TechSpot

Avgnt.exe : "bad image"

By bongojam
Oct 12, 2011
  1. I ran some scans after getting a bad image message for avgnt.exe by Avira. Here are the logs. Any advice would be appreciated. Thank you!

    ============



    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7926

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/10/2011 10:06:56
    mbam-log-2011-10-12 (10-06-56).txt

    Scan type: Quick scan
    Objects scanned: 178258
    Time elapsed: 6 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ==============



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-12 11:10:17
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD1600JS-00NCB1 rev.10.02E02
    Running: e8whyj0r.exe; Driver: C:\DOCUME~1\Molto\LOCALS~1\Temp\fxtdqpoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT B873C494 ZwClose
    SSDT B873C44E ZwCreateKey
    SSDT B873C49E ZwCreateSection
    SSDT B873C476 ZwCreateSymbolicLinkObject
    SSDT B873C444 ZwCreateThread
    SSDT B873C453 ZwDeleteKey
    SSDT B873C45D ZwDeleteValueKey
    SSDT B873C48F ZwDuplicateObject
    SSDT B873C47B ZwLoadDriver
    SSDT B873C462 ZwLoadKey
    SSDT B873C430 ZwOpenProcess
    SSDT B873C471 ZwOpenSection
    SSDT B873C435 ZwOpenThread
    SSDT B873C4B7 ZwQueryValueKey
    SSDT B873C46C ZwReplaceKey
    SSDT B873C4A8 ZwRequestWaitReplyPort
    SSDT B873C467 ZwRestoreKey
    SSDT B873C4A3 ZwSetContextThread
    SSDT B873C4AD ZwSetSecurityObject
    SSDT B873C480 ZwSetSystemInformation
    SSDT B873C458 ZwSetValueKey
    SSDT B873C4B2 ZwSystemDebugControl
    SSDT B873C43F ZwTerminateProcess
    SSDT B873C43A ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D10 5 Bytes [7B, C4, 73, B8, 62]
    .text ntkrnlpa.exe!ZwCallbackReturn + 24EE 80501D16 2 Bytes [73, B8] {JAE 0xffffffffffffffba}
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C2F3A0, 0x88C445, 0xE8000020]
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB3686A80]

    ---- EOF - GMER 1.0.15 ----


    =============




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Molto at 11:10:56 on 2011-10-12
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1435 [GMT 3:00]
    .
    AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Documents and Settings\Molto\Desktop\e8whyj0r.exe
    C:\Documents and Settings\Molto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Molto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Molto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [X-Lite 4] "c:\program files\counterpath\x-lite 4\X-Lite4.exe" -bootload
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\molto\desktop\PartyPoker.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310394543801
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.10.254
    TCP: Interfaces\{D5F1F1D6-11B1-4F0F-8EB5-CFB65023BC5A} : DhcpNameServer = 192.168.10.254
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\molto\application data\mozilla\firefox\profiles\nnrmt3xh.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
    FF - plugin: c:\documents and settings\molto\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\molto\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\molto\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-10 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-10 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-10 110032]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-10 463824]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-10 74640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-13 366640]
    R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-13 22712]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
    S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2010-8-2 14336]
    S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2010-8-2 20864]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2010-8-2 19968]
    S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2010-8-2 24960]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2010-8-2 25728]
    S3 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-9-30 5162352]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2011-10-10 342480]
    .
    =============== Created Last 30 ================
    .
    2011-10-10 01:54:50 -------- d-----w- c:\windows\system32\NtmsData
    2011-10-10 00:34:29 -------- d-----w- c:\documents and settings\molto\application data\Avira
    2011-10-10 00:33:42 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-10 00:33:42 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-10-10 00:33:37 -------- d-----w- c:\program files\Avira
    2011-10-10 00:33:37 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-10-09 11:29:56 -------- d-----w- C:\Poker
    2011-10-09 03:43:08 -------- d-----w- c:\documents and settings\molto\application data\HighPulse
    2011-10-09 03:43:00 -------- d-----w- c:\program files\High Pulse
    2011-10-09 02:15:46 -------- d-----w- c:\documents and settings\molto\local settings\application data\Temp
    2011-10-06 00:45:57 -------- d-----w- c:\documents and settings\molto\local settings\application data\WBFSManager
    2011-10-06 00:44:23 -------- d-----w- c:\program files\WBFS
    2011-10-05 15:26:20 -------- d-----w- c:\program files\BlackChipPoker
    2011-10-05 14:36:48 -------- d-----w- c:\documents and settings\molto\local settings\application data\PokerEdge
    2011-10-05 14:31:20 -------- d-----w- c:\program files\PokerEdge
    2011-10-05 12:21:17 -------- d-----w- c:\program files\BetClic Poker.com
    2011-10-04 20:16:57 -------- d-----w- c:\program files\Bodog Poker
    2011-10-04 20:12:30 -------- d-----w- c:\documents and settings\molto\local settings\application data\CPN
    2011-10-04 20:12:19 -------- d-----w- c:\program files\Cake Poker 2.0
    2011-10-02 22:33:17 23920 ----a-w- c:\windows\system32\drivers\povrtdev.sys
    2011-10-02 22:32:58 -------- d-----w- c:\program files\common files\ffdshowEx
    2011-10-02 22:32:57 -------- d-----w- c:\program files\MediaMall
    2011-10-02 22:31:30 -------- d-----w- c:\documents and settings\all users\application data\MediaMall
    2011-09-28 12:06:13 -------- d-----w- c:\documents and settings\molto\local settings\application data\Hold'em_Manager
    2011-09-25 10:01:35 -------- d-----w- c:\documents and settings\all users\application data\Boss Media
    2011-09-25 10:01:34 -------- d-----w- c:\documents and settings\molto\local settings\application data\Boss Media
    2011-09-25 09:43:50 -------- d-----w- c:\program files\Poker Heaven
    2011-09-22 14:02:53 -------- d-----w- c:\documents and settings\molto\application data\YoudaGames
    2011-09-20 23:08:35 -------- d-----w- c:\documents and settings\molto\local settings\application data\PokerStrategy
    2011-09-20 22:49:38 -------- d-----w- c:\documents and settings\molto\local settings\application data\ICMTrainer
    2011-09-20 22:48:20 -------- d-----w- c:\program files\PokerStrategy
    2011-09-20 18:50:35 -------- d-----w- c:\program files\PokerStove
    2011-09-14 16:37:12 -------- d-----w- c:\documents and settings\molto\application data\Mozilla-Cache
    2011-09-14 16:36:24 -------- d-----w- c:\program files\PartyGaming
    2011-09-12 20:18:20 -------- d-----w- c:\program files\PokerOfficer
    2011-09-12 19:49:26 -------- d-----w- c:\documents and settings\molto\local settings\application data\In_The_Money_LLC
    2011-09-12 19:49:08 -------- d-----w- c:\program files\In The Money
    2011-09-12 16:55:14 -------- d-----w- C:\HMArchive
    2011-09-12 16:55:13 -------- d-----w- c:\documents and settings\molto\local settings\application data\In The Money
    2011-09-12 16:54:25 -------- d-----w- c:\documents and settings\all users\application data\XHEO INC
    2011-09-12 16:53:55 -------- d-----w- c:\documents and settings\molto\local settings\application data\IsolatedStorage
    2011-09-12 16:53:51 -------- d-----w- c:\documents and settings\molto\application data\HEM Data
    2011-09-12 16:50:35 -------- d-----w- c:\program files\PostgreSQL
    2011-09-12 16:49:31 -------- d-----w- c:\program files\RVG Software
    2011-09-12 16:49:06 -------- d-----w- c:\program files\PSQLINSTALL
    2011-09-12 16:44:57 -------- d-----w- c:\documents and settings\molto\P5JavaClientSettings
    2011-09-12 16:44:38 -------- d-----w- c:\documents and settings\molto\local settings\application data\P5
    2011-09-12 16:44:35 -------- d-----w- C:\bwinPoker JPC
    2011-09-12 16:22:57 -------- d-----w- c:\program files\PKR
    .
    ==================== Find3M ====================
    .
    2011-10-11 20:35:03 55 ---h--w- c:\windows\system32\t3zmolto.sys
    2011-10-10 00:10:12 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-10-10 00:10:12 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-10-10 00:09:27 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-09-14 16:37:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-05 17:05:00 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2011-09-05 17:04:58 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2011-08-10 17:28:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-10 17:28:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 11:11:22.26 ===============



    ================



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/11/2011 5:00:48 PM
    System Uptime: 10/12/2011 9:44:45 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | A8N-VM
    Processor: AMD Athlon(tm) 64 Processor 3000+ | CPU 1 | 1808/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 69.752 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81C01043&REV_A2\3&267A616A&0&51
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81C01043&REV_A2\3&267A616A&0&51
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Gigabyte GN-WP01GT Wireless PCI Adapter
    Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_E9121458&REV_01\4&2B17F62E&0&4080
    Manufacturer: Giga-byte
    Name: Gigabyte GN-WP01GT Wireless PCI Adapter
    PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_E9121458&REV_01\4&2B17F62E&0&4080
    Service: AR5211
    .
    ==== System Restore Points ===================
    .
    RP21: 7/13/2011 6:11:51 PM - Installed Microsoft .NET Framework 1.1
    RP22: 7/13/2011 6:48:22 PM - Installed TRADOS 7 Freelance
    RP23: 7/14/2011 8:00:16 PM - System Checkpoint
    RP25: 7/17/2011 2:02:32 PM - Installed Windows Media Format 9 Series Runtime Setup
    RP26: 7/17/2011 2:13:06 PM - Installed Windows XP Wdf01005.
    RP27: 7/17/2011 10:08:18 PM - Installed DirectX
    RP28: 7/19/2011 12:03:22 AM - System Checkpoint
    RP29: 7/20/2011 4:33:15 AM - System Checkpoint
    RP30: 7/21/2011 5:24:27 AM - System Checkpoint
    RP31: 7/22/2011 1:49:43 AM - Installed Viva Fax
    RP32: 7/23/2011 12:14:02 PM - System Checkpoint
    RP33: 8/3/2011 7:57:41 PM - System Checkpoint
    RP34: 8/4/2011 8:24:02 AM - Installed Windows Live installer
    RP35: 8/4/2011 8:25:12 AM - Installed Windows Live
    RP36: 8/5/2011 3:22:44 PM - System Checkpoint
    RP37: 8/6/2011 5:16:41 PM - System Checkpoint
    RP38: 8/8/2011 1:04:45 PM - Installed Image Resizer Powertoy for Windows XP
    RP39: 8/9/2011 6:04:26 PM - System Checkpoint
    RP40: 8/10/2011 8:28:20 PM - Installed Java(TM) 6 Update 26
    RP41: 8/12/2011 3:05:32 PM - System Checkpoint
    RP42: 8/13/2011 9:53:03 PM - System Checkpoint
    RP43: 8/14/2011 10:56:28 PM - System Checkpoint
    RP44: 8/16/2011 12:26:34 PM - System Checkpoint
    RP45: 8/16/2011 7:55:14 PM - Installed Windows Media Player 11
    RP46: 8/16/2011 7:56:07 PM - Software Distribution Service 3.0
    RP47: 8/16/2011 8:09:20 PM - Removed Microsoft Visual C++ 2005 Redistributable
    RP48: 8/16/2011 8:09:45 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP49: 8/16/2011 8:10:18 PM - Installed Windows XP KB942288-v3.
    RP50: 8/16/2011 8:13:52 PM - Installed Nero Burning ROM 10.
    RP51: 8/20/2011 9:54:14 AM - System Checkpoint
    RP52: 8/22/2011 2:01:35 PM - System Checkpoint
    RP53: 8/23/2011 10:24:26 AM - Removed X-Lite 4
    RP54: 8/24/2011 11:12:38 AM - System Checkpoint
    RP55: 8/25/2011 12:37:48 PM - System Checkpoint
    RP56: 8/26/2011 5:00:56 PM - System Checkpoint
    RP57: 8/29/2011 12:01:27 PM - System Checkpoint
    RP58: 8/30/2011 2:52:08 PM - System Checkpoint
    RP59: 8/31/2011 5:15:30 PM - System Checkpoint
    RP60: 9/8/2011 8:07:10 PM - System Checkpoint
    RP61: 9/9/2011 8:17:51 PM - System Checkpoint
    RP62: 9/10/2011 8:23:14 PM - System Checkpoint
    RP63: 9/12/2011 11:18:25 PM - Installed PokerOfficer
    RP64: 9/14/2011 12:34:32 AM - System Checkpoint
    RP65: 9/15/2011 5:16:19 PM - System Checkpoint
    RP66: 9/16/2011 8:20:52 PM - System Checkpoint
    RP67: 9/18/2011 5:26:31 PM - System Checkpoint
    RP68: 9/19/2011 5:50:11 PM - System Checkpoint
    RP69: 9/21/2011 1:48:52 AM - Installed ICM Trainer
    RP70: 9/22/2011 6:39:49 PM - System Checkpoint
    RP71: 9/24/2011 5:37:46 PM - System Checkpoint
    RP72: 9/25/2011 10:15:12 PM - System Checkpoint
    RP73: 9/27/2011 12:53:24 AM - System Checkpoint
    RP74: 9/28/2011 8:09:14 PM - System Checkpoint
    RP75: 9/30/2011 3:14:24 PM - System Checkpoint
    RP76: 10/2/2011 4:41:29 PM - System Checkpoint
    RP77: 10/3/2011 1:32:39 AM - Installed PlayOn
    RP78: 10/4/2011 2:44:37 PM - System Checkpoint
    RP79: 10/6/2011 4:39:03 AM - System Checkpoint
    RP80: 10/7/2011 11:52:26 AM - System Checkpoint
    RP81: 10/8/2011 2:42:07 PM - System Checkpoint
    RP82: 10/9/2011 6:42:59 AM - Installed High Pulse.
    RP83: 10/10/2011 7:31:17 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    ABBYY FineReader 10 Corporate Edition
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Athlon 64 Processor Driver
    µTorrent
    Avira Antivirus Premium 2012
    BetClic Poker.com (Remove Only)
    Black Chip Poker
    Bodog Poker
    bwin Poker JPC 1.0.0
    Cake Poker 2.0
    Foxit Reader 5.0
    Free Music Zilla
    Gigabyte Client Installation Program
    Glary Utilities 2.38.0.1288
    Google Chrome
    Google Talk Plugin
    High Pulse
    Holdem Manager
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB954550-v5)
    ICM Trainer
    Image Resizer Powertoy for Windows XP
    Java Auto Updater
    Java(TM) 6 Update 26
    LG Bluetooth Drivers
    LG PC Suite IV
    LG United Mobile Drivers
    MAGENTA - GOLDEN VERSION 2006 - English-Greek-English dictionar
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Media Player Classic - Home Cinema v1.5.1.2903
    MediaCoder 2011
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (Greek) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (Greek) 2007
    Microsoft Office Groove MUI (Greek) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office InfoPath MUI (Greek) 2007
    Microsoft Office Language Pack 2007 - Greek/????????
    Microsoft Office O MUI (Greek) 2007
    Microsoft Office OneNote MUI (Greek) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (Greek) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (Greek) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Greek) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (Greek) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (Greek) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (Greek) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer MUI (Greek) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (Greek) 2007
    Microsoft Office X MUI (Greek) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Software Update for Web Folders (Greek) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 8.0 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 Parser and SDK
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    NVIDIA Control Panel 275.33
    NVIDIA Drivers
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    PartyPoker
    Peck's Power Join
    PhotoFiltre
    PKR
    PlayOn
    Poker Heaven
    PokerOfficer
    PokerStove version 1.23
    PostgreSQL 8.4
    PowerISO
    Prism Video File Converter
    Readiris Pro 10
    Samsung SCX-4300 Series
    Segoe UI
    Sentinel Protection Installer 7.0.0
    SitNGo Wizard
    SmarThru 4
    SoundMAX
    Spybot - Search & Destroy
    TRADOS 7 Freelance
    Translation Office 3000, Version 9.0
    Viva Fax
    VLC media player 1.1.10
    WBFS Manager 3.0
    WebFldrs XP
    William Hill Poker
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR 4.00 (32-bit)
    WinZip 15.5
    X-Lite 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/8/2011 6:37:30 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
    10/11/2011 10:10:25 AM, error: Service Control Manager [7034] - The postgresql-8.4 - PostgreSQL Server 8.4 service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. bongojam

    bongojam TS Rookie Topic Starter

    I should also mention that a couple of days ago there were some "unusual runtime compression" messages regarding some dll files. These were removed and the associated application (Poker Edge) was uninstalled. Anyway, here's the Antivir report in case it's of any help.

    ==========





    Avira Antivirus Premium 2012
    Report file date: 10 October 2011 04:54

    Scanning for 3375797 virus strains and unwanted programs.

    The program is running as a fully functional evaluation version.
    Online services are available:

    Licensee : Molto
    Serial number : 2216633411-PEPWE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Molto
    Computer name : BRISTOL

    Version information:
    BUILD.DAT : 12.0.0.867 42511 Bytes 05/10/2011 21:07:00
    AVSCAN.EXE : 12.1.0.17 490448 Bytes 05/10/2011 07:24:16
    AVSCAN.DLL : 12.1.0.17 54224 Bytes 23/09/2011 10:34:57
    LUKE.DLL : 12.1.0.17 68304 Bytes 05/10/2011 07:24:24
    AVSCPLR.DLL : 12.1.0.19 99536 Bytes 05/10/2011 07:24:16
    AVREG.DLL : 12.1.0.20 227024 Bytes 05/10/2011 07:24:15
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 17:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 08:07:39
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 14:08:51
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 09:00:55
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 09:18:22
    VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/2011 11:12:53
    VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 06:26:09
    VBASE007.VDF : 7.11.15.106 2389504 Bytes 05/10/2011 08:44:27
    VBASE008.VDF : 7.11.15.107 2048 Bytes 05/10/2011 08:44:27
    VBASE009.VDF : 7.11.15.108 2048 Bytes 05/10/2011 08:44:27
    VBASE010.VDF : 7.11.15.109 2048 Bytes 05/10/2011 08:44:27
    VBASE011.VDF : 7.11.15.110 2048 Bytes 05/10/2011 08:44:27
    VBASE012.VDF : 7.11.15.111 2048 Bytes 05/10/2011 08:44:27
    VBASE013.VDF : 7.11.15.144 161792 Bytes 07/10/2011 00:36:10
    VBASE014.VDF : 7.11.15.145 2048 Bytes 07/10/2011 00:36:10
    VBASE015.VDF : 7.11.15.146 2048 Bytes 07/10/2011 00:36:10
    VBASE016.VDF : 7.11.15.147 2048 Bytes 07/10/2011 00:36:10
    VBASE017.VDF : 7.11.15.148 2048 Bytes 07/10/2011 00:36:10
    VBASE018.VDF : 7.11.15.149 2048 Bytes 07/10/2011 00:36:10
    VBASE019.VDF : 7.11.15.150 2048 Bytes 07/10/2011 00:36:10
    VBASE020.VDF : 7.11.15.151 2048 Bytes 07/10/2011 00:36:11
    VBASE021.VDF : 7.11.15.152 2048 Bytes 07/10/2011 00:36:11
    VBASE022.VDF : 7.11.15.153 2048 Bytes 07/10/2011 00:36:11
    VBASE023.VDF : 7.11.15.154 2048 Bytes 07/10/2011 00:36:11
    VBASE024.VDF : 7.11.15.155 2048 Bytes 07/10/2011 00:36:11
    VBASE025.VDF : 7.11.15.156 2048 Bytes 07/10/2011 00:36:11
    VBASE026.VDF : 7.11.15.157 2048 Bytes 07/10/2011 00:36:11
    VBASE027.VDF : 7.11.15.158 2048 Bytes 07/10/2011 00:36:11
    VBASE028.VDF : 7.11.15.159 2048 Bytes 07/10/2011 00:36:12
    VBASE029.VDF : 7.11.15.160 2048 Bytes 07/10/2011 00:36:12
    VBASE030.VDF : 7.11.15.161 2048 Bytes 07/10/2011 00:36:12
    VBASE031.VDF : 7.11.15.175 126464 Bytes 09/10/2011 00:36:12
    Engineversion : 8.2.6.80
    AEVDF.DLL : 8.1.2.1 106868 Bytes 01/09/2011 20:46:02
    AESCRIPT.DLL : 8.1.3.81 467322 Bytes 04/10/2011 16:01:31
    AESCN.DLL : 8.1.7.2 127349 Bytes 01/09/2011 20:46:02
    AESBX.DLL : 8.2.1.34 323957 Bytes 01/09/2011 20:46:02
    AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 20:16:06
    AEPACK.DLL : 8.2.10.11 684408 Bytes 22/09/2011 13:18:45
    AEOFFICE.DLL : 8.1.2.15 201083 Bytes 15/09/2011 22:17:25
    AEHEUR.DLL : 8.1.2.177 3744120 Bytes 10/10/2011 00:36:15
    AEHELP.DLL : 8.1.17.7 254327 Bytes 01/09/2011 20:46:01
    AEGEN.DLL : 8.1.5.9 401780 Bytes 01/09/2011 20:46:01
    AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 20:46:01
    AECORE.DLL : 8.1.23.0 196983 Bytes 01/09/2011 20:46:01
    AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 20:46:01
    AVWINLL.DLL : 12.1.0.17 27344 Bytes 05/10/2011 07:24:18
    AVPREF.DLL : 12.1.0.17 51920 Bytes 05/10/2011 07:24:15
    AVREP.DLL : 12.1.0.17 179920 Bytes 05/10/2011 07:24:15
    AVARKT.DLL : 12.1.0.17 223184 Bytes 05/10/2011 07:24:12
    AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 05/10/2011 07:24:14
    SQLITE3.DLL : 3.7.0.0 398288 Bytes 05/10/2011 07:24:28
    AVSMTP.DLL : 12.1.0.17 63440 Bytes 05/10/2011 07:24:16
    NETNT.DLL : 12.1.0.17 17104 Bytes 05/10/2011 07:24:25
    RCIMAGE.DLL : 12.1.0.17 4493520 Bytes 05/10/2011 07:24:33
    RCTEXT.DLL : 12.1.0.16 96208 Bytes 23/09/2011 10:37:28

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: default
    Primary action......................: delete
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended
    Deviating risk categories...........: +PCK,+SPR,

    Start of the scan: 10 October 2011 04:54

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'rsmsink.exe' - '29' Module(s) have been scanned
    Scan process 'msdtc.exe' - '40' Module(s) have been scanned
    Scan process 'dllhost.exe' - '59' Module(s) have been scanned
    Scan process 'dllhost.exe' - '45' Module(s) have been scanned
    Scan process 'vssvc.exe' - '48' Module(s) have been scanned
    Scan process 'avscan.exe' - '69' Module(s) have been scanned
    Scan process 'avcenter.exe' - '102' Module(s) have been scanned
    Scan process 'chrome.exe' - '41' Module(s) have been scanned
    Scan process 'chrome.exe' - '44' Module(s) have been scanned
    Scan process 'avgnt.exe' - '63' Module(s) have been scanned
    Scan process 'AVWEBGRD.EXE' - '38' Module(s) have been scanned
    Scan process 'sched.exe' - '37' Module(s) have been scanned
    Scan process 'avshadow.exe' - '26' Module(s) have been scanned
    Scan process 'avguard.exe' - '89' Module(s) have been scanned
    Scan process 'chrome.exe' - '78' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'alg.exe' - '33' Module(s) have been scanned
    Scan process 'postgres.exe' - '30' Module(s) have been scanned
    Scan process 'postgres.exe' - '30' Module(s) have been scanned
    Scan process 'postgres.exe' - '30' Module(s) have been scanned
    Scan process 'postgres.exe' - '30' Module(s) have been scanned
    Scan process 'postgres.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'spnsrvnt.exe' - '20' Module(s) have been scanned
    Scan process 'pg_ctl.exe' - '32' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '36' Module(s) have been scanned
    Scan process 'mbamservice.exe' - '33' Module(s) have been scanned
    Scan process 'jqs.exe' - '33' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '118' Module(s) have been scanned
    Scan process 'acs.exe' - '34' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '54' Module(s) have been scanned
    Scan process 'svchost.exe' - '56' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '164' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'svchost.exe' - '50' Module(s) have been scanned
    Scan process 'lsass.exe' - '64' Module(s) have been scanned
    Scan process 'services.exe' - '36' Module(s) have been scanned
    Scan process 'winlogon.exe' - '70' Module(s) have been scanned
    Scan process 'csrss.exe' - '12' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '6148' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\Molto\Local Settings\Temp\PE5.0.3.9.exe
    [0] Archive type: NSIS
    --> TPData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> PSDataIT.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> PSDataFR.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> PSData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> PPData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> APData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> BPData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> OGData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> C1Data.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> C2Data.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> MRData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> FTData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    --> OpenerInterface.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\APData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\BPData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\C1Data.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\C2Data.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\FTData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\MRData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\OGData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\OpenerInterface.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\PPData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\PSData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\PSDataFR.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\PSDataIT.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!
    C:\Program Files\PokerEdge\TPData.dll
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/Themida). Please verify the origin of this file.
    [NOTE] The file was deleted!


    End of the scan: 10 October 2011 05:41
    Used time: 47:07 Minute(s)

    The scan has been done completely.

    6914 Scanned directories
    356780 Files were scanned
    26 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    14 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    356754 Files not concerned
    3010 Archives were scanned
    0 Warnings
    14 Notes
    356221 Objects were scanned with rootkit scan
    0 Hidden objects were found
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! Looking over the installed programs makes me fairly certain that one or more- maybe even all of the poker programs you put on the system in the last month has most probably corrupted files.

    As you may know, avgnt.exe is a background task of the AntiVir antivirus program which scans files transparently in the background . It appears that you installed c:\program files\Avira on 2011-10-10 after getting the poker software. Was there any other AV on this system before Avira?
    ===================================
    From 9/10 to 10/9/2011, you put 12 poker programs on the system and set up 2 directories for related poker processes.
    C:\Poker
    c:\program files\BlackChipPoker
    c:\program files\PokerEdge
    c:\program files\High Pulse
    c:\program files\BetClic Poker.com
    c:\program files\Bodog Poker
    c:\program files\Cake Poker 2.0
    c:\program files\Poker Heaven
    c:\program files\PokerStrategy
    c:\program files\PokerStove
    c:\program files\PartyGaming
    c:\program files\PokerOfficer
    c:\program files\RVG Software
    C:\bwinPoker JPC
    c:\program files\PKR

    Additionally, the installed programs also show:
    ICM Trainer
    PartyPoker
    PlayOn
    William Hill Poker
    ======================================
    I don't know what country you live in, but in the US- and possibly globally- the government closed most if not all of the online poker games.
    ===================================================
    I am certain that these numerous downloads in the last month have taken their tool on the system

    If you would like my help with this, please give me some detail of what is going on with the system and the full bad image message.
    ==========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    Please post the entire log with heading resembling this:
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...