explorer\bin\GraphicElements.dll
    c:\program files\explorer\bin\hd420m.dll
    c:\program files\explorer\bin\hdf5dll.dll
    c:\program files\explorer\bin\hm420m.dll
    c:\program files\explorer\bin\icudt40.dll
    c:\program files\explorer\bin\icuin40.dll
    c:\program files\explorer\bin\icuio40.dll
    c:\program files\explorer\bin\icule40.dll
    c:\program files\explorer\bin\icuuc40.dll
    c:\program files\explorer\bin\ImageAccessLib.dll
    c:\program files\explorer\bin\ImageClient.dll
    c:\program files\explorer\bin\ImageServer.dll
    c:\program files\explorer\bin\ImageServerLayer.dll
    c:\program files\explorer\bin\IMSConnector.dll
    c:\program files\explorer\bin\ImsFDB.dll
    c:\program files\explorer\bin\IMSLayer.dll
    c:\program files\explorer\bin\IMSLayerLib.dll
    c:\program files\explorer\bin\IMSServiceLib.dll
    c:\program files\explorer\bin\ImsWorkspaceFactory.dll
    c:\program files\explorer\bin\InMemoryWorkspaceFactory.dll
    c:\program files\explorer\bin\InputDevice3Dx.dll
    c:\program files\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll
    c:\program files\explorer\bin\ja-JP\DADFRes.dll
    c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\ja-JP\ResToolkitPro.dll
    c:\program files\explorer\bin\kdu61.dll
    c:\program files\explorer\bin\KmlLayer.dll
    c:\program files\explorer\bin\LabelPlacement.dll
    c:\program files\explorer\bin\Layer.dll
    c:\program files\explorer\bin\LayerLib.dll
    c:\program files\explorer\bin\lcms117lib.dll
    c:\program files\explorer\bin\libcollada14dom21.dll
    c:\program files\explorer\bin\libcurl.dll
    c:\program files\explorer\bin\lti_dsdk_dll.dll
    c:\program files\explorer\bin\Map.dll
    c:\program files\explorer\bin\MapClient.dll
    c:\program files\explorer\bin\MapDB.dll
    c:\program files\explorer\bin\MapElements.dll
    c:\program files\explorer\bin\MaplexEngineLib.dll
    c:\program files\explorer\bin\MapLib.dll
    c:\program files\explorer\bin\MappingCore.dll
    c:\program files\explorer\bin\MappingCoreLib.dll
    c:\program files\explorer\bin\MappingServicesLib.dll
    c:\program files\explorer\bin\MapServer.dll
    c:\program files\explorer\bin\MapServerLayer.dll
    c:\program files\explorer\bin\Marker3DFile.dll
    c:\program files\explorer\bin\MessageSupport.dll
    c:\program files\explorer\bin\Microsoft.VC90.ATL\atl90.dll
    c:\program files\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest
    c:\program files\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
    c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll
    c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll
    c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll
    c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest
    c:\program files\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest
    c:\program files\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll
    c:\program files\explorer\bin\MosaicDB.dll
    c:\program files\explorer\bin\msvcp71.dll
    c:\program files\explorer\bin\msvcr71.dll
    c:\program files\explorer\bin\Navigation.dll
    c:\program files\explorer\bin\NetEngine80.dll
    c:\program files\explorer\bin\Network.dll
    c:\program files\explorer\bin\NetworkAnalystSolvers.dll
    c:\program files\explorer\bin\NetworkDataset.dll
    c:\program files\explorer\bin\OGCClient.dll
    c:\program files\explorer\bin\OutputLib.dll
    c:\program files\explorer\bin\PageLayout.dll
    c:\program files\explorer\bin\pe.dll
    c:\program files\explorer\bin\PlugInDataSource.dll
    c:\program files\explorer\bin\PlugInWorkspaceFactory.dll
    c:\program files\explorer\bin\PrintOut.dll
    c:\program files\explorer\bin\RasterAnalysisUtilLib.dll
    c:\program files\explorer\bin\RasterCatalog.dll
    c:\program files\explorer\bin\RasterCoreLib.dll
    c:\program files\explorer\bin\RasterDB.dll
    c:\program files\explorer\bin\RasterEngine.dll
    c:\program files\explorer\bin\RasterFormats.dat
    c:\program files\explorer\bin\RasterGraphicElements.dll
    c:\program files\explorer\bin\RasterIO.dll
    c:\program files\explorer\bin\RasterLayer.dll
    c:\program files\explorer\bin\RasterRenderer.dll
    c:\program files\explorer\bin\RasterWorkspaceFactory.dll
    c:\program files\explorer\bin\Renderers.dll
    c:\program files\explorer\bin\RepresentationDB.dll
    c:\program files\explorer\bin\RepresentationEffects.dll
    c:\program files\explorer\bin\RepresentationLayer.dll
    c:\program files\explorer\bin\RepresentationLib.dll
    c:\program files\explorer\bin\RepresentationSymbols.dll
    c:\program files\explorer\bin\SceneFilters.dll
    c:\program files\explorer\bin\SceneGraph.dll
    c:\program files\explorer\bin\sdcdbx.dll
    c:\program files\explorer\bin\SDCPlugIn.dll
    c:\program files\explorer\bin\sde.dll
    c:\program files\explorer\bin\SdeFDB.dll
    c:\program files\explorer\bin\SdeRasterDB.dll
    c:\program files\explorer\bin\sdesetup.dll
    c:\program files\explorer\bin\SdeWorkspaceFactory.dll
    c:\program files\explorer\bin\ServerStyleGallery.dll
    c:\program files\explorer\bin\sg.dll
    c:\program files\explorer\bin\ShapefileFDB.dll
    c:\program files\explorer\bin\ShapefileWorkspaceFactory.dll
    c:\program files\explorer\bin\SimpleDataConverter.dll
    c:\program files\explorer\bin\StyleGalleryClasses.dll
    c:\program files\explorer\bin\SystemUIUtil.dll
    c:\program files\explorer\bin\Terrain.dll
    c:\program files\explorer\bin\TerrainLayer.dll
    c:\program files\explorer\bin\TextureCookerService.exe
    c:\program files\explorer\bin\TinDb.dll
    c:\program files\explorer\bin\TinEngine.dll
    c:\program files\explorer\bin\TinLayer.dll
    c:\program files\explorer\bin\TinRenderer.dll
    c:\program files\explorer\bin\TinWorkspaceFactory.dll
    c:\program files\explorer\bin\ViewerCoreLib.dll
    c:\program files\explorer\bin\VpfFDB.dll
    c:\program files\explorer\bin\VpfWorkspaceFactory.dll
    c:\program files\explorer\bin\WebServices.dll
    c:\program files\explorer\bin\WMSLayer.dll
    c:\program files\explorer\bin\xerces-c_2_7.dll
    c:\program files\explorer\bin\XmlSupport.dat
    c:\program files\explorer\bin\XMLSupport.dll
    c:\program files\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll
    c:\program files\explorer\bin\zh-CN\DADFRes.dll
    c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll
    c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll
    c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll
    c:\program files\explorer\bin\zh-CN\ResToolkitPro.dll
    c:\program files\explorer\bin\zlib1.dll
    c:\program files\explorer\bin\zlibwapi.dll
    c:\program files\explorer\ColorProfiles\esriGray22.icc
    c:\program files\explorer\ColorProfiles\Lab2Lab.icm
    c:\program files\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc
    c:\program files\explorer\ColorProfiles\USWebCoatedSWOP.icc
    c:\program files\explorer\ColorProfiles\Xyz2Xyz.icm
    c:\program files\explorer\com\com.zreg
    c:\program files\explorer\com\esriE3.olb
    c:\program files\explorer\license\ExplorerEnglishLicense.pdf
    c:\program files\explorer\license\ExplorerFrenchLicense.pdf
    c:\program files\explorer\license\ExplorerGermanLicense.pdf
    c:\program files\explorer\license\ExplorerJapaneseLicense.pdf
    c:\program files\explorer\license\ExplorerSimplChineseLicense.pdf
    c:\program files\explorer\license\ExplorerSpanishLicense.pdf
    c:\program files\explorer\PackageTemplates\ArcGISExplorer.stylesheet
    c:\program files\explorer\PackageTemplates\Package931.template
    c:\program files\explorer\pedata\gdaldata\coordinate_axis.csv
    c:\program files\explorer\pedata\gdaldata\cubewerx_extra.wkt
    c:\program files\explorer\pedata\gdaldata\ecw_cs.dat
    c:\program files\explorer\pedata\gdaldata\ellipsoid.csv
    c:\program files\explorer\pedata\gdaldata\epsg.wkt
    c:\program files\explorer\pedata\gdaldata\esri_extra.wkt
    c:\program files\explorer\pedata\gdaldata\gcs.csv
    c:\program files\explorer\pedata\gdaldata\gdal_datum.csv
    c:\program files\explorer\pedata\gdaldata\gdalicon.png
    c:\program files\explorer\pedata\gdaldata\pcs.csv
    c:\program files\explorer\pedata\gdaldata\prime_meridian.csv
    c:\program files\explorer\pedata\gdaldata\projop_wparm.csv
    c:\program files\explorer\pedata\gdaldata\s57attributes.csv
    c:\program files\explorer\pedata\gdaldata\s57expectedinput.csv
    c:\program files\explorer\pedata\gdaldata\s57objectclasses.csv
    c:\program files\explorer\pedata\gdaldata\seed_2d.dgn
    c:\program files\explorer\pedata\gdaldata\seed_3d.dgn
    c:\program files\explorer\pedata\gdaldata\stateplane.csv
    c:\program files\explorer\pedata\gdaldata\unit_of_measure.csv
    c:\program files\explorer\plugins\explorerCore.ecfg
    c:\program files\explorer\schemas\ExplorerAddIn.xsd
    c:\program files\explorer\schemas\ExplorerGeometry.xsd
    c:\program files\explorer\schemas\NmfDocument.xsd
    c:\program files\explorer\Styles\default.css
    c:\program files\explorer\Styles\Directions\CheckeredFlag16.png
    c:\program files\explorer\Styles\Directions\GreenFlag16.png
    c:\program files\explorer\Styles\Directions\Print16.png
    c:\program files\explorer\Styles\ExplorerColors.de.xml
    c:\program files\explorer\Styles\ExplorerColors.es.xml
    c:\program files\explorer\Styles\ExplorerColors.fr.xml
    c:\program files\explorer\Styles\ExplorerColors.ja-JP.xml
    c:\program files\explorer\Styles\ExplorerColors.xml
    c:\program files\explorer\Styles\ExplorerColors.zh-CN.xml
    c:\program files\explorer\Styles\ExplorerSymbols.de.xml
    c:\program files\explorer\Styles\ExplorerSymbols.es.xml
    c:\program files\explorer\Styles\ExplorerSymbols.fr.xml
    c:\program files\explorer\Styles\ExplorerSymbols.ja-JP.xml
    c:\program files\explorer\Styles\ExplorerSymbols.xml
    c:\program files\explorer\Styles\ExplorerSymbols.zh-CN.xml
    c:\program files\explorer\Styles\kml.css
    c:\program files\explorer\Styles\KMLIcons\american-flag.png
    c:\program files\explorer\Styles\KMLIcons\arrow.png
    c:\program files\explorer\Styles\KMLIcons\asian-flag.png
    c:\program files\explorer\Styles\KMLIcons\auto-service.png
    c:\program files\explorer\Styles\KMLIcons\auto.png
    c:\program files\explorer\Styles\KMLIcons\bang.png
    c:\program files\explorer\Styles\KMLIcons\bars.png
    c:\program files\explorer\Styles\KMLIcons\building.png
    c:\program files\explorer\Styles\KMLIcons\coffee_house_16.png
    c:\program files\explorer\Styles\KMLIcons\crosshair.png
    c:\program files\explorer\Styles\KMLIcons\dining.png
    c:\program files\explorer\Styles\KMLIcons\dining_16.png
    c:\program files\explorer\Styles\KMLIcons\dot.png
    c:\program files\explorer\Styles\KMLIcons\fast-food.png
    c:\program files\explorer\Styles\KMLIcons\four-dollars.png
    c:\program files\explorer\Styles\KMLIcons\french-flag.png
    c:\program files\explorer\Styles\KMLIcons\hand.png
    c:\program files\explorer\Styles\KMLIcons\high_res_places.png
    c:\program files\explorer\Styles\KMLIcons\highway_16.png
    c:\program files\explorer\Styles\KMLIcons\italian-flag.png
    c:\program files\explorer\Styles\KMLIcons\large_traffic_count_16.png
    c:\program files\explorer\Styles\KMLIcons\mexican-flag.png
    c:\program files\explorer\Styles\KMLIcons\misc_dining.png
    c:\program files\explorer\Styles\KMLIcons\note.png
    c:\program files\explorer\Styles\KMLIcons\one-dollar.png
    c:\program files\explorer\Styles\KMLIcons\palette-2.png
    c:\program files\explorer\Styles\KMLIcons\palette-3.png
    c:\program files\explorer\Styles\KMLIcons\palette-4.png
    c:\program files\explorer\Styles\KMLIcons\palette-5.png
    c:\program files\explorer\Styles\KMLIcons\parks.png
    c:\program files\explorer\Styles\KMLIcons\recreation.png
    c:\program files\explorer\Styles\KMLIcons\school_16.png
    c:\program files\explorer\Styles\KMLIcons\search.png
    c:\program files\explorer\Styles\KMLIcons\streamed_layer.png
    c:\program files\explorer\Styles\KMLIcons\streamed_layers.png
    c:\program files\explorer\Styles\KMLIcons\terrain_16.png
    c:\program files\explorer\Styles\KMLIcons\three-dollars.png
    c:\program files\explorer\Styles\KMLIcons\transportation.png
    c:\program files\explorer\Styles\KMLIcons\two-dollars.png
    c:\program files\explorer\Styles\KMLIcons\webcam_16.png
    c:\program files\explorer\Styles\SlideTitleStyles.de.xml
    c:\program files\explorer\Styles\SlideTitleStyles.es.xml
    c:\program files\explorer\Styles\SlideTitleStyles.fr.xml
    c:\program files\explorer\Styles\SlideTitleStyles.ja-JP.xml
    c:\program files\explorer\Styles\SlideTitleStyles.xml
    c:\program files\explorer\Styles\SlideTitleStyles.zh-CN.xml
    c:\program files\explorer\Styles\StyleSheet.xsl
    c:\program files\explorer\Styles\SymbolImages\Civic\ATM.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Bank.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Bell.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Cemetery.png
    c:\program files\explorer\Styles\SymbolImages\Civic\City.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Clue.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Crowd.png
    c:\program files\explorer\Styles\SymbolImages\Civic\GhostTown.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Horn.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Housing.png
    c:\program files\explorer\Styles\SymbolImages\Civic\MailPost.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Office.png
    c:\program files\explorer\Styles\SymbolImages\Civic\Radioactive.png
    c:\program files\explorer\Styles\SymbolImages\Civic\School.png
    c:\program files\explorer\Styles\SymbolImages\Civic\StarsStripes.png
    c:\program files\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\GreenFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\RedFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\WhiteFlag.png
    c:\program files\explorer\Styles\SymbolImages\Flag\YellowFlag.png
    c:\program files\explorer\Styles\SymbolImages\Health\AidStation.png
    c:\program files\explorer\Styles\SymbolImages\Health\Ambulance.png
    c:\program files\explorer\Styles\SymbolImages\Health\Doctor.png
    c:\program files\explorer\Styles\SymbolImages\Health\Health.png
    c:\program files\explorer\Styles\SymbolImages\Health\Hospital.png
    c:\program files\explorer\Styles\SymbolImages\Health\Pharmacy.png
    c:\program files\explorer\Styles\SymbolImages\Marine\AmberBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\BlackBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\BlueBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png
    c:\program files\explorer\Styles\SymbolImages\Marine\ControlledArea.png
    c:\program files\explorer\Styles\SymbolImages\Marine\Danger.png
    c:\program files\explorer\Styles\SymbolImages\Marine\DiverDown.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\PersonOverboard.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RadioBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png
    c:\program files\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png
    c:\program files\explorer\Styles\SymbolImages\Marine\VioletBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png
    c:\program files\explorer\Styles\SymbolImages\Marine\Wreck.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Capital1.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Capital2.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\CircleX.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\CrossHair.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated1.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated2.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated3.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated4.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated5.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated6.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Populated7.png
    c:\program files\explorer\Styles\SymbolImages\Placemark\Star.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Bar.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Camera.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Coffee.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dam.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dining.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\FastFood.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Forest.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Globe.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Information.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\LandLine.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Light.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Mine.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Museum.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\News.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Note.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\OilWell.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pizza.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pub.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Question.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Restroom.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shopping.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shower.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Stadium.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png
    c:\program files\explorer\Styles\SymbolImages\Points of Interest\Zoo.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Burglary.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\FireFighter.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\FireStation.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\FireTruck.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Homicide.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Police.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png
    c:\program files\explorer\Styles\SymbolImages\Public Safety\Theft.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png
    c:\program files\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Beach.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Bowling.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Camping.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Deer.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Fishing.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Geocache.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Gliding.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Golf.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Hiking.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Mountain.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Park.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\RestArea.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\RVPark.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\SkyDiving.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Sports.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\Swimming.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\TrackBack.png
    c:\program files\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\BlueSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\GreenSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\RedSphere.png
    c:\program files\explorer\Styles\SymbolImages\Sphere\YellowSphere.png
    c:\program files\explorer\Styles\SymbolImages\Square\BlackWaypoint.png
    c:\program files\explorer\Styles\SymbolImages\Square\BlueWaypoint.png
    c:\program files\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png
    c:\program files\explorer\Styles\SymbolImages\Transparent\Transparent.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Airplane.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\AirStrip.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Breakdown.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Bus.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedBack.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedFront.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRental.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarRepair.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Crossing.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Fuel.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Landingpad.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Lodging.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\MileMarker.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\MountainPass.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Overpass.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Parking.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\PrivateField.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\RoadClosure.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\RoadWork.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Sailing.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Scales.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Seaplane.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Tank.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Toll.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Tunnel.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\Ultralight.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\WarningRed.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\WarningYellow.png
    c:\program files\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Cloudy.png
    c:\program files\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Lightning.png
    c:\program files\explorer\Styles\SymbolImages\Weather\PartlySunny.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Rain.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Snow.png
    c:\program files\explorer\Styles\SymbolImages\Weather\Sunny.png
    c:\program files\explorer\Styles\Template.ncfg
    c:\program files\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml
    c:\program files\explorer\TilingSchemes\GoogleMapsVersions.xml
    c:\program files\explorer\TilingSchemes\Yahoo.xml
    c:\program files\Setup.exe
    c:\windows\ST6UNST.000
    c:\windows\system32\regobj.dll
    .
    .
     
  12. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    and the rest of it!..................


    ((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-07 12:35 . 2011-07-20 10:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-07 12:35 . 2011-07-20 10:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-08-07 12:35 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-08-07 12:35 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-08-07 12:35 . 2011-08-07 12:35 -------- d-----w- c:\program files\Avira
    2011-08-07 12:35 . 2011-08-07 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-08-07 12:19 . 2011-08-07 12:18 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-08-07 11:03 . 2011-08-07 11:03 -------- d-----w- c:\program files\Windows Installer Clean Up
    2011-08-07 11:03 . 2011-08-07 12:15 -------- d-----w- c:\program files\MSECACHE
    2011-08-07 10:53 . 2011-08-07 10:55 -------- d-s---w- c:\documents and settings\marty\Application Data\\Roaming
    2011-08-07 10:53 . 2011-08-07 10:53 -------- d-----w- C:\Sun
    2011-08-06 20:33 . 2011-08-06 20:33 -------- d-----w- c:\program files\ESET
    2011-08-03 20:28 . 2011-08-07 12:55 -------- d-----w- c:\documents and settings\marty\Local Settings\Application Data\efbbjphn
    2011-07-20 10:33 . 2011-07-20 10:34 -------- d-----w- C:\GIS
    2011-07-11 23:57 . 2011-07-11 23:57 -------- d-----w- c:\documents and settings\marty\Application Data\\Safe Software
    2011-07-11 23:49 . 2011-07-11 23:51 -------- d-----w- c:\documents and settings\marty\.idlerc
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-07 12:18 . 2011-01-12 18:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-07 12:18 . 2011-01-12 18:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-06 18:52 . 2011-04-15 12:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52 . 2011-04-15 12:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-30 19:36 . 2011-05-17 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-21 17:56 . 2011-06-23 13:48 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
    2011-06-21 17:56 . 2011-06-23 13:48 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
    2011-05-18 21:22 . 2011-05-18 21:22 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-05-21 15:59 . 2010-05-21 15:59 3095040 ----a-w- c:\program files\openofficeorg32.msi
    2011-06-24 00:34 . 2011-05-08 11:35 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
    "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
    "DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 520204]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "iPrint Tray"="c:\windows\system32\iprntctl.exe" [2009-09-18 53248]
    "iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2009-09-18 57344]
    "EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HotKeyDriver.lnk - c:\program files\HotKey_Driver\HotKeyDriver.exe [2011-1-5 3633152]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^marty^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\marty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [23/04/2011 17:29 30472]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [23/04/2011 17:29 20744]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/01/2011 03:41 691696]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [23/04/2011 17:29 14216]
    R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [11/05/2011 15:03 34593]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/08/2011 13:35 136360]
    R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe [02/06/2011 11:26 55688]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [21/06/2011 18:57 196912]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [23/04/2011 17:29 187400]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [05/01/2011 13:46 84240]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [05/01/2011 13:40 100456]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [05/01/2011 14:05 340096]
    R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\marty\LOCALS~1\Temp\twtutmjq.sys --> c:\docume~1\marty\LOCALS~1\Temp\twtutmjq.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2011 21:11 136176]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [19/01/2011 19:36 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [19/01/2011 19:36 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2011 21:11 136176]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - SSMDRV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-01-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-BLUEMAN-marty.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-05 03:44]
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc542f7217a4d0.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 20:11]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\marty\Application Data\Mozilla\Firefox\Profiles\vix162iz.default\
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    HKCU-Run-MlsNtpqe - c:\documents and settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe
    AddRemove-Live 8.0.1 - c:\progra~1\Ableton\LIVE80~1.1\Install\UNWISE.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-07 13:55
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\documents and settings\marty\Start Menu\Programs\Startup\mlsntpqe.exe 114625 bytes executable
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(680)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    - - - - - - - > 'explorer.exe'(3944)
    c:\windows\system32\wpdshext.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\Audiodev.dll
    c:\windows\system32\WMVCore.DLL
    c:\windows\system32\WMASF.DLL
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-07 14:00:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-07 13:00
    .
    Pre-Run: 1,040,424,960 bytes free
    Post-Run: 1,514,852,352 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - FAAF3E08F078B3DDDAE0FD53FABCFB7D

    Cheers

    Marty
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Marty, are these just in Firefox?
    =================================
    Please do the following:
    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
      o Uncheck "Use a Proxy server for your LAN".
      o Click Ok to close the Local Area Network (LAN) Settings window.
      o Click Ok to close the Internet Options window.
    ============================================
    See if that makes a difference in accessing a site.
    If it does not, clarify whether the access problem is just in Firefox. Try to access using Internet explorer. Does that work on site you can't get in Firefox? If so, please run the Eset Online Virus scan> online.

    Let me know either way. Combofix removed a large number of files and that alone could possibly have caused the connection problem. We have more work to do.

    I'd also like you to run the following:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
     
  14. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    hey dude, here you go:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\marty\my documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
    c:\python25\lib\site-packages\numpy\f2py\crackfortran.py
    c:\python25\lib\site-packages\numpy\f2py\crackfortran.pyc
    c:\python25\lib\site-packages\numpy\f2py\crackfortran.pyo
    scanner sequence 3.BB.11.HPAPXJ
    ----- EOF -----

    Confirm both Firefox and IE will do not let me access the esnet scanner. I have reset the proxy settings in both. Still no joy. Should I try another browser i.e. chrome?
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have the following installed:
    ArcGIS Desktop
    ArcGIS Explorer
    ArcGIS Tutorial Data

    Multiple entries were deleted in Combofix for c:\program files\explorer\bin....... Ot appears that you used the ArcGIS Explorer to set up some programming. What did you set up in the bin files?

    Information HERE>> Using the ArcGIS Explorer samples

    I am not a programmer.
    ==============================
    Another deletion was the Windows system 32 regpbj.dll:
    So I need t know what you are manipulating. It bothers me that I'm not seeing the WGA update in the Attach.txt log.
    I note you have SP2, so you are behind in the SP3 update.

    Edit: It also appears that you did not update the antivirus after you installed it:
    AV: AntiVir Desktop *Disabled/Outdated
     
  16. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Hey,

    I use Arc GIS Explorer for map making. I'm not a programmer either, and haven't (consciously) done anything to the BIN files. I'm not quite sure what you mean by 'manipulating'. I think the losest I may have got is run some reg. cleaning/optimising software a while back. Nothing else I can think of.

    As for WIn XP. I'm running SP2 as I have an old licensed copy of it which I installed myself on this laptop. I haven't got round to upgrading to SP3 nor have I been updating windows. Should I do that??

    I tried updating Antivir and it failed with the following report:

    Avira AntiVir Personal - Free Antivirus Updater
    Complete product update

    Creation time: Mon Aug 08 21:09:00 2011


    Operating system:
    Windows XP (Service Pack 2) [5.1.2600] 32 bit

    Product information:
    Product version: 10.0.0.652
    Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.39
    Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
    Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44
    Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8
    GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

    Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\
    Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\
    Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
    Updater folder: C:\Program Files\Avira\AntiVir Desktop\
    AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\

    Proxy settings:
    System settings used

    21:09:02 [UPD] [INFO] Checking whether newer files are available.
    21:09:02 [UPD] [INFO] Select update server 'http://127.0.0.1/update'.
    21:09:02 [UPD] [INFO] Downloading of 'http://127.0.0.1/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    21:09:03 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://127.0.0.1/update/idx/master.idx' failed. Error: A connection with the server could not be established
    21:09:03 [UPD] [INFO] Select update server 'http://127.0.0.1/update'.
    21:09:03 [UPD] [INFO] Downloading of 'http://127.0.0.1/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    21:09:04 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://127.0.0.1/update/idx/master.idx' failed. Error: A connection with the server could not be established
    21:09:04 [UPDLIB] [ERROR] No additional servers found, the update will be canceled.
    21:09:04 [UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 537.


    Summary:
    ********
    0 Files downloaded
    0 Files installed

    Mon Aug 08 21:09:04 2011
    The update failed!



    Thanks again!

    Marty
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What is the source of this 'old licensed copy'?
     
  18. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Do you mean is it a pirate copy?!! If so, no. I bought Windows XP SP2 about 5 or 6 years ago, so I have an official version, which is registered/activated etc. I had previously upgraded to SP3 but my laptop hard drive dies about 3 months ago and when I rebuilt on a new hard drive, I never got round to installing any updates. Should I do this now?

    Cheers

    Martyh
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No, wait on the updates. Please give me an update of the specific malware related problems you're having now.

    Are you able to connect to the internet yet? Message when you try? What?
     
  20. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Hey Bobbye,

    No still can't connect to certain pages i.e. Microsoft, anything virus software/malware removal related, a few of the tech forums. So selectively, and I guess all the stuff I need to connect to. The error message is the following (from Firefox):

    Unable to connect

    'Firefox can't establish a connection to the server at......'


    Antivir still won't update (says it won't connect) and the Antivir guard won't start, so I guess I have no anti virus. Still can't boot into safe mode - getting BSOD when I try and then laptop reboots.

    Any help GREATLY appreciated!!

    Cheers

    Marty
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This srill sounds like an intermittant internet connection problem.

    Please run the following:
    catchme
    catchme is the rootkit/stealth malware scanner that scans for:
    • hidden processes
    • hidden registry keys
    • hidden services
    • hidden files
    catchme can also delete, destroy and collect malicious files.

    Download catchme.exe ( 137KB ) and save to your desktop.
    • Double click the catchme.exe to run it
    • Click the "Scan" button to start scan
    • Open catchme.log to see results

    Copy the log to Notepad, making sure that 'Word Wrap' is unchecked in Format. Then paste the log in your next reply.
     
  22. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Hey Bobbeye,

    Here's the log. I couldn't connect to that site direclty so had to download to a memory stick from another machine.:

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-14 11:42:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\Documents and Settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe 114625 bytes executable
    C:\Documents and Settings\marty\Start Menu\Programs\Startup\mlsntpqe.exe 114625 bytes executable

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 2

    file zipped: C:\Documents and Settings\marty\Local Settings\Application Data\efbbjphn\mlsntpqe.exe -> catchme.zip -> mlsntpqe.exe ( 114625 bytes )
    file zipped: C:\Documents and Settings\marty\Start Menu\Programs\Startup\mlsntpqe.exe -> catchme.zip -> mlsntpqe.exe.1 ( 114625 bytes )

    Cheers

    Marty
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Marty, find the 2 catchme.zipped files on the desktop and do a right click> Delete on each,

    Reboot the computer when you finish> Empty the Recycle Bin.

    If you can get online now, please do the Eset scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
  24. chuzzle

    chuzzle TS Rookie Topic Starter Posts: 22

    Hi Bobbeye,

    Still not able to connect to the Eset scanner:( Though the web seems to be working generally

    Any ideas?

    Marty
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Try this one:

    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...