Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected? I can't download new antivirus updates and get warnings I havent seen before


  • Please log in to reply
13 replies to this topic

#1 Mikey L

Mikey L

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 24 April 2009 - 12:45 PM

Good day all,
Recently I had trouble with my computer (Windows XP Media Center Edition) in that it had slowed down, my CA Internet Security Suite would give errors when downloading the updates, I had some browser re-directs and both Firefox and IE would close after about 5 minutes of browsing.

I have run SuperAntiSpyware, Spybot Search and Destroy, Malbytes' Anti-Malware and Lavasoft's Ad-Aware and corrected some problems those programs found. I had deleted my CA Internet Security Suite and replaced it with Avira Antivir and it too has the same problem downloading its updates. I have since run all of the 5 above programs cleanly and they find no objects when they run.

In addition to Avira Antivir not being able to get its updates, I now get 3 or 4 of the Windows data execution protection pop-up screens once I reboot that state;

Name: Generic Host Process for Win32 services
Publisher: Microsoft


Any help is greatly appreciated here. I have a Hijackthis log but don't really know how to interpret the results. Thanks in advance for any advice.

Mike

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:34 AM

Posted 25 April 2009 - 07:04 PM

If you are using Spybot's Teatimer function, it needs to be disabled
--------------------------------
Update mbam and run a FULL scan
Please post the results


Then run

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 johnplayer

johnplayer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 26 April 2009 - 10:09 PM

Wise to first check your internet connection. if you antivirus is not updating , a lot of times it is due to a highjacked dns. Go to control panel and select network connections and then tcip. the dns is probably fixed and you need to change it back to "automatically detect your dns.

#4 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 27 April 2009 - 10:21 PM

my dns is set to automatically detect.

garmanma;

mbam ran and did not find any infected items, as did DrWeb CureIt.

I forgot to save the log from DrWeb CureIT but it found no viruses and the mbam log is as follows;

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/27/2009 11:16:51 AM
mbam-log-2009-04-27 (11-16-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 282828
Time elapsed: 1 hour(s), 43 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I was hoping one of these programs would have found some items which would have led us to the cause of my misery here. Any other suggestions? Thanks!!

Mike

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:34 AM

Posted 28 April 2009 - 12:07 AM

Your MBAM is out of date, please download this definition update and apply and rescan with MBAM

http://www.gt500.org/malwarebytes/database.jsp
Chewy

No. Try not. Do... or do not. There is no try.

#6 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 28 April 2009 - 11:34 AM

Thank you. I dl'd the new updated version and the results are;

Malwarebytes' Anti-Malware 1.36
Database version: 2043
Windows 5.1.2600 Service Pack 3

4/28/2009 12:16:01 PM
mbam-log-2009-04-28 (12-15-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 301010
Time elapsed: 1 hour(s), 52 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\Avira (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\Avira\AntiVir Desktop (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\ZoneAlarm (Rogue.SystemSecurity) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\Windows Defender.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\Avira\AntiVir Desktop\AntiVir Help.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\Avira\AntiVir Desktop\AntiVir on the Internet.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\Avira\AntiVir Desktop\Start AntiVir.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\ZoneAlarm\Readme.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\ZoneAlarm\Uninstall ZoneAlarm Security.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\System Security\ZoneAlarm\ZoneAlarm Security.lnk (Rogue.SystemSecurity) -> No action taken.

The items found above are the programs that I installed and moved them to a folder called "System Security" in my start menu. Is the reason they were flagged by Malwarebytes' Anti-Malware 1.36 because they were moved from their original folder? I presumed this was the case and took no action when the program identified them.

Looking forward to any other suggestions.

Thanks again.

#7 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 28 April 2009 - 12:38 PM

I am also getting pop-ups from b.casalemedia.com, I've done some research online to remove this from my system, but I am unable to run regedit. When I go to start, run, and type in regedit and hit enter, my desktop goes black for a few seconds then comes back to normal but does not allow me to use regedit.

#8 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 30 April 2009 - 09:13 AM

anyone? any ideas? thanks!!

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:34 AM

Posted 30 April 2009 - 09:40 AM

It's not a good idea to start naming a subfolder something like System Security, probably some known rogue that already does that.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Chewy

No. Try not. Do... or do not. There is no try.

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:34 AM

Posted 30 April 2009 - 09:42 AM

Some of the earlier logs from MBAM and SAS might have given us some clues as what to reccomend?

Please download and run Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply
Chewy

No. Try not. Do... or do not. There is no try.

#11 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 30 April 2009 - 01:29 PM

Thanks for the help thus far. I don't think it makes a difference during this process, but I uninstalled the Antivir antivirus and installed avg antivirus yesterday to see if that program would be able to auto-update, but it cannot.

As requested, here are the logs;

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GEMR Log is as follows;

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-04-30 14:16:01
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xACDC6FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xACDC3C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xACDDE170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xACDC7580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xACDDB900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xACDDBB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xACDDFB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xACDC7670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xACDC4210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xACDDE9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xACDDE7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xACDDB280]
SSDT sptd.sys ZwEnumerateKey [0xB9EE4D1C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EE50BC]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xACDDEF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xACDDEF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xACDC4070]
SSDT sptd.sys ZwOpenKey [0xB9EE0090]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xACDDD180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xACDDCF40]
SSDT sptd.sys ZwQueryKey [0xB9EE5194]
SSDT sptd.sys ZwQueryValueKey [0xB9EE5014]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xACDDF6F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xACDDF150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xACDC6BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xACDDF540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xACDC7190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xACDC4440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xACDDE4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xACDDC200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xACDDC080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [80, 75, DC, AC, 00, B9, DD, ...]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTDDRV1.SYS The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B98CA8AC 5 Bytes JMP 8B268970
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B95584D0 16 Bytes [B2, 7A, 4A, 16, EC, EB, D5, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B95584E1 31 Bytes [70, 55, B9, 7F, F4, 7C, DD, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\eHome\ehRecvr.exe[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\eHome\ehRecvr.exe[240] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\eHome\ehRecvr.exe[240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\eHome\ehRecvr.exe[240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\eHome\ehRecvr.exe[240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\eHome\ehRecvr.exe[240] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[476] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[476] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[476] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[476] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[476] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\winlogon.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\winlogon.exe[728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\winlogon.exe[728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\winlogon.exe[728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\winlogon.exe[728] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\winlogon.exe[728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\lsass.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[976] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[976] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[976] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[976] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[976] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[1048] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[1048] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[1048] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[1048] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[1048] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\System32\svchost.exe[1192] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\System32\svchost.exe[1192] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\System32\svchost.exe[1192] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\System32\svchost.exe[1192] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\System32\svchost.exe[1192] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[1240] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[1240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[1240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[1240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[1240] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[1296] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[1296] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[1296] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[1296] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[1296] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[1428] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[1428] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[1428] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[1428] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[1428] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\spoolsv.exe[1928] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\spoolsv.exe[1928] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\spoolsv.exe[1928] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\spoolsv.exe[1928] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\spoolsv.exe[1928] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[2024] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[2024] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[2024] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[2024] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[2024] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\System32\alg.exe[2316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\System32\svchost.exe[2892] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\System32\svchost.exe[2892] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\System32\svchost.exe[2892] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\System32\svchost.exe[2892] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\System32\svchost.exe[2892] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\Explorer.EXE[3432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\Explorer.EXE[3432] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\Explorer.EXE[3432] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\Explorer.EXE[3432] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\Explorer.EXE[3432] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\Explorer.EXE[3432] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[3440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[3440] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[3440] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[3440] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[3440] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[3440] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\Program Files\Java\jre6\bin\jusched.exe[3668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3668] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\Program Files\Java\jre6\bin\jusched.exe[3668] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\Program Files\Java\jre6\bin\jusched.exe[3668] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\Program Files\Java\jre6\bin\jusched.exe[3668] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\Program Files\Java\jre6\bin\jusched.exe[3668] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\dllhost.exe[3684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\dllhost.exe[3684] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\dllhost.exe[3684] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\dllhost.exe[3684] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\dllhost.exe[3684] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\dllhost.exe[3684] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\ctfmon.exe[4088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\ctfmon.exe[4088] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\ctfmon.exe[4088] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\ctfmon.exe[4088] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\ctfmon.exe[4088] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\ctfmon.exe[4088] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EE0AB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EE0BEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EE0B76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EE171C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EE15F2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ACDCBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ACDCB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ACDCC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ACDC9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ACDC9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ACDCBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ACDCB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ACDCC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ACDCBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ACDC9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ACDCC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ACDCB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ACDCC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ACDCB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ACDCBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ACDC9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ACDCBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ACDCB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ACDCC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\wscntfy.exe[2172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\oxdw79gq.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\oxdw79gq.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\oxdw79gq.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\oxdw79gq.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B4FB1D8
Device \FileSystem\Fastfat \FatCdrom 891FE1D8
Device \Driver\USBSTOR \Device\0000008e 8864C1D8
Device \Driver\USBSTOR \Device\0000008f 8864C1D8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8B36A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B4941D8
Device \Driver\dmio \Device\DmControl\DmConfig 8B4941D8
Device \Driver\dmio \Device\DmControl\DmPnP 8B4941D8
Device \Driver\dmio \Device\DmControl\DmInfo 8B4941D8
Device \Driver\usbuhci \Device\USBPDO-1 8B36A1D8
Device \Driver\usbuhci \Device\USBPDO-2 8B36A1D8
Device \Driver\usbuhci \Device\USBPDO-3 8B36A1D8
Device \Driver\usbehci \Device\USBPDO-4 8B3501D8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8B4FD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B4FD1D8
Device \Driver\Cdrom \Device\CdRom0 8B258990
Device \Driver\00000053 \Device\00000065 sptd.sys
Device \Driver\00000053 \Device\00000065 sptd.sys
Device \Driver\Cdrom \Device\CdRom1 8B258990
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B4FD1D8
Device \Driver\Cdrom \Device\CdRom2 8B258990
Device \Driver\USBSTOR \Device\00000090 8864C1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 891771D8
Device \Driver\NetBT \Device\NetbiosSmb 891771D8
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8B36A1D8
Device \Driver\usbuhci \Device\USBFDO-1 8B36A1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F4CD1C27-A0C3-4783-979B-4E7BC8770FF5} 891771D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8948B1D8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 8B36A1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8948B1D8
Device \Driver\usbuhci \Device\USBFDO-3 8B36A1D8
Device \Driver\usbehci \Device\USBFDO-4 8B3501D8
Device \Driver\Ftdisk \Device\FtControl 8B4FD1D8
Device \Driver\USBSTOR \Device\0000008b 8864C1D8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 8B26B1D8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 8B26B1D8
Device \Driver\USBSTOR \Device\0000008d 8864C1D8
Device \FileSystem\Fastfat \Fat 891FE1D8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89489990

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 580515198
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 358178827
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0x98 0xB2 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2A 0xFB 0x8C 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB0 0xB9 0x8D 0x9E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0x98 0xB2 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2A 0xFB 0x8C 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB0 0xB9 0x8D 0x9E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0x98 0xB2 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2A 0xFB 0x8C 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB0 0xB9 0x8D 0x9E ...

---- EOF - GMER 1.0.15 ----

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Processexplorer log is as follows;

Process PID CPU Description Company Name
System Idle Process 0 25.38
Interrupts n/a 1.54 Hardware Interrupts
DPCs n/a 0.77 Deferred Procedure Calls
System 4 10.00
smss.exe 656 Windows NT Session Manager Microsoft Corporation
csrss.exe 704 Client Server Runtime Process Microsoft Corporation
winlogon.exe 732 Windows NT Logon Application Microsoft Corporation
services.exe 776 0.77 Services and Controller app Microsoft Corporation
svchost.exe 952 Generic Host Process for Win32 Services Microsoft Corporation
unsecapp.exe 2244 WMI Microsoft Corporation
wmiprvse.exe 1444 WMI Microsoft Corporation
svchost.exe 1036 Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1132 Service Executable Microsoft Corporation
svchost.exe 1172 50.00 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3872 Windows Update Automatic Updates Microsoft Corporation
wscntfy.exe 2412 Windows Security Center Notification App Microsoft Corporation
svchost.exe 1212 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1272 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1380 Generic Host Process for Win32 Services Microsoft Corporation
vsmon.exe 1436 TrueVector Service Check Point Software Technologies LTD
AAWService.exe 1860 10.77 Ad-Aware Service Application Lavasoft
spoolsv.exe 2020 Spooler SubSystem App Microsoft Corporation
svchost.exe 432 Generic Host Process for Win32 Services Microsoft Corporation
avgwdsvc.exe 472 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 752 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgnsx.exe 1080 AVG Network scanner Service AVG Technologies CZ, s.r.o.
CTSVCCDA.EXE 580 Creative Service for CDROM Access Creative Technology Ltd
ehrecvr.exe 676 Media Center Receiver Service Microsoft Corporation
ehSched.exe 708 Media Center Scheduler Service Microsoft Corporation
jqs.exe 1120 Java™ Quick Starter Service Sun Microsystems, Inc.
LVPrcSrv.exe 1396 Logitech LVPrcSrv Module. Logitech Inc.
sqlservr.exe 1768 SQL Server Windows NT Microsoft Corporation
HPZipm12.exe 2108 PML Driver HP
sqlbrowser.exe 2180 SQL Browser Service EXE Microsoft Corporation
sqlwriter.exe 2272 SQL Server VSS Writer Microsoft Corporation
svchost.exe 2300 Generic Host Process for Win32 Services Microsoft Corporation
StarWindService.exe 2324 StarWind iSCSI Target (Alcohol Edition) Rocket Division Software
svchost.exe 2336 Generic Host Process for Win32 Services Microsoft Corporation
ZuneBusEnum.exe 2620 Zune Bus Enumerator Service Microsoft Corporation
mcrdsvc.exe 2916 MCRD Device Service Microsoft Corporation
dllhost.exe 2220 COM Surrogate Microsoft Corporation
alg.exe 3208 Application Layer Gateway Service Microsoft Corporation
svchost.exe 3868 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 788 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1372 Windows Explorer Microsoft Corporation
jusched.exe 3600 Java™ Platform SE binary Sun Microsystems, Inc.
zlclient.exe 3612 ZoneAlarm Client Check Point Software Technologies LTD
MSASCui.exe 3668 Windows Defender User Interface Microsoft Corporation
avgtray.exe 3680 AVG Tray Monitor AVG Technologies CZ, s.r.o.
ctfmon.exe 3700 CTF Loader Microsoft Corporation
psi.exe 3756 Secunia PSI Secunia
procexp.exe 1736 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:34 AM

Posted 30 April 2009 - 01:45 PM

Make sure your firewall is not stopping the updates
Chewy

No. Try not. Do... or do not. There is no try.

#13 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 30 April 2009 - 07:21 PM

Windows firewall is disabled and I went into Zone Alarm and specifically enabled AVG's access to the internet. Once that didn't allow the update for AVG to happen, I temporarily disabled zone alarm all together and the update still did not work.

Do you notice anything in the logs above that needs attention?

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:34 AM

Posted 30 April 2009 - 07:35 PM

Run cureit in normal mode but leave heuristic enabled

Make sure it doesn't kill any files you know to be good.


I don't see anything obvious just a lot of potential conflicts
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users