My Avg also detecting Win32/Heur (winXP)

Solved
By monkeyman19
Mar 12, 2011
Topic Status:
Not open for further replies.
  1. Hey guys,

    Just joined this forum and I hope you can help me get rid of this pesky virus. It started a few days ago when avg found it in my system folder, then it started popping up again and again, usually in different places. At the moment AVG isn't finding it, but my browser seems to have slowed down a fair bit recently so I suspect it isn't gone.

    Here are the logs, I hope I did it right.

    MBAM

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6012

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/03/2011 21:29:38
    mbam-log-2011-03-10 (21-29-38).txt

    Scan type: Quick scan
    Objects scanned: 149460
    Time elapsed: 2 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-12 23:23:00
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-11 WDC_WD5000AAKS-65YGA0 rev.12.01C02
    Running: c1nqphlk.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\ugtdypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB4CD6534]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB4CD0782]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB4CEF6DC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB4CD6CC0]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB4CD6DF6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB4CD1398]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB4CF0FE4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB4CF093C]
    SSDT sptd.sys ZwEnumerateKey [0xB7ED684C]
    SSDT sptd.sys ZwEnumerateValueKey [0xB7ED6BEC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB4CF193C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB4CF1B44]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB4CD0FAA]
    SSDT sptd.sys ZwOpenKey [0xB7ED1090]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB3C486C0]
    SSDT sptd.sys ZwQueryKey [0xB7ED6CC4]
    SSDT sptd.sys ZwQueryValueKey [0xB7ED6B44]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB4CF28D2]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB4CF2208]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB4CD60F4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB4CF32A4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB4CD175C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB4CF2E12]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB4CF00C4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB3C48770]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB3C48810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB3C488B0]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73393A0, 0x5CC259, 0xE8000020]
    .text USBPORT.SYS!DllUnload B73198AC 5 Bytes JMP 8AD591B8
    .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB38A6300, 0x3ACC8, 0xE8000020]
    .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83A0300, 0x1B7E, 0xE8000020]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7ED1ABA] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7ED1C00] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7ED1B82] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7ED272E] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7ED2604] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4CDB672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4CDB4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4CDBCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4CD9C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4CD9C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4CDB672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4CDB4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4CDBCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4CDB672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4CD9C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4CDBCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4CDB4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EE4B9A] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4CDBCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4CDB4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4CDB672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4CD9C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4CDB672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4CDB4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4CDBCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4CDBCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B4CDB4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4CD9C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4CDB672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B4CDB672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B4CD9C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B4CDBCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B4CDB4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8AE8B1D8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Fastfat \FatCdrom 8A3C0980
    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-0 8AC8A980
    Device \Driver\NetBT \Device\NetBT_Tcpip_{5D2FFE17-A6CA-4A13-A34B-BE60931E717E} 8A8881D8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AF031D8
    Device \Driver\dmio \Device\DmControl\DmConfig 8AF031D8
    Device \Driver\dmio \Device\DmControl\DmPnP 8AF031D8
    Device \Driver\dmio \Device\DmControl\DmInfo 8AF031D8
    Device \Driver\usbuhci \Device\USBPDO-1 8AC8A980
    Device \Driver\usbuhci \Device\USBPDO-2 8AC8A980
    Device \Driver\usbehci \Device\USBPDO-3 8AC83980
    Device \Driver\usbuhci \Device\USBPDO-4 8AC8A980
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-5 8AC8A980
    Device \Driver\usbuhci \Device\USBPDO-6 8AC8A980
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8AE8D1D8
    Device \Driver\usbehci \Device\USBPDO-7 8AC83980
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8AE8D1D8
    Device \Driver\Cdrom \Device\CdRom0 8AC82980
    Device \Driver\atapi \Device\Ide\IdePort0 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-24 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort4 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort5 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-19 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-11 [B7E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8AE8D1D8
    Device \Driver\Cdrom \Device\CdRom1 8AC82980
    Device \Driver\Ftdisk \Device\HarddiskVolume4 8AE8D1D8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 8AE8D1D8
    Device \Driver\Ftdisk \Device\HarddiskVolume6 8AE8D1D8
    Device \Driver\Ftdisk \Device\HarddiskVolume7 8AE8D1D8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A8881D8
    Device \Driver\Ftdisk \Device\HarddiskVolume8 8AE8D1D8
    Device \Driver\NetBT \Device\NetbiosSmb 8A8881D8
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBFDO-0 8AC8A980
    Device \Driver\usbuhci \Device\USBFDO-1 8AC8A980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A6E71D8
    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\usbuhci \Device\USBFDO-2 8AC8A980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A6E71D8
    Device \Driver\usbehci \Device\USBFDO-3 8AC83980
    Device \Driver\usbuhci \Device\USBFDO-4 8AC8A980
    Device \Driver\Ftdisk \Device\FtControl 8AE8D1D8
    Device \Driver\usbuhci \Device\USBFDO-5 8AC8A980
    Device \Driver\usbuhci \Device\USBFDO-6 8AC8A980
    Device \Driver\usbehci \Device\USBFDO-7 8AC83980
    Device \FileSystem\Fastfat \Fat 8A3C0980

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Cdfs \Cdfs 8A63C980

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1016540775
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 84925314
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    DDS

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Michael at 23:24:54.29 on 12/03/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2493 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    K:\moh\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Michael\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: {5D2FFE17-A6CA-4A13-A34B-BE60931E717E} = 193.162.153.164,194.239.134.83
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\2xayjqjy.default\
    FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\2xayjqjy.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\2xayjqjy.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\2xayjqjy.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\2xayjqjy.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\michael\application data\mozilla\firefox\profiles\2xayjqjy.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-3-11 532224]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-10-26 10448]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [2010-3-12 7168]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-7-12 30576]
    S1 efbDisk;efbDisk; [x]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\dragon age\bin_ship\daupdatersvc.service.exe [2011-1-20 25832]
    S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaii.sys --> c:\windows\system32\drivers\deltaII.sys [?]
    S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2010-3-12 31232]
    S3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [2010-4-26 23696]
    .
    =============== Created Last 30 ================
    .
    2011-03-10 20:25:15 -------- d-----w- c:\docume~1\michael\applic~1\Malwarebytes
    2011-03-10 20:25:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-10 20:25:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-03-10 20:25:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-10 20:25:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-10 20:07:49 -------- d-----w- c:\program files\ESET
    2011-03-08 15:57:32 -------- d-----w- c:\program files\Image-Line
    2011-03-01 13:44:33 -------- d-----w- c:\docume~1\michael\applic~1\The Creative Assembly
    2011-03-01 13:22:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Smith Micro
    2011-03-01 13:22:37 -------- d-----w- c:\program files\Smith Micro
    2011-03-01 13:22:37 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\smith micro
    .
    ==================== Find3M ====================
    .
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-06 19:02:46 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-02-06 19:02:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-02-06 19:02:39 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 23:25:09.81 ===============
  2. monkeyman19

    monkeyman19 Newcomer, in training Topic Starter

    DDS (Attach)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/03/2010 19:04:36
    System Uptime: 12/03/2011 19:19:26 (4 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5K-E
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2405/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 30.688 GiB free.
    D: is FIXED (NTFS) - 166 GiB total, 6.087 GiB free.
    E: is FIXED (NTFS) - 202 GiB total, 40.177 GiB free.
    F: is CDROM (CDFS)
    G: is FIXED (NTFS) - 140 GiB total, 45.689 GiB free.
    H: is FIXED (NTFS) - 140 GiB total, 57.03 GiB free.
    I: is FIXED (NTFS) - 98 GiB total, 36.729 GiB free.
    J: is CDROM ()
    K: is FIXED (NTFS) - 162 GiB total, 9.282 GiB free.
    M: is FIXED (NTFS) - 206 GiB total, 49.084 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: RTL8187_Wireless
    Device ID: USB\VID_0BDA&PID_8187\0015AF37362F
    Manufacturer:
    Name: RTL8187_Wireless
    PNP Device ID: USB\VID_0BDA&PID_8187\0015AF37362F
    Service:
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&B6AFFD&0
    Manufacturer: Logitech
    Name: PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&B6AFFD&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP309: 10/01/2011 23:30:39 - System Checkpoint
    RP310: 11/01/2011 01:28:38 - Removed Opera 10.63.
    RP311: 11/01/2011 14:26:38 - Installed PC Probe II
    RP312: 12/01/2011 14:41:22 - System Checkpoint
    RP313: 12/01/2011 20:00:14 - Software Distribution Service 3.0
    RP314: 13/01/2011 23:43:29 - Removed Opera 10.63.
    RP315: 13/01/2011 23:43:47 - Installed Opera 11.00.
    RP316: 14/01/2011 14:47:59 - Unsigned driver install
    RP317: 15/01/2011 18:44:40 - System Checkpoint
    RP318: 17/01/2011 00:03:53 - System Checkpoint
    RP319: 17/01/2011 19:22:42 - Unsigned driver install
    RP320: 18/01/2011 20:41:17 - System Checkpoint
    RP321: 19/01/2011 21:24:49 - System Checkpoint
    RP322: 20/01/2011 21:50:58 - System Checkpoint
    RP323: 21/01/2011 16:28:22 - Installed Phoscyon 1.8.0
    RP324: 22/01/2011 16:54:01 - System Checkpoint
    RP325: 24/01/2011 01:14:51 - System Checkpoint
    RP326: 24/01/2011 11:43:44 - Installed Java(TM) 6 Update 23
    RP327: 25/01/2011 13:19:05 - System Checkpoint
    RP328: 26/01/2011 19:04:36 - System Checkpoint
    RP329: 27/01/2011 19:58:33 - System Checkpoint
    RP330: 29/01/2011 18:58:27 - System Checkpoint
    RP331: 31/01/2011 02:48:05 - System Checkpoint
    RP332: 01/02/2011 12:03:20 - Printer Driver CutePDF Writer Installed
    RP333: 02/02/2011 17:57:48 - System Checkpoint
    RP334: 03/02/2011 00:57:16 - Removed Opera 11.00.
    RP335: 04/02/2011 01:05:07 - System Checkpoint
    RP336: 05/02/2011 11:07:27 - System Checkpoint
    RP337: 05/02/2011 22:59:10 - Installed nebula3 CM
    RP338: 06/02/2011 23:23:44 - System Checkpoint
    RP339: 08/02/2011 15:45:47 - System Checkpoint
    RP340: 09/02/2011 19:30:41 - System Checkpoint
    RP341: 10/02/2011 18:03:11 - Advanced SystemCare RestorePoint
    RP342: 10/02/2011 20:00:14 - Software Distribution Service 3.0
    RP343: 11/02/2011 20:33:34 - System Checkpoint
    RP344: 12/02/2011 21:59:11 - System Checkpoint
    RP345: 13/02/2011 22:48:30 - System Checkpoint
    RP346: 15/02/2011 13:49:47 - System Checkpoint
    RP347: 16/02/2011 15:36:29 - System Checkpoint
    RP348: 17/02/2011 18:44:06 - System Checkpoint
    RP349: 20/02/2011 23:26:37 - System Checkpoint
    RP350: 22/02/2011 13:36:31 - System Checkpoint
    RP351: 24/02/2011 22:25:16 - System Checkpoint
    RP352: 01/03/2011 13:44:21 - Installed DirectX
    RP353: 01/03/2011 14:22:36 - Installed StuffIt 2009.
    RP354: 02/03/2011 20:46:24 - System Checkpoint
    RP355: 04/03/2011 00:19:56 - System Checkpoint
    RP356: 04/03/2011 18:04:43 - Unsigned driver install
    RP357: 06/03/2011 15:51:03 - System Checkpoint
    RP358: 07/03/2011 19:44:38 - System Checkpoint
    RP359: 09/03/2011 19:48:52 - System Checkpoint
    RP360: 09/03/2011 20:00:14 - Software Distribution Service 3.0
    RP361: 01/01/2002 01:05:12 - System Checkpoint
    RP362: 10/03/2011 20:34:17 - Software Distribution Service 3.0
    RP363: 11/03/2011 03:56:06 - System Checkpoint
    RP364: 11/03/2011 20:00:25 - Software Distribution Service 3.0
    RP365: 12/03/2011 23:00:59 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    1.00
    7-Zip 4.65
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color EU Recommended Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Download Manager
    Adobe Dreamweaver CS4
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe Linguistics CS3
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Reader 9.4.2 - Dansk
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    Advanced SystemCare 3
    Alchemy
    Antares Filter VST DX v1.01
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Artillery2
    Audio Damage DubStation VST v1.0.2.0
    Audio.Damage.Ronin.v1.0.VST-DAC
    Automap 3.4
    Automap ReWire 1.0
    AutoUpdate
    AVG 2011
    BiFilter v2.2
    Bonjour
    City Life Deluxe
    Conduit Engine
    Connect
    Consequence
    CutePDF Writer 2.8
    Dead Rising 2
    Delta
    DivX
    DivX Player
    Dragon Age: Origins
    Dropbox
    eBay Icon
    Effectrix
    eLicenser Control
    Empire: Total War
    erLT
    ESET Online Scanner v3
    Exact Audio Copy 0.99pb5
    FabFilter Timeless VST RTAS v2.00
    Fallout 3
    Fallout Mod Manager 0.11.9
    Fallout New Vegas
    FilterBank v3.2
    FireBird+ v1.9
    FLAC 1.2.1b (remove only)
    Freecorder 4.02B Application
    Half-Life(R) 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    IL Gross Beat
    Image Resizer Powertoy for Windows XP
    Instant Eyedropper 1.75
    Ipswitch WS_FTP Pro
    iTunes
    Jalbum
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 20
    Java(TM) 6 Update 23
    Kjaerhus Audio - Golden Equaliser | GEQ-7 v1.10
    Korg Legacy Collection v1.1.9
    kuler
    Live 8.1.4
    Logitech SetPoint 6.15
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Mass Effect 2
    Medal of Honor Airborne
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Corporation
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft LifeCam
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Monkey's Audio
    Mozilla Firefox (3.6.15)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Native Instruments Guitar Rig 3
    Native Instruments Massive
    Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
    nebula3 CM
    Nero 7 Ultra Edition
    neroxml
    NokiaFREE Unlock Codes Calculator
    Novation USB Audio Driver 1.7
    NVIDIA Control Panel 260.99
    NVIDIA Graphics Driver 260.99
    NVIDIA Install Application
    NVIDIA nView 135.36
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    ObjectDock Free
    Ohm Force - Ohmicide VST
    OhmForce Hematohm VST2
    Ohmforce Mobilohm PRO VST v1.12
    Ohmforce Ohmboyz PRO VST v1.42
    OpenOffice.org 3.2
    Opera 11.01
    PC Probe II
    PCM Native Reverb VST Plug-in
    PDF Settings
    PeerBlock 1.1 (r518)
    Phoscyon 1.8.0
    Photoshop Camera Raw
    PSP 608 MultiDelay VST DX RTAS v1.0.0
    PSP 84 1.5.2
    PSP Neon 1.1.0
    PSP Nitro 1.1.1
    PSP VintageWarmer2 2.5.1 32bit
    QuickTime
    ReMOTE SL Editor
    Replicant VST plug-in
    Rob Papen Predator V1.1 b
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923789)
    Segoe UI
    Skype Toolbars
    Skype™ 4.2
    Sonalksis TBK VST v1.00
    StarCraft II
    Steam(TM)
    Steinberg Cubase 4
    Steinberg HALionOne
    Steinberg HALionOne GM Drum Set
    Steinberg HALionOne GM Set
    Steinberg HALionOne Pro Set
    Steinberg HALionOne Studio Drum Set
    Steinberg HALionOne Studio Set
    StormGate3 Demo 1.0.7
    StuffIt 2009
    Suite Shared Configuration CS4
    Sylenth1 v2.0
    TC Native Bundle v3.1
    Thesys
    Tone2 Gladiator VSTi v2.2
    Trilogy
    uMusic
    Unique
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB971029)
    VC 9.0 Runtime
    Vember Audio SURGE
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
    VLC media player 1.0.5
    Vuze
    Vuze_Remote Toolbar
    Waldorf Largo
    Waves Diamond Bundle v5.2
    WebFldrs XP
    WinAVI MP4 Converter
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    WinRAR archiver
    World in Conflict
    ZoneAlarm
    .
    ==== Event Viewer Messages From Past Week ========
    .
    06/03/2011 18:17:55, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JANNIK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D2FFE17-A6CA-4A13-A3. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================

    Any advice on this one? Is my computer still infected? I really appreciate the help, so thanks in advance :)
  3. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    It looks like another computer with recent AVG false positive.
    Do you remember, which files were reported as infected?

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  4. monkeyman19

    monkeyman19 Newcomer, in training Topic Starter

    The scan turned out completely clean. Does that mean it's 100% a false positive? On that note, would you recommend a different free antivirus instead of AVG? So far I've been very happy with it, but I've heard good things about other programs too. Is there any benefit in switching?

    Thanks so much for your help :)
  5. Broni

    Broni Malware Annihilator Posts: 46,177   +251

  6. monkeyman19

    monkeyman19 Newcomer, in training Topic Starter

    Ok I shall try that. Thank you very much for speedy and professional help! I wish you a good day sir :)
  7. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Very same to you :)

    Good luck :)
  8. monkeyman19

    monkeyman19 Newcomer, in training Topic Starter

    Got the all clear from Avira, so all is well. Thanks again for the help.
  9. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Very well.
    Good luck :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.