Malwarebytes program error updating 12016 Pansexualdating sites

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device malwarebytes program error updating 12016-56 000046 Device \Driver\PCI_PNP9196 \Device

- C:\PROGRA~1\AVG\AVG8\O23 - Service: Bonjour Service - Apple Inc. prd=ie&ar=iesearch m Default_Page_URL = hxxp://go.microsoft.com/fwlink/? Link Id=69157 m Default_Search_URL = hxxp://go.microsoft.com/fwlink/? Link Id=54896 m Search Page = hxxp://go.microsoft.com/fwlink/?The Malwarebytes log: Malwarebytes' Anti-Malware 1.33 Database version: 1739 Windows 5.1.2600 Service Pack 2 09/02/2009 mbam-log-2009-02-09 (13-58-14)Scan type: Quick Scan Objects scanned: 47352 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\ (Trojan. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .84 on 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1460 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\-k HTTPFilter C:\WINDOWS\system32\C:\WINDOWS\Explorer. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\moved successfully. Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, February 9, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, February 09, 2009 Records in database: 1774405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 59925 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: File name / Threat name / Threats count C:\_OTMove It\Moved Files092009_142349\windows\system32\vir Infected: Trojan. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\WINDOWS\system32\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Java\jre6\bin\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Click Start DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .56 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1295 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: - No File BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr. User's Temporary Internet Files folder emptied. Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = SYS B9F2D386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... SYS B9F2D3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... EXE C:\WINDOWS\system32\C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2BHO: JQSIEStart Detector Impl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr.Link Id=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = R1 - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = *.local O2 - BHO: Worm IESite Blocker. WRITE_PORT_BUFFER_USHORT] 021C8B89 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg65[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Control Set003\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\Control Set003\Services\sptd\[email protected] 0x DD 0x DE 0x BD 0x87 ...Nav Filter - - C:\Program Files\AVG\AVG8\O2 - BHO: Spybot-S&D IE Protection - - C:\Program Files\Spybot - Search & Destroy\O2 - BHO: (no name) - - (no file) O2 - BHO: Windows Live Sign-in Helper - - C:\Program Files\Common Files\Microsoft Shared\Windows Live\Windows Live O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\Sound MAX\O4 - HKLM\..\Run: [Set Refresh] C:\Program Files\Compaq\Set Refresh\Set O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\O4 - HKLM\..\Run: [Nv Cpl Daemon] RUNDLL32. EXE (User ' Default user') O4 - Global Startup: Ralink Wireless = C:\Program Files\RALINK\Common\Ra O9 - Extra button: (no name) - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra ' Tools' menuitem: Sun Java Console - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra button: (no name) - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra ' Tools' menuitem: Spybot - Search && Destroy Configuration - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra button: (no name) - - C:\WINDOWS\Network Diagnostic\O9 - Extra ' Tools' menuitem: @xpsp3res.dll,-20001 - - C:\WINDOWS\Network Diagnostic\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra ' Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O16 - DPF: (System Requirements Lab) - - DPF: (WUWeb Control Class) - READ_PORT_USHORT] 2E4EB70F IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device malwarebytes program error updating 12016-25malwarebytes program error updating 12016-30 000046 Device \Driver\PCI_PNP9196 \Device

- C:\PROGRA~1\AVG\AVG8\O23 - Service: Bonjour Service - Apple Inc. prd=ie&ar=iesearch m Default_Page_URL = hxxp://go.microsoft.com/fwlink/? Link Id=69157 m Default_Search_URL = hxxp://go.microsoft.com/fwlink/? Link Id=54896 m Search Page = hxxp://go.microsoft.com/fwlink/?

The Malwarebytes log: Malwarebytes' Anti-Malware 1.33 Database version: 1739 Windows 5.1.2600 Service Pack 2 09/02/2009 mbam-log-2009-02-09 (13-58-14)Scan type: Quick Scan Objects scanned: 47352 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\ (Trojan. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .84 on 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1460 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\-k HTTPFilter C:\WINDOWS\system32\C:\WINDOWS\Explorer. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\moved successfully. Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, February 9, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, February 09, 2009 Records in database: 1774405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 59925 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: File name / Threat name / Threats count C:\_OTMove It\Moved Files092009_142349\windows\system32\vir Infected: Trojan. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\WINDOWS\system32\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Java\jre6\bin\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Click Start DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .56 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1295 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: - No File BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr. User's Temporary Internet Files folder emptied. Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = SYS B9F2D386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... SYS B9F2D3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... EXE C:\WINDOWS\system32\C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2BHO: JQSIEStart Detector Impl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr.

Link Id=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = R1 - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = *.local O2 - BHO: Worm IESite Blocker. WRITE_PORT_BUFFER_USHORT] 021C8B89 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Control Set003\Services\sptd\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Control Set003\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\Control Set003\Services\sptd\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Nav Filter - - C:\Program Files\AVG\AVG8\O2 - BHO: Spybot-S&D IE Protection - - C:\Program Files\Spybot - Search & Destroy\O2 - BHO: (no name) - - (no file) O2 - BHO: Windows Live Sign-in Helper - - C:\Program Files\Common Files\Microsoft Shared\Windows Live\Windows Live O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\Sound MAX\O4 - HKLM\..\Run: [Set Refresh] C:\Program Files\Compaq\Set Refresh\Set O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\O4 - HKLM\..\Run: [Nv Cpl Daemon] RUNDLL32. EXE (User ' Default user') O4 - Global Startup: Ralink Wireless = C:\Program Files\RALINK\Common\Ra O9 - Extra button: (no name) - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra ' Tools' menuitem: Sun Java Console - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra button: (no name) - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra ' Tools' menuitem: Spybot - Search && Destroy Configuration - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra button: (no name) - - C:\WINDOWS\Network Diagnostic\O9 - Extra ' Tools' menuitem: @xpsp3res.dll,-20001 - - C:\WINDOWS\Network Diagnostic\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra ' Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O16 - DPF: (System Requirements Lab) - - DPF: (WUWeb Control Class) - READ_PORT_USHORT] 2E4EB70F IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

||

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

]]000001 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

||

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

]][email protected] 0x20 0x01 0x00 0x00 ...

I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.

000046 Device \Driver\sptd \Device62285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

||

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

]]000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

||

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

]][email protected] 0x20 0x01 0x00 0x00 ...

000046 Device \Driver\PCI_PNP9196 \Device[[

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

||

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

]]000046 Device \Driver\sptd \Device62285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0x DD 0x DE 0x BD 0x87 ...

000001 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

||

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

]][email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.

000046 Device \Driver\sptd \Device62285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0x DD 0x DE 0x BD 0x87 ...

[[ malwarebytes program error updating 12016-25malwarebytes program error updating 12016-30 || malwarebytes program error updating 12016-56 ]]

Wdf 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft Wdf_Kernel_01001_Coinstaller_Critical. EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Wdf 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft Wdf_Kernel_01001_Coinstaller_Critical.

Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system32\2008-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system32\2008-11-21 200,704 a------- c:\windows\system32\2008-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~1\2008-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .12 =============== Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. In this case, after the reboot, open Notepad (Start-Open, in the File Name box enter *and press the Enter key, navigate to the C:\_OTMove It\Moved Files folder, and open the newest file present, and copy/paste the contents of that document back here in your next post. EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Sun Java Update Sched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system32\2008-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system32\2008-11-21 200,704 a------- c:\windows\system32\2008-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~1\2008-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .14 =============== No redirects in safe mode DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .09 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1361 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.

EXE c:\windows\system32\Nv Mc Tray.dll, Nv Taskbar Init m Run: [PWRISOVM. EXE m Run: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide d Run: [CTFMON. EXE Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1- c:\program files\ralink\common\Ra IE: - %windir%\Network Diagnostic\IE: - c:\program files\messenger\IE: - IE: - - c:\progra~1\spybot~1\DPF: - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/Legit Check DPF: - hxxp:// - hxxp:// C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCF74scheduled to be deleted on reboot. Link Id=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = R1 - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = *.local O2 - BHO: Worm IESite Blocker. EXE c:\windows\system32\Nv Mc Tray.dll, Nv Taskbar Init m Run: [PWRISOVM. EXE m Run: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide m Run: [Sun Java Update Sched] "c:\program files\java\jre6\bin\jusched.exe" d Run: [CTFMON. EXE Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1- c:\program files\ralink\common\Ra IE: - %windir%\Network Diagnostic\IE: - c:\program files\messenger\IE: - - c:\progra~1\spybot~1\DPF: - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/Legit Check DPF: - hxxp:// - hxxp://

1201162107984 DPF: - hxxp://com/products/plugin/autodl/jinstall-142-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/products/plugin/autodl/jinstall-142-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-08 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001. c:\windows\system32\drivers\vir moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\\\ deleted successfully. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D scheduled to be deleted on reboot. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCF4scheduled to be deleted on reboot. Nav Filter - - C:\Program Files\AVG\AVG8\O2 - BHO: Spybot-S&D IE Protection - - C:\PROGRA~1\SPYBOT~1\O2 - BHO: Windows Live Sign-in Helper - - C:\Program Files\Common Files\Microsoft Shared\Windows Live\Windows Live O2 - BHO: Java™ Plug-In 2 SSV Helper - - C:\Program Files\Java\jre6\bin\jp2O2 - BHO: JQSIEStart Detector Impl - - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\Sound MAX\O4 - HKLM\..\Run: [Set Refresh] C:\Program Files\Compaq\Set Refresh\Set O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\O4 - HKLM\..\Run: [Nv Cpl Daemon] RUNDLL32. EXE (User ' Default user') O4 - Global Startup: Ralink Wireless = C:\Program Files\RALINK\Common\Ra O9 - Extra button: (no name) - - C:\PROGRA~1\SPYBOT~1\O9 - Extra ' Tools' menuitem: Spybot - Search & Destroy Configuration - - C:\PROGRA~1\SPYBOT~1\O9 - Extra button: (no name) - - C:\WINDOWS\Network Diagnostic\O9 - Extra ' Tools' menuitem: @xpsp3res.dll,-20001 - - C:\WINDOWS\Network Diagnostic\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra ' Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O16 - DPF: (System Requirements Lab) - - DPF: (WUWeb Control Class) - 89B47BF8 ---- Kernel code sections - GMER 1.0.14 ---- ? 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

========== FILES ========== c:\temp\s TMP3 moved successfully. Exe" /background O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\/A O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\Game Spy\Comrade\O4 - HKCU\..\Run: [Bit Torrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON. - C:\PROGRA~1\AVG\AVG8\O23 - Service: AVG Free8 Watch Dog (avg8wd) - AVG Technologies CZ, s.r.o. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\Program Files\Java\jre6\bin\C:\Program Files\Windows Live\Messenger\C:\Program Files\i Tunes\i C:\WINDOWS\system32\C:\Program Files\Mozilla Firefox\C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Local Page = c:\windows\system32\u Start Page = hxxp:// u Search Page = hxxp://

[[

- C:\PROGRA~1\AVG\AVG8\O23 - Service: Bonjour Service - Apple Inc. prd=ie&ar=iesearch m Default_Page_URL = hxxp://go.microsoft.com/fwlink/? Link Id=69157 m Default_Search_URL = hxxp://go.microsoft.com/fwlink/? Link Id=54896 m Search Page = hxxp://go.microsoft.com/fwlink/?The Malwarebytes log: Malwarebytes' Anti-Malware 1.33 Database version: 1739 Windows 5.1.2600 Service Pack 2 09/02/2009 mbam-log-2009-02-09 (13-58-14)Scan type: Quick Scan Objects scanned: 47352 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\ (Trojan. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .84 on 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1460 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\-k HTTPFilter C:\WINDOWS\system32\C:\WINDOWS\Explorer. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\moved successfully. Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, February 9, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, February 09, 2009 Records in database: 1774405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 59925 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: File name / Threat name / Threats count C:\_OTMove It\Moved Files\02092009_142349\windows\system32\vir Infected: Trojan. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\WINDOWS\system32\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Java\jre6\bin\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Click Start DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .56 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1295 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: - No File BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr. User's Temporary Internet Files folder emptied. Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = SYS B9F2D386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... SYS B9F2D3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... EXE C:\WINDOWS\system32\C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2BHO: JQSIEStart Detector Impl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr.Link Id=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = R1 - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = *.local O2 - BHO: Worm IESite Blocker. WRITE_PORT_BUFFER_USHORT] 021C8B89 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Nav Filter - - C:\Program Files\AVG\AVG8\O2 - BHO: Spybot-S&D IE Protection - - C:\Program Files\Spybot - Search & Destroy\O2 - BHO: (no name) - - (no file) O2 - BHO: Windows Live Sign-in Helper - - C:\Program Files\Common Files\Microsoft Shared\Windows Live\Windows Live O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\Sound MAX\O4 - HKLM\..\Run: [Set Refresh] C:\Program Files\Compaq\Set Refresh\Set O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\O4 - HKLM\..\Run: [Nv Cpl Daemon] RUNDLL32. EXE (User ' Default user') O4 - Global Startup: Ralink Wireless = C:\Program Files\RALINK\Common\Ra O9 - Extra button: (no name) - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra ' Tools' menuitem: Sun Java Console - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra button: (no name) - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra ' Tools' menuitem: Spybot - Search && Destroy Configuration - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra button: (no name) - - C:\WINDOWS\Network Diagnostic\O9 - Extra ' Tools' menuitem: @xpsp3res.dll,-20001 - - C:\WINDOWS\Network Diagnostic\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra ' Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O16 - DPF: (System Requirements Lab) - - DPF: (WUWeb Control Class) - READ_PORT_USHORT] 2E4EB70F IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.

||

- C:\PROGRA~1\AVG\AVG8\O23 - Service: Bonjour Service - Apple Inc. prd=ie&ar=iesearch m Default_Page_URL = hxxp://go.microsoft.com/fwlink/? Link Id=69157 m Default_Search_URL = hxxp://go.microsoft.com/fwlink/? Link Id=54896 m Search Page = hxxp://go.microsoft.com/fwlink/?

The Malwarebytes log: Malwarebytes' Anti-Malware 1.33 Database version: 1739 Windows 5.1.2600 Service Pack 2 09/02/2009 mbam-log-2009-02-09 (13-58-14)Scan type: Quick Scan Objects scanned: 47352 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\ (Trojan. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .84 on 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1460 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\-k HTTPFilter C:\WINDOWS\system32\C:\WINDOWS\Explorer. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\moved successfully. Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, February 9, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, February 09, 2009 Records in database: 1774405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 59925 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: File name / Threat name / Threats count C:\_OTMove It\Moved Files\02092009_142349\windows\system32\vir Infected: Trojan. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\WINDOWS\system32\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Java\jre6\bin\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Click Start DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .56 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1295 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: - No File BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr. User's Temporary Internet Files folder emptied. Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = SYS B9F2D386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... SYS B9F2D3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... EXE C:\WINDOWS\system32\C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2BHO: JQSIEStart Detector Impl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr.

Link Id=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = R1 - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = *.local O2 - BHO: Worm IESite Blocker. WRITE_PORT_BUFFER_USHORT] 021C8B89 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

Nav Filter - - C:\Program Files\AVG\AVG8\O2 - BHO: Spybot-S&D IE Protection - - C:\Program Files\Spybot - Search & Destroy\O2 - BHO: (no name) - - (no file) O2 - BHO: Windows Live Sign-in Helper - - C:\Program Files\Common Files\Microsoft Shared\Windows Live\Windows Live O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\Sound MAX\O4 - HKLM\..\Run: [Set Refresh] C:\Program Files\Compaq\Set Refresh\Set O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\O4 - HKLM\..\Run: [Nv Cpl Daemon] RUNDLL32. EXE (User ' Default user') O4 - Global Startup: Ralink Wireless = C:\Program Files\RALINK\Common\Ra O9 - Extra button: (no name) - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra ' Tools' menuitem: Sun Java Console - - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03O9 - Extra button: (no name) - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra ' Tools' menuitem: Spybot - Search && Destroy Configuration - - C:\Program Files\Spybot - Search & Destroy\O9 - Extra button: (no name) - - C:\WINDOWS\Network Diagnostic\O9 - Extra ' Tools' menuitem: @xpsp3res.dll,-20001 - - C:\WINDOWS\Network Diagnostic\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra ' Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O16 - DPF: (System Requirements Lab) - - DPF: (WUWeb Control Class) - READ_PORT_USHORT] 2E4EB70F IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.

||

- C:\PROGRA~1\AVG\AVG8\O23 - Service: Bonjour Service - Apple Inc. prd=ie&ar=iesearch m Default_Page_URL = hxxp://go.microsoft.com/fwlink/? Link Id=69157 m Default_Search_URL = hxxp://go.microsoft.com/fwlink/? Link Id=54896 m Search Page = hxxp://go.microsoft.com/fwlink/?

The Malwarebytes log: Malwarebytes' Anti-Malware 1.33 Database version: 1739 Windows 5.1.2600 Service Pack 2 09/02/2009 mbam-log-2009-02-09 (13-58-14)Scan type: Quick Scan Objects scanned: 47352 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\ (Trojan. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .84 on 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1460 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\-k HTTPFilter C:\WINDOWS\system32\C:\WINDOWS\Explorer. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\moved successfully. Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, February 9, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, February 09, 2009 Records in database: 1774405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 59925 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: File name / Threat name / Threats count C:\_OTMove It\Moved Files\02092009_142349\windows\system32\vir Infected: Trojan. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\WINDOWS\system32\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Java\jre6\bin\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Click Start DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .56 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1295 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: - No File BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr. User's Temporary Internet Files folder emptied. Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = SYS B9F2D386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... SYS B9F2D3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... EXE C:\WINDOWS\system32\C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2BHO: JQSIEStart Detector Impl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr.

Link Id=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = R1 - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = *.local O2 - BHO: Worm IESite Blocker. WRITE_PORT_BUFFER_USHORT] 021C8B89 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

]] Tags: , ,