Solved Win32/heur sims 2

Status
Not open for further replies.
T

tedus987

Posts: 207   +2
hi,

I'm having a major problem with my computer, first AVG flagged a WIN32/Heur virus on my sims 2 expansion pack, which i found odd...

this has been the 42nd case where AVG has given a false positive and after reading 8 forums where they said AVG/HEUR = Heuristics i though the same, out of anger and frustration for AVG (at one point it highlighted malware-bytes as a n infection...) removed AVG (except link scanner and one other item, it's in the option when you go to remove.) and installed avast.

now i can't access the internet, programs will not load, (freezing) and when they do if i go to try and update they lock, the'll scan for viruses fine, but it will lock when i try and update. i have disconnected my PC from the internet to avoid further viruses being downloaded.

however i can still get in to safe mode and the computer runs at full speed, so it must be when i boot normally. i'm using avast to try to scan before boot. but still getting nowhere and i can't reinstall because of the one - time codes for a few of my applications.

this post is at my uni machine so logs will take me a day to get. (not in on weekends so if asked on Friday it will be Monday.)

virus scanners
spy bot S&D
Avast
Malware bytes
Zone alarm extrem security
 
Welcome to TechSpot! I'll help you sort this out.

Going by the complaints of AVG and Win32/Heur we see on this board now, it is most likely that one of three things has happened:
1. AVG released an update that caused it to pick up some processes and label them as Win32/Heur when they are legitimate processes.
2. The system is infected with Win32/Heur.
3. It is an indication of a more serious malware infector such as Virut or Ramnit.

Unfortunately, we don't don't which until we get logs from scans and review them.
==========================================
Edit: Win32/Heur details have been removed as they did not apply.
==========================================
All of the above are the reasons we have to check all of the findings out- to either confirm the finding or look for other malware.
IF you are using a flash drive, it is very possible the infection could have spread through that. So I recommend disinfecting the flash drive first:
You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=====================================
When that has been done, if you cannot access the internet with the problem computer to download the following, you can use the flash drive:

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
====================================
Note: you should have only one antivirus program and one firewall on the system. You should either remove Avast or ZoneAlarm Extreme Security.
Please reboot the computer when through.
 
ok

ok, i'll do that, i'll post the logs on Monday.

keep in mind i am majorly restricted to safe mode.
 
Okay, now that I've scared you to death>> turns out all or most of the AVG find of Win32/Heur , currently, is a False Positive. So you should follow this ASAP: https://www.techspot.com/vb/topic162350.html

If t is a F/P, this update will fix it. If it does not and the problems continue, you should continue the scans. If needed, you can download the programs to a Flash Drive, then install them on the problem computer.

IF you don't know if the Flash Drive is clean, do this first:
These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
 
logs

i know the initial file was a F/P but i believe it is something Mal ware bytes isn't picking up, after i removed AVG that's when it all started.

Malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5997

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/03/2011 20:47:38
mbam-log-2011-03-10 (20-47-38).txt

Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 456532
Time elapsed: 1 hour(s), 27 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-13 13:13:13
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1b ExcelStor_Technology_J9250S rev.GM2OA52A
Running: dwkr9i6d.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfdoyaob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----

DDS logs

.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Administrator at 9:41:27.39 on 13/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2795 [GMT 0:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
FW: ActiveArmor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\explorer.exe
D:\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearch Bar = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNTYxNTEyODYzLUtWMys3LUJBKzEtWEwrMS1UNC1GUDkyKzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1GMTBNMTBDKzE"&"prod=55"&"ver=10.0.1204
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [ZAFFRegisterTrustChecker] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustChecker.dll"
dRunOnce: [ZAFFRegisterTrustCheckerIE] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236737580375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236737555359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6ndptuax.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd1b552&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaDownload.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: ForceField Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-12 128016]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-9 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-9 301528]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-3-12 317072]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-3-21 528128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-9 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-9 42184]
S2 gupdate1c9c68995412b6;Google Update Service (gupdate1c9c68995412b6);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\actionreplayds.sys [2009-12-19 29184]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2009-3-7 1310720]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\installedgames\dragon age\bin_ship\daupdatersvc.service.exe [2011-1-5 25832]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-7 30192]
.
=============== Created Last 30 ================
.
2011-03-12 18:46:03 -------- d-----w- c:\docume~1\admini~1\applic~1\MailFrontier
2011-03-12 18:45:24 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2011-03-10 00:22:01 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-03-09 23:53:53 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AVG Security Toolbar
2011-03-09 23:53:25 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2011-03-09 09:26:11 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-09 09:25:27 40648 ----a-w- c:\windows\avastSS.scr
2011-03-09 09:15:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-09 09:15:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-08 20:56:08 -------- d-----w- c:\program files\AVAST Software
2011-03-08 20:56:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-02-26 23:34:34 48256 ----a-r- c:\windows\system32\drivers\jraid.sys
2011-02-18 15:21:31 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-02-18 15:21:31 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-02-18 15:21:31 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-02-18 15:21:30 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-02-18 15:21:30 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-02-18 15:21:29 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-02-18 15:21:29 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-02-18 15:21:28 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-02-18 15:21:27 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-18 15:21:27 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-18 15:21:27 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-18 15:21:26 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 9:42:17.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 07/03/2009 10:48:16
System Uptime: 13/03/2011 09:38:04 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-SLI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2713/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 147.725 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 396.175 GiB free.
G: is FIXED (NTFS) - 373 GiB total, 352.943 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
AC3Filter (remove only)
Action Replay Code Manager
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Software Update
avast! Free Antivirus
Back to the Future: Ep 1 - It's About Time
Back to the Future: Ep 2 - Get Tannen!
C-Media 6501 Sound
C-Media PCI Audio Device
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Combined Community Codec Pack 2006-07-28 (Remove Only)
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dragon Age: Origins
Gamepad Pro USB
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterVideo DVDCopy5
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Junk Mail filter update
Killing Floor
Left 4 Dead
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Xbox 360 Accessories 1.2
Mozilla Firefox (3.6.15)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Oblivion
Oblivion mod manager 1.1.12
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
Paint.NET v3.36
PC Probe II
PCI Audio Driver
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SiSAGP driver
Sky Broadband
Sky Broadband Browser Branding
Skype™ 5.0
Smart Menus (Windows Live Toolbar)
SmartCamera Ver 2.2
Software Update for Web Folders
Spybot - Search & Destroy
Steam
System Requirements Lab
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Teen Style Stuff
Try Corel Snapfire muvee autoProducer add on
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB PC Cam Zoom
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VeohTV BETA
WebFldrs XP
Wii Max Media Manager Pro
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.2 final uninstall
Yahoo! Toolbar
ZoneAlarm Extreme Security
.
==== Event Viewer Messages From Past Week ========
.
12/03/2011 18:45:08, error: Service Control Manager [7019] - Circular dependency: The vsdatant service depends on a service in a group which starts later.
12/03/2011 18:45:08, error: Service Control Manager [7017] - Detected circular dependencies demand starting vsdatant.
12/03/2011 18:45:08, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: Circular service dependency was specified.
12/03/2011 18:33:27, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 AsIO aswRdr aswSnx aswSP aswTdi Fips IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
12/03/2011 18:33:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/03/2011 21:31:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09/03/2011 09:11:40, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 AsIO aswRdr aswSnx aswSP aswTdi Avgtdix Fips IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
09/03/2011 09:11:40, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
09/03/2011 09:11:40, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
09/03/2011 09:11:40, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/03/2011 09:11:40, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/03/2011 09:11:40, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
09/03/2011 09:11:11, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
09/03/2011 09:11:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/03/2011 08:56:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.
09/03/2011 08:56:23, error: Service Control Manager [7000] - The ProtexisLicensing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/03/2011 13:50:30, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E8C9EA4CA has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
to clarify

i know the initial detected file was a F/P that's why i swaped AVG with Avast, but i beleive it is something that attacked in mid swap.
 
Sorry about that lengthy Win32/Heur write up I left. Of course it was before we realized the bad AVG update was causing the problem-this time. But this finding by AVG can also indicate a file infector like Virut, so we have to check.

But Now you have 2 antivirus programs and 2 firewalls running and that's not good.
AV: ZoneAlarm Extreme Security Antivirus
AV: avast! Antivirus
FW: ZoneAlarm Extreme Security Firewall
FW: ActiveArmor Firewall>>> There is not enough information in these logs to positively ID this Firewall. It can be legitimate or malware.

Please remove one of each as multiples present vulnerabilities: Please use the removal below for whichever program you do not want to keep:
To uninstall ZoneAlarm:(it appears that you have the suite)

  • [1] Go to Control Center> go to the Preferences tab of the Overview panel.
    [2] Clear the check box labeled Load ZoneAlarm at startup.
    [3] Reboot the computer.
    [4] In Windows start menu: Go to Start> Programs> Zone Labs
    [5] Click Uninstall ZoneAlarm.
    [6] During the uninstallation process, you will see a diaglog box titles "This is a security check from the Zone Labs security engine> Click YES in this dialog box.
(Note about ZoneAlarm: If you decide to keep this suite, I will have you check some Services and settings. There are Errors indicating it isn't functioning correctly)

Avast Removal
Please reboot the computer when through.
======================================
IF you previously had AVG, do you plan to reinstall ir after removing the other AV programs? There are some left over entries.
======================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
==========================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
virus scanners

zone alarm is my main firewall, it's virus scanner is disabled and not in monitoring mde to not conflict with avast.

active armour is nVidia and i am trying to find a way to disable it.

although i've had it for a year and never had any problem although i thought i unistalled it once.

so i'll either remove it or at lease disable it.

also i can't access Eset NOD32 from my home, my PC is offline, whatever on my pc is stopping me from accessing the internet. i'll run combo fix.

also i have looked and i might be able to disable active armour, but it's built in to the board. (hura hura for asus)
 
Eset NOD32 question?

is there a free non-trial version i could use to get the log from an offline computer?
 
No, you need to be online to run and online virus scanner. I have had a few members download the .exe file on flash drive and run it on problem computer. But since this can't be updated, I don't recommend it.

Please go ahead with Combofix- you can use a flash drive for that. There is a part of Cobofix that checks for the Recovery Console and if you don't have it installed will offer it. But it can't be downloaded offline so just go on to the scan part of Combofix.

I knew Active Armour was associated with Nvidia, but is has not CLSID after it like all the other security programs in the header do. For instance:
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *Enabled* no identification

Nvidia forum suggest this:
Click on Active Armor icon in Notification Area.
Set Security Profile to OFF.
That is usually a right click but if that does not bring up the correct screen, try a double click to open.

I am not clear about your online status. Are you staying offline because of suspected malware? Can you actually boot into Normal Mode? Even if it causes problem later, it's important to see what's on the system and some processes don't run in Safe Mode.
.
 
i can boot normally, but my PC slows very quickly, also i can run virus scanners, but my PC locks if i try to access Mozilla, or my anti virus locks if i try to update my AV software. i believe the virus is clogging the access and downloading more malicious software, for this reason i have also unplugged my PC from the internet.

to post these logs i had to run as the admin in safe mode malicious software and then transfer the logs to a flash drive.

OK, post logs tomorrow.
 
combo fix log

ok here's the log, active armour can't be found, it's not in services, add/remove programs and i know i uninstalled it when i built swapped it for zone alarm.

also can't install recovery console while not connected to the internet.
-----------

ComboFix 11-03-14.07 - Administrator 15/03/2011 21:57:26.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2791 [GMT 0:00]
Running from: D:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Install.txt
c:\windows\system32\Install.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-12 18:46 . 2011-03-12 18:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailFrontier
2011-03-12 18:45 . 2009-10-12 18:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2011-03-12 18:45 . 2010-08-29 02:53 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-03-12 18:45 . 2010-08-29 02:53 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2011-03-10 00:22 . 2011-03-10 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-09 23:53 . 2011-03-09 23:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2011-03-09 23:53 . 2011-03-09 23:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-09 09:26 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-09 09:26 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 09:26 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-09 09:26 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-09 09:26 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-09 09:26 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-09 09:26 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-09 09:26 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-09 09:25 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-09 09:25 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-09 09:15 . 2011-03-09 09:15 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-08 20:56 . 2011-03-08 20:56 -------- d-----w- c:\program files\AVAST Software
2011-03-08 20:56 . 2011-03-08 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-08 17:30 . 2011-03-08 17:30 -------- d-----w- c:\documents and settings\VS removal & admin\Application Data\AVG10
2011-02-26 23:34 . 2007-06-13 15:47 48256 ----a-r- c:\windows\system32\drivers\jraid.sys
2011-02-18 15:21 . 2010-06-02 04:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-02-18 15:21 . 2010-06-02 04:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-02-18 15:21 . 2010-06-02 04:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-02-18 15:21 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-02-18 15:21 . 2010-05-26 11:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-02-18 15:21 . 2010-05-26 11:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-02-18 15:21 . 2010-05-26 11:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-02-18 15:21 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-02-18 15:21 . 2010-02-04 10:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-18 15:21 . 2010-02-04 10:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-18 15:21 . 2010-02-04 10:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-18 15:21 . 2010-02-04 10:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-03 23:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-03 23:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-03-07 10:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-03-07 10:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-10-15 11:50 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-03 23:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-11-08 22:13 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-11-23 16:43 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-01-16 20:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-03 23:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2004-08-03 23:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 18:09 . 2010-03-21 17:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-03-21 17:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2005-10-14 16:17 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-03 21:59 385024 ----a-w- c:\windows\system32\html.iec
2010-08-11 09:38 . 2009-11-30 23:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-17 274608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ZAFFRegisterTrustChecker"="-s" [X]
"ZAFFRegisterTrustCheckerIE"="-s" [X]
.
c:\documents and settings\Luke\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-3-7 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09/03/2011 09:26 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/03/2011 09:26 301528]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/03/2011 09:26 19544]
S2 gupdate1c9c68995412b6;Google Update Service (gupdate1c9c68995412b6);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 16:07 133104]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 13:30 26352]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 13:30 493032]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\actionreplayds.sys [19/12/2009 17:38 29184]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [07/03/2009 12:44 1310720]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\installedgames\Dragon Age\bin_ship\daupdatersvc.service.exe [05/01/2011 18:30 25832]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/03/2009 12:54 30192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-03-04 c:\windows\Tasks\defrag main drive.job
- c:\windows\system32\defrag.exe [2004-08-03 00:12]
.
2011-03-07 c:\windows\Tasks\defrag slave 1.job
- c:\windows\system32\defrag.exe [2004-08-03 00:12]
.
2011-03-08 c:\windows\Tasks\defrag slave 2.job
- c:\windows\system32\defrag.exe [2004-08-03 00:12]
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 16:06]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 16:06]
.
2011-03-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-492894223-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-492894223-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ndptuax.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd1b552&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: ForceField Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-C6501Sound - c6501.cpl
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 22:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-03-15 22:12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-15 22:12
.
Pre-Run: 158,548,115,456 bytes free
Post-Run: 158,409,502,720 bytes free
.
- - End Of File - - 6A27CD99FA10EEE0789B821152C1EC88
 
I will remove the Active Armour entry in the Combofix heading. Please tell me if you will be putting AVG back on the system or plan to keep Avast. There are a couple of entries I need ti deal with,

Did you run the Temporary File Cleaner (TFC) when you started?

It would be very helpful if you could 'limp' online long enough to run the Eset Virus scan.
 
i'm keeping with avast

yes i did, as per the start the TFC was used

not to sure if i can get online, when i run a browser it will refuse to acknowledge i have commanded it to open and lock up, also virus scanners freeze if i try to update them. i'll try to limp online tonight but if you don't see a response till tomorrow it's probably because i'm still being blocked.
 
OK, still can't get online, i can access my files but if i try to run an app, browser or anti virus while not in safe mode my pc just locks up on whatever the app was. (will lock up file window if i try to run via program files. will lock up task bar if tried from shortcut or start menu, and will lock up the desktop if i try to use a shortcut on the desktop.

on top of that it's stopping a load of items from booting, (sound handler, avast, zone alarm, etc...)

it seams if i try to connect to the internet, it gets worse. so i am full restricted to the still working safe mode, it says it has downloaded an update, but at the moment it might be best to burn the latest windows XP update to a CD just in case.

will be here till 7:45PM GMT

the only consolation is that i never use this PC for amazon, i have a high security laptop just for that. but this PC is where i do everything that doesn't involve money.

it's already fully recovered from one serios virus a year before so as long as i can use safe mode there must be an answer.

This is getting on my nerves, i want my PC back :(
 
on top of that it's stopping a load of items from booting, (sound handler, avast, zone alarm, etc...)
Click to expand...
Just to ease your mind, not everything loads when you're in Safe Mode. And if you choose Safe Mode with Networking, security programs don't load.

I have already started on script for you to run. I noticed in the Event Viewer section that you might not have some Services set correctly:
12/03/2011 18:45:08, error: Service Control Manager [7019] - Circular dependency: The vsdatant service depends on a service in a group which starts later.
12/03/2011 18:45:08, error: Service Control Manager [7017] - Detected circular dependencies demand starting vsdatant.
12/03/2011 18:45:08, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: Circular service dependency was specified.
These 3 refer to ZoneAlarm Services. A Service may run on it's own when needed or it may depend on other Services running to start. That what's happening here:

Let's try this- it can be done in Safe Mode:

Click on Start> Run> type in services.msc> enter> Double click on vsmon> Set the Startup type to Automatic> Click on the Dependencies tab> any other Service that THIS Service depends on to run must be set to at least Manual Startup type.

If there is a Service named Vsdatant, set as you did for vsmon.

Go back to the list of Services and find any other Services that were listed as a dependency for vsmon and make sure their Startup type is Manual or Automatic.

Vsdatant is a driver for the ZoneAlarm Firewall service and I think the True Vector Service is vsmon>

I'm going to take a supper break now- give me a while to go over all the logs again.
 
i meant that it wasn't loading when i trying to use normal mode to get online, is there anyway to access the internet via safe mode?
 
vsmon

ok, it's not in services and i think i know why, back when i first got this i updated all my virus scanners, including zone alarm, by using offline updates, for zone alarm to update it has to save the product key in a file, uninstall itself, reconfigure, re-install itself, enter the product key automatically and then it initializes, and initializes the services....

however that can't be done in safe mode... i updated zone alarm on the defiantly after the 12th, so the service hasn't been initalised. but i will do that once i can access it normally.
 
You can access using Safe Mode with Networking- but I don't recommend that because the security programs don't run.

Safe Mode with Networking: Includes the services and drivers needed for network connectivity. Safe mode with networking enables logging on to the network, logon scripts, security, and Group Policy settings. Nonessential services and startup programs not related to networking do not run. Helpful if needed but should be used with caution as the security programs don't load in this mode.
 
ok, it's not in services but when i look at the processes it's still there... weird. but the zone alarm service is there, just not vsmon or Vsdatant.

could they be under a diffrent name?
 
Your security programs are getting 'murky'. Please run the following so we can sort it out:

Security Check

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Use a flash drive to download if necessary, then install and run the scan on the problem computer.
 
Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm Extreme Security
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.15) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

here's the log.

keep in mind the out of date stuff is due to lack of internet.
 
I've gone back over the logs to try and find a problem and I cannot. So we will look for a rootkit that may be preventing the access: Please put this on a flash drive, then run on the problem computer:

  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
Please paste log in next reply.

About this:
by using offline updates
Click to expand...
Anytime you update security programs, you should be online. That's the only way you can be sure you're getting the most current ones. My take on this comment is that somehow you saved updates and applied them when you were offline.

Please give me a current description of the ongoing problems.
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
BBrown2022
  • Locked
Inactive Windows .DLL Files & Drivers overwritten
Replies
8
Views
2K
Broni
Broni
midian182
OneDrive users must justify why they are closing the app before exiting (Updated)
Replies
17
Views
546
Nobina
Nobina

Latest posts

Back