Hi,
OK... I've tried using the Norton removal tool but it wont work. It says this in step 3:
Choose one of the following depending on what your product Status is:
*
The Status of my product is "Not Saved"
You have not yet created a Norton Account. Follow these steps:
1. Click your Norton product, then click Save Product Key. 2. Complete the form to create a new Norton Account, then click Submit.
3. Click Next, then skip to line 5 below.
* The Status of my product is "Saved"
Click your Norton product, then click Retrieve Product Key. Then continue with line 4 below.
Unfortunately, there is no product for me to select. The list is empty. So I've tried uninstalling AVG until I can figure out how to get rid of Norton... theres an error with the registry key so that wont uninstall either. Nightmare. And you're right, now that Norton and AVG are both installed its creating problems.
Anyway, here are the logs you asked for:
DDS:
DDS (Ver_09-06-26.01) - FAT32x86
Run by Ashley at 11:51:59.68 on 18/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.342 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ashley\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.co.uk/mDefault_Page_URL =
hxxp://www.asus.comuInternet Connection Wizard,ShellNext =
hxxp://www.asus.com/BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -
hxxps://www-secure.symantec.com/techsup ... gctlsr.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cabDPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -
hxxp://www.gamehouse.com/games/SproutLauncher.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ashley\applic~1\mozilla\firefox\profiles\q9w5h3mb.default\
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-1 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-7-13 704384]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 298776]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-16 192112]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-16 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-16 169584]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-10-6 133744]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-7-23 1119888]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-7-13 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-7-13 257432]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;c:\windows\system32\drivers\atl02_xp.sys [2008-7-23 27776]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050912.024\NAVENG.SYS [2008-7-23 77816]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050912.024\NAVEX15.SYS [2008-7-23 665816]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-7-13 1195008]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]
=============== Created Last 30 ================
2009-07-13 21:18 704,384 a------- c:\windows\system32\drivers\SandBox.sys
2009-07-13 21:18 257,432 a------- c:\windows\system32\drivers\afwcore.sys
2009-07-13 21:17 49 a------- c:\windows\transp.gif
2009-07-13 21:17 31,128 a------- c:\windows\system32\drivers\afw.sys
2009-07-13 21:16 <DIR> --d----- c:\program files\Agnitum
2009-07-13 21:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Agnitum
2009-07-12 23:02 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-07-12 21:31 <DIR> --d----- c:\program files\BillP Studios
2009-07-12 21:29 <DIR> --d----- c:\docume~1\ashley\applic~1\WinPatrol
2009-07-12 18:21 <DIR> --d----- c:\program files\Trend Micro
2009-07-12 18:15 <DIR> --d----- C:\VundoFix Backups
2009-07-12 12:13 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 12:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 12:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 11:35 <DIR> --dsh--- c:\documents and settings\ashley\IECompatCache
2009-06-25 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-06-25 21:21 <DIR> --dsh--- c:\documents and settings\ashley\PrivacIE
2009-06-25 21:18 <DIR> --dsh--- c:\documents and settings\ashley\IETldCache
2009-06-25 21:13 <DIR> --d----- c:\windows\ie8updates
2009-06-25 21:10 <DIR> --d-h--- c:\windows\ie8
2009-06-25 21:07 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-25 21:06 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-25 21:06 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 21:06 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-25 21:06 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-25 20:58 16,883,056 a------- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-06-25 19:32 <DIR> --dsh--- C:\FOUND.008
2009-06-21 22:49 <DIR> --d----- c:\docume~1\ashley\applic~1\pixelStorm
==================== Find3M ====================
2009-07-05 20:33 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 17:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-29 22:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-29 22:31 881,664 a------- c:\windows\system32\xvidcore.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-20 10:17 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-20 10:17 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 06:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 06:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 22:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 22:02 685,056 a------- c:\windows\system32\divx.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-30 22:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 22:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 22:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 12:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-29 05:46 1,499,136 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-14 17:49 172,456 a------- c:\program files\tpsetup.exe
2009-02-08 17:29 3,723,256 a------- c:\program files\channel4_on_demand.exe
============= FINISH: 11:52:21.87 ===============
ATTACH:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/07/2008 06:40:00
System Uptime: 18/07/2009 10:59:59 (1 hours ago)
Motherboard: ASUSTeK Computer Inc. | | F5R
Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz | Socket 478 | 1862/133mhz
==== Disk Partitions =========================
C: is FIXED (FAT32) - 112 GiB total, 46.5 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP190: 18/04/2009 15:26:42 - System Checkpoint
RP191: 18/04/2009 19:14:41 - Software Distribution Service 3.0
RP192: 19/04/2009 21:35:48 - System Checkpoint
RP193: 20/04/2009 22:00:33 - System Checkpoint
RP194: 22/04/2009 17:30:44 - System Checkpoint
RP195: 22/04/2009 22:29:45 - Software Distribution Service 3.0
RP196: 26/04/2009 17:19:26 - System Checkpoint
RP197: 28/04/2009 16:47:40 - System Checkpoint
RP198: 29/04/2009 14:15:21 - Removed Windows Live Sign-in Assistant
RP199: 29/04/2009 14:15:32 - Removed Windows Live Upload Tool
RP200: 29/04/2009 14:15:58 - Installed Windows Live installer
RP201: 29/04/2009 14:18:16 - Installed MSN Messenger 7.0
RP202: 29/04/2009 23:40:47 - Software Distribution Service 3.0
RP203: 01/05/2009 15:03:06 - System Checkpoint
RP204: 02/05/2009 16:07:44 - System Checkpoint
RP205: 03/05/2009 16:18:55 - System Checkpoint
RP206: 05/05/2009 22:02:21 - System Checkpoint
RP207: 05/05/2009 23:24:25 - SPTD setup V1.58
RP208: 06/05/2009 20:00:15 - Installed Adobe Premiere Pro 2.0
RP209: 07/05/2009 20:27:37 - System Checkpoint
RP210: 10/05/2009 20:39:24 - System Checkpoint
RP211: 14/05/2009 00:28:57 - Software Distribution Service 3.0
RP212: 15/05/2009 10:14:27 - Installed Windows XP WgaNotify.
RP213: 17/05/2009 15:32:09 - System Checkpoint
RP214: 18/05/2009 15:57:13 - System Checkpoint
RP215: 19/05/2009 16:42:53 - System Checkpoint
RP216: 20/05/2009 10:14:19 - Avg8 Update
RP217: 20/05/2009 10:17:31 - Avg8 Update
RP218: 22/05/2009 16:24:12 - System Checkpoint
RP219: 25/05/2009 18:09:30 - System Checkpoint
RP220: 26/05/2009 18:14:17 - System Checkpoint
RP221: 27/05/2009 23:25:17 - System Checkpoint
RP222: 01/06/2009 12:59:32 - System Checkpoint
RP223: 02/06/2009 19:52:01 - System Checkpoint
RP224: 03/06/2009 23:25:35 - System Checkpoint
RP225: 10/06/2009 09:53:39 - System Checkpoint
RP226: 12/06/2009 13:32:33 - Avg8 Update
RP227: 12/06/2009 13:34:43 - Avg8 Update
RP228: 13/06/2009 00:49:24 - Software Distribution Service 3.0
RP229: 14/06/2009 11:51:31 - System Checkpoint
RP230: 15/06/2009 16:47:20 - System Checkpoint
RP231: 15/06/2009 23:30:33 - Software Distribution Service 3.0
RP232: 16/06/2009 16:17:50 - Installed Java(TM) 6 Update 14
RP233: 17/06/2009 16:46:25 - System Checkpoint
RP234: 19/06/2009 10:22:28 - Avg8 Update
RP235: 19/06/2009 10:24:09 - Avg8 Update
RP236: 21/06/2009 15:23:42 - System Checkpoint
RP237: 22/06/2009 17:29:00 - System Checkpoint
RP238: 23/06/2009 09:53:16 - Avg8 Update
RP239: 25/06/2009 21:11:14 - Installed Windows Internet Explorer 8.
RP240: 25/06/2009 21:12:42 - Software Distribution Service 3.0
RP241: 28/06/2009 17:48:27 - System Checkpoint
RP242: 30/06/2009 10:07:06 - System Checkpoint
RP243: 01/07/2009 11:19:57 - System Checkpoint
RP244: 04/07/2009 11:21:50 - System Checkpoint
RP245: 05/07/2009 20:31:43 - Avg8 Update
RP246: 05/07/2009 20:35:10 - Avg8 Update
RP247: 06/07/2009 21:10:32 - System Checkpoint
RP248: 09/07/2009 12:07:27 - Avg8 Update
RP249: 10/07/2009 15:32:44 - System Checkpoint
RP250: 10/07/2009 18:49:47 - Removed 4oD.
RP251: 10/07/2009 18:53:41 - Removed Adobe Premiere Pro 2.0
RP252: 13/07/2009 11:35:24 - System Checkpoint
RP253: 13/07/2009 21:16:52 - Agnitum Outpost Firewall Restore Point: install
RP254: 16/07/2009 07:45:24 - Software Distribution Service 3.0
RP255: 16/07/2009 23:41:04 - Software Distribution Service 3.0
RP256: 17/07/2009 17:40:34 - Avg8 Update
RP257: 18/07/2009 11:29:03 - Removed AVG 8.5
RP258: 18/07/2009 11:29:52 - Removed AVG 8.5
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATK Media
ATK0100 ACPI UTILITY
Attansic Giga Ethernet Utility
Attansic L2 Fast Ethernet Driver
AVG Free 8.5
Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
CC_ccProxyExt
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ccCommon
CCleaner (remove only)
ccPxyCore
Creative ZEN V Series (R2)
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
DivX Converter
DivX Player
DivX Web Player
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 14
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 5.0.0
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.11)
MS Access 97 SP2
MSN Messenger 7.0
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006
Norton Protection Center
Norton WMI Update
Outpost Firewall 2009
Picasa 3
Power4 Gear
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Skins
Sony Ericsson PC Suite
SPBBC
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SymNet
Synaptics Pointing Device Driver
TempoPerfect
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb971933)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6f
Vuze
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinFlash
WinPatrol 2009
WinRAR archiver
Wireless Console 2
==== Event Viewer Messages From Past Week ========
15/07/2009 17:19:24, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
14/07/2009 17:35:37, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0015AF3CEC91 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/07/2009 09:24:26, error: Disk [11] - The driver detected a controller error on .
12/07/2009 23:54:04, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
==== End Of File ===========================
GMER:
GMER 1.0.15.14972 -
http://www.gmer.netRootkit scan 2009-07-18 11:55:29
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 850F9248 ZwAlertResumeThread
SSDT 850F9308 ZwAlertThread
SSDT 8516CB40 ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xEC2EEA60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xEC2D3BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xEC2F0920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xEC2CFF60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xEC2DB090]
SSDT 851B6138 ZwCreateMutant
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xEC2E72B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xEC2E7BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xEC2CED10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xEC2DAE40]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xEC2E5D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xEC2F3F30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xEC2D9B20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xEC2DC900]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xEC2E33A0]
SSDT spfj.sys ZwEnumerateKey [0xF7379CA4]
SSDT spfj.sys ZwEnumerateValueKey [0xF737A032]
SSDT 852ABAC0 ZwFreeVirtualMemory
SSDT 8508E140 ZwImpersonateAnonymousToken
SSDT 8508E178 ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xEC2E4BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xEC2DA6B0]
SSDT 852CE008 ZwMapViewOfSection
SSDT 851B60B8 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xEC2D2C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xEC2DBFC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xEC2E9CA0]
SSDT 852470A8 ZwOpenProcessToken
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xEC2CF580]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xEC2E9060]
SSDT 85064AE8 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xEC2EFDA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xEC2D48A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xEC2DE750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xEC2DEFA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xEC2EDED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xEC2E2590]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xEC2E0500]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xEC2F2A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xEC2F2D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xEC2E1D20]
SSDT 854C6078 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xEC2E0C80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xEC2E14D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xEC2F1480]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xEC2ED440]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xEC2F4520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xEC2D5BF0]
SSDT 85270F38 ZwSetInformationProcess
SSDT 85407300 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xEC2E41C0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xEC2DF820]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xEC2EC190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xEC2ECAC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xEC2F3770]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xEC2EA790]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xEC2EB620]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xEC2E5530]
SSDT 85018850 ZwUnmapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xEC2EF2B0]
INT 0x62 ? 85568BF8
INT 0x63 ? 8535BBF8
INT 0x73 ? 8535BBF8
INT 0x73 ? 8535BBF8
INT 0x83 ? 85568BF8
INT 0xA4 ? 8535BBF8
INT 0xB4 ? 8535BBF8
INT 0xB4 ? 8535BBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C10 805044AC 4 Bytes JMP 189CEC2E
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE0 8050477C 5 Bytes [50, 2A, 2F, EC, 70]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE6 80504782 2 Bytes [2F, EC] {DAS ; IN AL, DX }
.text ntkrnlpa.exe!ZwCallbackReturn + 2EFC 80504798 12 Bytes [78, 60, 4C, 85, 80, 0C, 2E, ...] {JS 0x62; DEC ESP; TEST [EAX-0x2f13d1f4], EAX; ADC AL, 0x2e; IN AL, DX }
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [90, C1, 2E, EC, C0, CA, 2E, ...] {NOP ; SHR DWORD [ESI], 0xec; ROR DL, 0x2e; IN AL, DX ; JO 0x41; DAS ; IN AL, DX }
? spfj.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F4EE18AC 5 Bytes JMP 8535B1D8
.text azhajsd6.SYS F4D80386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azhajsd6.SYS F4D803AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azhajsd6.SYS F4D803C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text azhajsd6.SYS F4D803C9 1 Byte [30]
.text azhajsd6.SYS F4D803C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F735C042] spfj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F735C13E] spfj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F735C0C0] spfj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F735C800] spfj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F735C6D6] spfj.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F736BE9C] spfj.sys
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\azhajsd6.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F4D19906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F4D19906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F4D19906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F4D19906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4D19906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4D19906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F4D19906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \FatCdrom 855671F8
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\sptd \Device\2279456588 spfj.sys
Device \Driver\usbohci \Device\USBPDO-0 853591F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 855D81F8
Device \Driver\dmio \Device\DmControl\DmConfig 855D81F8
Device \Driver\dmio \Device\DmControl\DmPnP 855D81F8
Device \Driver\dmio \Device\DmControl\DmInfo 855D81F8
Device \Driver\usbohci \Device\USBPDO-1 853591F8
Device \Driver\usbohci \Device\USBPDO-2 853591F8
Device \Driver\usbohci \Device\USBPDO-3 853591F8
Device \Driver\usbehci \Device\USBPDO-4 853111F8
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbohci \Device\USBPDO-5 853591F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 855691F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1E1B2390-E257-405F-951E-098AC6577AF8} 8521A248
Device \Driver\Cdrom \Device\CdRom0 852FD1F8
Device \Driver\PCI_PNP1588 \Device\00000059 spfj.sys
Device \Driver\Cdrom \Device\CdRom1 852FD1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8521A248
Device \Driver\NetBT \Device\NetBT_Tcpip_{E3CFA28E-1927-428B-8DC8-138087EBB55D} 8521A248
Device \Driver\NetBT \Device\NetbiosSmb 8521A248
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbohci \Device\USBFDO-0 853591F8
Device \Driver\usbohci \Device\USBFDO-1 853591F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 852AF500
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\usbohci \Device\USBFDO-2 853591F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 852AF500
Device \Driver\usbohci \Device\USBFDO-3 853591F8
Device \Driver\usbohci \Device\USBFDO-4 853591F8
Device \Driver\Ftdisk \Device\FtControl 855691F8
Device \Driver\usbehci \Device\USBFDO-5 853111F8
Device \Driver\azhajsd6 \Device\Scsi\azhajsd61Port4Path0Target0Lun0 850071F8
Device \Driver\azhajsd6 \Device\Scsi\azhajsd61 850071F8
Device \FileSystem\Fastfat \Fat 855671F8
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8502D500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x71 0x83 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x10 0x37 0xD4 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x53 0xE0 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0x84 0x66 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x71 0x83 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x10 0x37 0xD4 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x53 0xE0 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0x84 0x66 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x14 0x2C 0xDF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0xD2 0xD0 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0xC0 0x7D 0x75 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
Thanks! I really appreciate this.