Hi guys,
firstly, what an awesome site. So glad I came across it. I have followed the 8-Step guide and as requested, here are my logs....
Malwarebyte
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
08/11/2010 13:50:27
mbam-log-2010-11-08 (13-50-27).txt
Scan type: Quick scan
Objects scanned: 145393
Time elapsed: 8 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-08 14:17:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD2500BEVT-00ZCT0 rev.11.01A11
Running: 38yrcblo.exe; Driver: C:\DOCUME~1\NewUser\LOCALS~1\Temp\pxtdrpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwClose [0xF38F029D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0xF38D98FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0xF38D9954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0xF38D9A6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateKey [0xF38EFC51]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0xF38D9852]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0xF38D99A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0xF38D98A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0xF38D9A18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteKey [0xF38F0963]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteValueKey [0xF38F0A6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDuplicateObject [0xF38DA19C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateKey [0xF38F07CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateValueKey [0xF38F0639]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0xF38D7D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0xF38D992C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0xF38D997C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0xF38D9A94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenKey [0xF38EFFAD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0xF38D987E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenProcess [0xF38D9FD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0xF38D99E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0xF38D98D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenThread [0xF38DA0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0xF38D9A42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryKey [0xF38F04B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0xF38D8832]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryValueKey [0xF38F0306]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF39211B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0xF38DA310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0xF38D9F0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwRestoreKey [0xF38EF2EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0xF38D7D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3920E70]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0xF38D7E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0xF38D7E88]
INT 0x62 ? 86FD5BF8
INT 0x73 ? 86CBFBF8
INT 0x83 ? 86CBFBF8
INT 0x84 ? 86CBFBF8
INT 0xA4 ? 86FD5BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF392DAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP F3929536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP F392AEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP F392DACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? sphi.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6038360, 0x213B6D, 0xE8000020]
.text USBPORT.SYS!DllUnload F5E938AC 5 Bytes JMP 86CBF1D8
init C:\WINDOWS\system32\drivers\ti21sony.sys entry point in "init" section [0xF5E77051]
.rsrc C:\WINDOWS\System32\drivers\afd.sys entry point in ".rsrc" section [0xF3AC1C94]
? C:\DOCUME~1\NewUser\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7392042] sphi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739213E] sphi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73920C0] sphi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7392800] sphi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73926D6] sphi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A1E9C] sphi.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[164] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[164] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 86FD41F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 86AD71F8
Device \Driver\usbuhci \Device\USBPDO-1 86AD71F8
Device \Driver\usbuhci \Device\USBPDO-2 86AD71F8
Device \Driver\usbehci \Device\USBPDO-3 86AD61F8
Device \Driver\usbuhci \Device\USBPDO-4 86AD71F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F651F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F651F8
Device \Driver\Cdrom \Device\CdRom0 86A8F1F8
Device \Driver\Cdrom \Device\CdRom1 86A8F1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8517FAEA
Device \Driver\atapi \Device\Ide\IdePort0 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8517FAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8517FAEA
Device \Driver\atapi \Device\Ide\IdePort1 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8517FAEA
Device \Driver\atapi \Device\Ide\IdePort2 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 86A8F1F8
Device \Driver\Cdrom \Device\CdRom3 86A8F1F8
Device \Driver\Cdrom \Device\CdRom4 86A8F1F8
AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
Device \Driver\usbuhci \Device\USBFDO-0 86AD71F8
Device \Driver\usbuhci \Device\USBFDO-1 86AD71F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CBE1F8
Device \Driver\usbuhci \Device\USBFDO-2 86AD71F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CBE1F8
Device \Driver\usbuhci \Device\USBFDO-3 86AD71F8
Device \Driver\usbehci \Device\USBFDO-4 86AD61F8
Device \Driver\Ftdisk \Device\FtControl 86F651F8
Device \FileSystem\Cdfs \Cdfs 86B561F8
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500BEVT-00ZCT0___________________11.01A11#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@002106526949 0x72 0xE1 0x00 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc02772c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc02772c@002106526949 0xB3 0x0F 0xD0 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x9C 0x73 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@002106526949 0x72 0xE1 0x00 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bdc02772c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bdc02772c@002106526949 0xB3 0x0F 0xD0 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x9C 0x73 0x06 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@iaggmepognjiibbbih 0x6B 0x61 0x6B 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@haabcgbncnalgije 0x6B 0x61 0x6B 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@gajhhnhlppelni 0x61 0x63 0x6A 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@oadfahacemhlmcnegegkmkkkalijfm 0x64 0x61 0x6F 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@oapeafgaomcgkappdfgelakiekblej 0x6A 0x61 0x62 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@najecgpjbofmjndogamchhnklnfb 0x6A 0x61 0x62 0x6D ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 488396912 (+254): rootkit-like behavior;
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\System32\drivers\afd.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
DDS Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-08.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25/11/2009 17:28:50
System Uptime: 11/08/2010 13:59:23 (2137 hours ago)
Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | N/A | 1662/167mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 98 GiB total, 7.453 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 135 GiB total, 11.977 GiB free.
F: is Removable
G: is CDROM (CDFS)
H: is CDROM (CDFS)
I: is CDROM (CDFS)
J: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200&REV_0900\4&B1E7652&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200&REV_0900\4&B1E7652&0&0102
Service:
==== System Restore Points ===================
RP60: 05/11/2010 03:19:36 - System Checkpoint
RP61: 06/11/2010 23:33:02 - System Checkpoint
RP62: 08/11/2010 01:28:39 - System Checkpoint
RP63: 08/11/2010 13:15:34 - Revo Uninstaller Pro's restore point - Ad-Aware 2007
RP64: 08/11/2010 13:23:40 - Revo Uninstaller Pro's restore point - Malwarebytes' Anti-Malware
RP65: 08/11/2010 13:24:46 - Revo Uninstaller Pro's restore point - Spyware Doctor 7.0
==== Installed Programs ======================
3Connect
7-Zip 4.57
ACID Pro 7.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alchemy
Anvil Studio
Apple Application Support
Apple Software Update
ASIO4ALL
Atmosphere
Audacity 1.2.6
avast! Internet Security
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
BBC iPlayer Desktop
BIAS SoundSoap SE 2.2
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 6.0
BlackBerry USB and Modem Drivers 5.0.1
BlackBerry® Media Sync
Bonjour
CardRecovery
CCleaner
Connect
ConvertXtoDVD 3.3.4.106e
Crystal Reports Basic Runtime for Visual Studio 2008
DebugMode PluginPac (remove only)
DirectWave
DX10
Easy MP3 Cutter 2.9
Edison
EPSON Printer Software
ERUNT 1.1j
Facebook Plug-In
FL Studio 9
Free Studio version 4.9
FreeStar Free AMR MP3 Converter 1.0.3
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huawei modem
IL Autogun
IL Download Manager
IL DrumSynth Live
IL Gross Beat
IL Juice Pack
IL Vocodex
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
iTunes
Java Auto Updater
Java(TM) 6 Update 19
K-Lite Codec Pack 5.6.1 (Basic)
Karaoke CD+G Creator Pro
kuler
LAME v3.98.2 for Audacity
LAN Setting Utility
Magic ISO Maker v5.5 (build 0276)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Maximus
mCore
mDriver
MediaInfo 0.7.26
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mMHouse
Morphine
Mozilla Firefox (3.6.12)
MP3Resizer 1.9.2
mPfMgr
mProSafe
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mXML
NewBlue 3D Explosions for Windows
NewBlue 3D Transformations for Windows
NewBlue Art Blends for Windows
NewBlue Art Effects for Windows
NewBlue Film Effects for Windows
NewBlue Motion Blends for Windows
NewBlue Motion Effects for Windows
NewBlue Video Essentials for Windows
NVIDIA Drivers
OpenOffice.org 3.2
OpenWith.org 1.0.3
PDF Settings CS4
PeerBlock 1.0+ (r320)
Photoshop Camera Raw
Picasa 3
PixiePack Codec Pack
PoiZone
Power CD+G Burner
QuickTime
RegSupreme Pro
Replay Music
Revo Uninstaller Pro 2.4.1
Sawer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Setting Utility Series
Siglos Karaoke Player/Recorder
SigmaTel Audio
Skype web features
Skype™ 4.1
SmartSound Quicktracks Plugin
Sony CD Architect 5.2
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Sound Forge Pro 10.0
SpiceMASTER 2.5 PRO for Vegas
Spybot - Search & Destroy
Stellar Phoenix Windows Data Recovery V3.0
Suite Shared Configuration CS4
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
T-RackS 3 Deluxe
The Rosetta Stone
Toxic Biohazard
TrackItNow ERA Client
Trojan Remover 6.8.2
Tunebite
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Uninstall 1.0.0.1
Uninstall Mystical
Uninstall Startup Inspector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
V Stuff Backup v1.6.2.18253
VAIO Camera Utility
VAIO Control Center
VAIO Event Service
VAIO Power Management
VAIO Update 5
Vegas Pro 10.0
VLC media player 1.0.3
Vuze
Vuze Remote Toolbar
WebFldrs XP
Wi-Fi fastconnect
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Wireless LAN Starter
Wireless Switch Setting Utility
Xiph QuickTime Components
Xtranormal State
Xtranormal State - Showpak-Playgoz-Preview
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom
==== Event Viewer Messages From Past Week ========
08/11/2010 13:35:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
08/11/2010 13:27:34, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:34, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:33, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:33, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:33, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:32, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:32, error: Service Control Manager [7034] - The BecHelperService service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:31, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:31, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
06/11/2010 19:48:27, error: Dhcp [1002] - The IP address lease 192.168.0.12 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
06/11/2010 18:04:36, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
06/11/2010 14:08:36, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
06/11/2010 05:12:43, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Crypkey License service to connect.
06/11/2010 05:12:43, error: Service Control Manager [7000] - The Crypkey License service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/11/2010 04:48:13, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
05/11/2010 11:55:11, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
05/11/2010 11:55:03, error: Dhcp [1002] - The IP address lease 192.168.1.15 for the Network Card with network address 0013A90F7A6D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
05/11/2010 11:20:33, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
05/11/2010 01:53:51, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/11/2010 14:41:38, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
01/11/2010 13:13:41, error: Service Control Manager [7000] - The TuneUpUtilitiesDrv service failed to start due to the following error: The parameter is incorrect.
01/11/2010 13:12:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
01/11/2010 13:12:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
01/11/2010 13:12:09, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2010 13:11:00, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.10.2 (The DHCP Server sent a DHCPNACK message).
01/11/2010 13:10:52, error: NetBT [4311] - Initialization failed because the driver device could not be created.
01/11/2010 13:10:52, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
01/11/2010 13:10:52, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
01/11/2010 13:08:38, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
01/11/2010 01:16:17, error: Dhcp [1002] - The IP address lease 192.168.1.15 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Cont..........
firstly, what an awesome site. So glad I came across it. I have followed the 8-Step guide and as requested, here are my logs....
Malwarebyte
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
08/11/2010 13:50:27
mbam-log-2010-11-08 (13-50-27).txt
Scan type: Quick scan
Objects scanned: 145393
Time elapsed: 8 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-08 14:17:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD2500BEVT-00ZCT0 rev.11.01A11
Running: 38yrcblo.exe; Driver: C:\DOCUME~1\NewUser\LOCALS~1\Temp\pxtdrpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwClose [0xF38F029D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0xF38D98FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0xF38D9954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0xF38D9A6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateKey [0xF38EFC51]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0xF38D9852]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0xF38D99A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0xF38D98A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0xF38D9A18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteKey [0xF38F0963]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteValueKey [0xF38F0A6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDuplicateObject [0xF38DA19C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateKey [0xF38F07CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateValueKey [0xF38F0639]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0xF38D7D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0xF38D992C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0xF38D997C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0xF38D9A94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenKey [0xF38EFFAD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0xF38D987E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenProcess [0xF38D9FD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0xF38D99E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0xF38D98D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenThread [0xF38DA0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0xF38D9A42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryKey [0xF38F04B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0xF38D8832]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryValueKey [0xF38F0306]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF39211B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0xF38DA310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0xF38D9F0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwRestoreKey [0xF38EF2EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0xF38D7D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3920E70]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0xF38D7E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0xF38D7E88]
INT 0x62 ? 86FD5BF8
INT 0x73 ? 86CBFBF8
INT 0x83 ? 86CBFBF8
INT 0x84 ? 86CBFBF8
INT 0xA4 ? 86FD5BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF392DAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP F3929536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP F392AEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP F392DACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? sphi.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6038360, 0x213B6D, 0xE8000020]
.text USBPORT.SYS!DllUnload F5E938AC 5 Bytes JMP 86CBF1D8
init C:\WINDOWS\system32\drivers\ti21sony.sys entry point in "init" section [0xF5E77051]
.rsrc C:\WINDOWS\System32\drivers\afd.sys entry point in ".rsrc" section [0xF3AC1C94]
? C:\DOCUME~1\NewUser\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7392042] sphi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739213E] sphi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73920C0] sphi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7392800] sphi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73926D6] sphi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A1E9C] sphi.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[164] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[164] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 86FD41F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 86AD71F8
Device \Driver\usbuhci \Device\USBPDO-1 86AD71F8
Device \Driver\usbuhci \Device\USBPDO-2 86AD71F8
Device \Driver\usbehci \Device\USBPDO-3 86AD61F8
Device \Driver\usbuhci \Device\USBPDO-4 86AD71F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F651F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F651F8
Device \Driver\Cdrom \Device\CdRom0 86A8F1F8
Device \Driver\Cdrom \Device\CdRom1 86A8F1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8517FAEA
Device \Driver\atapi \Device\Ide\IdePort0 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8517FAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8517FAEA
Device \Driver\atapi \Device\Ide\IdePort1 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8517FAEA
Device \Driver\atapi \Device\Ide\IdePort2 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 86A8F1F8
Device \Driver\Cdrom \Device\CdRom3 86A8F1F8
Device \Driver\Cdrom \Device\CdRom4 86A8F1F8
AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
Device \Driver\usbuhci \Device\USBFDO-0 86AD71F8
Device \Driver\usbuhci \Device\USBFDO-1 86AD71F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CBE1F8
Device \Driver\usbuhci \Device\USBFDO-2 86AD71F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CBE1F8
Device \Driver\usbuhci \Device\USBFDO-3 86AD71F8
Device \Driver\usbehci \Device\USBFDO-4 86AD61F8
Device \Driver\Ftdisk \Device\FtControl 86F651F8
Device \FileSystem\Cdfs \Cdfs 86B561F8
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500BEVT-00ZCT0___________________11.01A11#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@002106526949 0x72 0xE1 0x00 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc02772c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc02772c@002106526949 0xB3 0x0F 0xD0 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x9C 0x73 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@002106526949 0x72 0xE1 0x00 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bdc02772c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bdc02772c@002106526949 0xB3 0x0F 0xD0 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x9C 0x73 0x06 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@iaggmepognjiibbbih 0x6B 0x61 0x6B 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@haabcgbncnalgije 0x6B 0x61 0x6B 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@gajhhnhlppelni 0x61 0x63 0x6A 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@oadfahacemhlmcnegegkmkkkalijfm 0x64 0x61 0x6F 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@oapeafgaomcgkappdfgelakiekblej 0x6A 0x61 0x62 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@najecgpjbofmjndogamchhnklnfb 0x6A 0x61 0x62 0x6D ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 488396912 (+254): rootkit-like behavior;
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\System32\drivers\afd.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
DDS Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-08.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25/11/2009 17:28:50
System Uptime: 11/08/2010 13:59:23 (2137 hours ago)
Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | N/A | 1662/167mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 98 GiB total, 7.453 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 135 GiB total, 11.977 GiB free.
F: is Removable
G: is CDROM (CDFS)
H: is CDROM (CDFS)
I: is CDROM (CDFS)
J: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200&REV_0900\4&B1E7652&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200&REV_0900\4&B1E7652&0&0102
Service:
==== System Restore Points ===================
RP60: 05/11/2010 03:19:36 - System Checkpoint
RP61: 06/11/2010 23:33:02 - System Checkpoint
RP62: 08/11/2010 01:28:39 - System Checkpoint
RP63: 08/11/2010 13:15:34 - Revo Uninstaller Pro's restore point - Ad-Aware 2007
RP64: 08/11/2010 13:23:40 - Revo Uninstaller Pro's restore point - Malwarebytes' Anti-Malware
RP65: 08/11/2010 13:24:46 - Revo Uninstaller Pro's restore point - Spyware Doctor 7.0
==== Installed Programs ======================
3Connect
7-Zip 4.57
ACID Pro 7.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alchemy
Anvil Studio
Apple Application Support
Apple Software Update
ASIO4ALL
Atmosphere
Audacity 1.2.6
avast! Internet Security
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
BBC iPlayer Desktop
BIAS SoundSoap SE 2.2
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 6.0
BlackBerry USB and Modem Drivers 5.0.1
BlackBerry® Media Sync
Bonjour
CardRecovery
CCleaner
Connect
ConvertXtoDVD 3.3.4.106e
Crystal Reports Basic Runtime for Visual Studio 2008
DebugMode PluginPac (remove only)
DirectWave
DX10
Easy MP3 Cutter 2.9
Edison
EPSON Printer Software
ERUNT 1.1j
Facebook Plug-In
FL Studio 9
Free Studio version 4.9
FreeStar Free AMR MP3 Converter 1.0.3
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huawei modem
IL Autogun
IL Download Manager
IL DrumSynth Live
IL Gross Beat
IL Juice Pack
IL Vocodex
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
iTunes
Java Auto Updater
Java(TM) 6 Update 19
K-Lite Codec Pack 5.6.1 (Basic)
Karaoke CD+G Creator Pro
kuler
LAME v3.98.2 for Audacity
LAN Setting Utility
Magic ISO Maker v5.5 (build 0276)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Maximus
mCore
mDriver
MediaInfo 0.7.26
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mMHouse
Morphine
Mozilla Firefox (3.6.12)
MP3Resizer 1.9.2
mPfMgr
mProSafe
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mXML
NewBlue 3D Explosions for Windows
NewBlue 3D Transformations for Windows
NewBlue Art Blends for Windows
NewBlue Art Effects for Windows
NewBlue Film Effects for Windows
NewBlue Motion Blends for Windows
NewBlue Motion Effects for Windows
NewBlue Video Essentials for Windows
NVIDIA Drivers
OpenOffice.org 3.2
OpenWith.org 1.0.3
PDF Settings CS4
PeerBlock 1.0+ (r320)
Photoshop Camera Raw
Picasa 3
PixiePack Codec Pack
PoiZone
Power CD+G Burner
QuickTime
RegSupreme Pro
Replay Music
Revo Uninstaller Pro 2.4.1
Sawer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Setting Utility Series
Siglos Karaoke Player/Recorder
SigmaTel Audio
Skype web features
Skype™ 4.1
SmartSound Quicktracks Plugin
Sony CD Architect 5.2
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Sound Forge Pro 10.0
SpiceMASTER 2.5 PRO for Vegas
Spybot - Search & Destroy
Stellar Phoenix Windows Data Recovery V3.0
Suite Shared Configuration CS4
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
T-RackS 3 Deluxe
The Rosetta Stone
Toxic Biohazard
TrackItNow ERA Client
Trojan Remover 6.8.2
Tunebite
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Uninstall 1.0.0.1
Uninstall Mystical
Uninstall Startup Inspector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
V Stuff Backup v1.6.2.18253
VAIO Camera Utility
VAIO Control Center
VAIO Event Service
VAIO Power Management
VAIO Update 5
Vegas Pro 10.0
VLC media player 1.0.3
Vuze
Vuze Remote Toolbar
WebFldrs XP
Wi-Fi fastconnect
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Wireless LAN Starter
Wireless Switch Setting Utility
Xiph QuickTime Components
Xtranormal State
Xtranormal State - Showpak-Playgoz-Preview
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom
==== Event Viewer Messages From Past Week ========
08/11/2010 13:35:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
08/11/2010 13:27:34, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:34, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:33, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:33, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:33, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:32, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:32, error: Service Control Manager [7034] - The BecHelperService service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:31, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2010 13:27:31, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
07/11/2010 05:36:35, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
06/11/2010 19:48:27, error: Dhcp [1002] - The IP address lease 192.168.0.12 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
06/11/2010 18:04:36, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
06/11/2010 14:08:36, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
06/11/2010 05:12:43, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Crypkey License service to connect.
06/11/2010 05:12:43, error: Service Control Manager [7000] - The Crypkey License service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/11/2010 04:48:13, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
05/11/2010 11:55:11, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
05/11/2010 11:55:03, error: Dhcp [1002] - The IP address lease 192.168.1.15 for the Network Card with network address 0013A90F7A6D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
05/11/2010 11:20:33, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
05/11/2010 01:53:51, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/11/2010 14:41:38, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
01/11/2010 13:13:41, error: Service Control Manager [7000] - The TuneUpUtilitiesDrv service failed to start due to the following error: The parameter is incorrect.
01/11/2010 13:12:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
01/11/2010 13:12:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
01/11/2010 13:12:09, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2010 13:11:00, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.10.2 (The DHCP Server sent a DHCPNACK message).
01/11/2010 13:10:52, error: NetBT [4311] - Initialization failed because the driver device could not be created.
01/11/2010 13:10:52, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
01/11/2010 13:10:52, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
01/11/2010 13:08:38, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
01/11/2010 01:16:17, error: Dhcp [1002] - The IP address lease 192.168.1.15 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Cont..........