XXX Chats

Secret sex chat rooms with local women

Malwarebytes program error updating 12016

Exe" /background O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\/A O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\Game Spy\Comrade\O4 - HKCU\..\Run: [Bit Torrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Spybot SD Tea Timer] C:\Program Files\Spybot - Search & Destroy\Tea O4 - HKUS\S-1-5-18\..\Run: [CTFMON. - C:\PROGRA~1\AVG\AVG8\O23 - Service: AVG Free8 Watch Dog (avg8wd) - AVG Technologies CZ, s.r.o. Ke Query System Time] 75000E7B IAT \System Root\System32\Drivers\az1ovc67. Io WMIRegistration Control] 0B7D80E3 IAT \System Root\System32\Drivers\az1ovc67. Ke Tick Count] 307B8D00 IAT \System Root\System32\Drivers\az1ovc67. Io Attach Device To Device Stack] 00AA840F IAT \System Root\System32\Drivers\az1ovc67. Io Delete Device] 83660000 IAT \System Root\System32\Drivers\az1ovc67. Ex Allocate Pool With Tag] 6A000E7A IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Work Item] C6647400 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Irp] 001CBB86 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Mdl] 4F8B0200 IAT \System Root\System32\Drivers\az1ovc67. Mm Build Mdl For Non Paged Pool] 968D5140 IAT \System Root\System32\Drivers\az1ovc67. Mm Lock Pagable Data Section] 00001C90 IAT \System Root\System32\Drivers\az1ovc67. Io Get Driver Object Extension] 2266E852 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pagable Image Section] 478B0000 IAT \System Root\System32\Drivers\az1ovc67. Ex Free Pool With Tag] 50016A40 IAT \System Root\System32\Drivers\az1ovc67. Io Free Irp] 1CAC8E8D IAT \System Root\System32\Drivers\az1ovc67. Io Free Work Item] E8510000 IAT \System Root\System32\Drivers\az1ovc67. Init Safe Boot Mode] 00002254 IAT \System Root\System32\Drivers\az1ovc67. Rtl Compare Memory] 6A18538B IAT \System Root\System32\Drivers\az1ovc67. Rtl Copy Unicode String] 868D5200 IAT \System Root\System32\Drivers\az1ovc67. memmove] 00001C98 IAT \System Root\System32\Drivers\az1ovc67. ---- EOF - GMER 1.0.14 ---- DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .15 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1187 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.- C:\PROGRA~1\AVG\AVG8\O23 - Service: Bonjour Service - Apple Inc. _strupr] 8366FA72 IAT \System Root\System32\Drivers\az1ovc67. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\-k HTTPFilter C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\Program Files\Java\jre6\bin\C:\WINDOWS\system32\C:\Program Files\Mozilla Firefox\C:\Program Files\Java\jre6\bin\C:\Documents and Settings\Administrator\Desktop\============== Pseudo HJT Report =============== u Start Page = hxxp:// u Internet Settings, Proxy Override = *.local BHO: AVG Safe Search: - c:\program files\avg\avg8\BHO: Spybot-S&D IE Protection: - c:\progra~1\spybot~1\BHO: Windows Live Sign-in Helper: - c:\program files\common files\microsoft shared\windows live\Windows Live BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2BHO: JQSIEStart Detector Impl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_u Run: [ctfmon.exe] c:\windows\system32\u Run: [Msn Msgr] "c:\program files\windows live\messenger\Msn Msgr.

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows09-02-09 73,728 a------- c:\windows\system3209-02-09 410,984 a------- c:\windows\system3209-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers09-02-08 38,496 a------- c:\windows\system32\drivers09-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system3209-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]][email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]]000001[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]]Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]]000001[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]][email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]]000046 Device \Driver\PCI_PNP9196 \Device[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]]000046 Device \Driver\sptd \Device62285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]]000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg659239224E364682FA4BAF72C53EA4[[

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.

EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...

EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...

Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.

(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.

||

Hi, and Welcome to What The Tech My name is jpshortstuff. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pr Sdd Khu Lm2EWm ZIdua D not found! C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ moved successfully. Ob Reference Object By Handle] 8D52016A IAT \System Root\System32\Drivers\az1ovc67. Zw Create Directory Object] 001CA486 IAT \System Root\System32\Drivers\az1ovc67. Io Build Synchronous Fsd Request] 41E85000 IAT \System Root\System32\Drivers\az1ovc67. Po Start Next Power Irp] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Po Call Driver] 18C4830E IAT \System Root\System32\Drivers\az1ovc67. Io Create Device] 1C8D9E88 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Driver Object Extension] 9E880000 IAT \System Root\System32\Drivers\az1ovc67. Rtl Query Registry Values] 00001CA9 IAT \System Root\System32\Drivers\az1ovc67. Zw Open Key] 0E798366 IAT \System Root\System32\Drivers\az1ovc67. Rtl Free Unicode String] 74AAB000 IAT \System Root\System32\Drivers\az1ovc67. Io Start Timer] 8186C636 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Timer] 1A00001C IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Timer] 1C8386C6 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Dpc] C6020000 IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Spin Lock] 001C8E86 IAT \System Root\System32\Drivers\az1ovc67. Io Initialize Irp] 86C60200 IAT \System Root\System32\Drivers\az1ovc67. Zw Create Key] 00001CAA IAT \System Root\System32\Drivers\az1ovc67. Rtl Append Unicode String To String] 959E8802 IAT \System Root\System32\Drivers\az1ovc67. Rtl Integer To Unicode String] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Zw Set Value Key] 001CB19E IAT \System Root\System32\Drivers\az1ovc67. Ke Insert Queue Dpc] 96868800 IAT \System Root\System32\Drivers\az1ovc67. Kef Acquire Spin Lock At Dpc Level] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Packet] 001CB286 IAT \System Root\System32\Drivers\az1ovc67. Kef Release Spin Lock From Dpc Level] C61AEB00 IAT \System Root\System32\Drivers\az1ovc67. Io Build Asynchronous Fsd Request] 001C8186 IAT \System Root\System32\Drivers\az1ovc67. Io Free Mdl] 86C61200 IAT \System Root\System32\Drivers\az1ovc67. Mm Unlock Pages] 00001C83 IAT \System Root\System32\Drivers\az1ovc67. Io Write Error Log Entry] 8E868801 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove By Key Device Queue] 8800001C IAT \System Root\System32\Drivers\az1ovc67. Mm Map Locked Pages With Reserved Mapping] 001CAA86 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Reserved Mapping] 80968B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Synchronize Execution] 8900001C IAT \System Root\System32\Drivers\az1ovc67. Io Start Next Packet] 001C9C96 IAT \System Root\System32\Drivers\az1ovc67. Ke Bug Check Ex] C6168B00 IAT \System Root\System32\Drivers\az1ovc67. Ke Remove Device Queue] 001CB986 IAT \System Root\System32\Drivers\az1ovc67. Ke Set Timer] 428A0A00 IAT \System Root\System32\Drivers\az1ovc67. Ke Cancel Timer] BA86880C IAT \System Root\System32\Drivers\az1ovc67. _allmul] 8B00001C IAT \System Root\System32\Drivers\az1ovc67. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Handler: linkscanner - - c:\program files\avg\avg8\Notify: igfxcui - App Init_DLLs: SSODL: WPDSh Service Obj - - c:\windows\system32\WPDSh Service SEH: Microsoft Anti Malware Shell Execute Hook: - c:\progra~1\wifd1f~1\Mp Sh ================= FIREFOX =================== FF - Profile Path - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n7xx419v.default\ ============= SERVICES / DRIVERS =============== R1 Avg Ldx86; AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86[2008-8-17 96520] R1 Avg Mfx86; AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86[2008-8-17 26824] R2 avg8emc; AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\[2008-8-17 873752] R2 avg8wd; AVG Free8 Watch Dog;c:\progra~1\avg\avg8\[2008-8-17 231192] R2 Avg Tdi X; AVG Free8 Network Redirector;c:\windows\system32\drivers\[2008-8-17 76040] R2 NVIDIA Performance Driver Service; NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nv [2008-12-11 3575808] R2 Win Defend; Windows Defender;c:\program files\windows defender\Ms Mp [2006-11-3 13592] =============== Created Last 30 ================ 2009-02-09 250 a------- c:\windows\2009-02-09 73,728 a------- c:\windows\system32\2009-02-09 410,984 a------- c:\windows\system32\2009-02-09 -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-02-08 15,504 a------- c:\windows\system32\drivers\2009-02-08 38,496 a------- c:\windows\system32\drivers\2009-02-08 --d----- c:\program files\DNA 2009-01-11 1,456 a------- c:\windows\system32\ealregsnapshot1==================== Find3M ==================== 2009-01-25 98,304 a------- c:\windows\system32\Cmd Line 2009-01-25 138,464 a------- c:\windows\system32\drivers\Pnk Bstr 2009-01-25 111,928 a------- c:\windows\system32\Pnk Bstr 2009-01-14 22,328 ac------ c:\docume~1\admini~1\applic~1\Pnk Bstr 2009-01-14 682,280 a------- c:\windows\system32\2009-01-14 66,872 a------- c:\windows\system32\Pnk Bstr 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.EXE C:\WINDOWS\system32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /install O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Apple Sync Notifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Sync O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe" O4 - HKLM\..\Run: [Xbox Stat] "C:\Program Files\Microsoft Xbox 360 Accessories\Xbox Stat.exe" silentrun O4 - HKLM\..\Run: [Nv Media Center] RUNDLL32. 1201162107984 O17 - HKLM\System\CCS\Services\Tcpip\..\: Name Server = 192.168.0.1 O18 - Protocol: linkscanner - - C:\Program Files\AVG\AVG8\O20 - App Init_DLLs: O23 - Service: Apple Mobile Device - Apple Inc. Ke Get Current Irql] 000001C0 IAT \System Root\System32\Drivers\az1ovc67. Kf Raise Irql] 2C4EB70F IAT \System Root\System32\Drivers\az1ovc67. Kf Lower Irql] 8303C183 IAT \System Root\System32\Drivers\az1ovc67. Hal Get Interrupt Vector] D103FCE1 IAT \System Root\System32\Drivers\az1ovc67. Hal Translate Bus Address] 2E7E8366 IAT \System Root\System32\Drivers\az1ovc67. Ke Stall Execution Processor] 8D1C7400 IAT \System Root\System32\Drivers\az1ovc67. Kf Release Spin Lock] 83893204 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_BUFFER_USHORT] 00000218 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x F6 0x9B 0x08 0x BE ...EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Mm Highest User Address] 2242E850 IAT \System Root\System32\Drivers\az1ovc67. Kf Acquire Spin Lock] 8A000002 IAT \System Root\System32\Drivers\az1ovc67. READ_PORT_UCHAR] 83880846 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\Control Set003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x EE 0x03 0x B7 0x FE ...Under Main choose: Select All Click the Empty Selected button. C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content. Local Service Temporary Internet Files folder emptied. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ moved successfully. Dbg Break Point] 89B472D8 IAT \System Root\system32\DRIVERS\i8042prt.sys[HAL.dll! Rtl Init Unicode String] 0975013E IAT \System Root\System32\Drivers\az1ovc67. swprintf] 1B42E853 IAT \System Root\System32\Drivers\az1ovc67. Run and then copy/paste the following into the Run Box: "C:\Documents and Settings\Administrator\Desktop\dds.scr" /ihatewhitelists Post the resulting log.(If you use Fire Fox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite moved successfully. Hijack This: Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer. SYS B9F2D3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT. Dbg Break Point] 89BBF2D8 IAT pci.sys[ntoskrnl.exe! Io Detach Device] [F7508C4C] IAT pci.sys[ntoskrnl.exe! Io Attach Device To Device Stack] [F7508CA0] IAT atapi.sys[HAL.dll! READ_PORT_BUFFER_USHORT] [F74D813C] IAT atapi.sys[HAL.dll! READ_PORT_USHORT] [F74D80BE] IAT atapi.sys[HAL.dll! WRITE_PORT_BUFFER_USHORT] [F74D87FC] IAT atapi.sys[HAL.dll! WRITE_PORT_UCHAR] [F74D86D2] IAT \System Root\system32\DRIVERS\USBPORT. READ_PORT_UCHAR] [F74E8048] IAT \System Root\System32\Drivers\az1ovc67. Close all Firefox windows and wait for a few seconds.EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...Link Id=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = Wmi System Control] 03D00304 IAT \System Root\System32\Drivers\az1ovc67. Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

]][email protected] 0x20 0x01 0x00 0x00 ...I had a trojan the other day I removed it using Avg and run a scan with Spybot and also removed it with that.When I use google search for example say if I wanted to get onto Wikipedia i would click the first link google gives me but the search sometimes diverts me to a different website, usually search engines such as Britanniasearch, is there anyway you could help me fix this heres my log Logfile of Trend Micro Hijack This v2.0.2 Scan saved at , on 09/02/2009 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\Explorer.Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9scheduled to be deleted on reboot. Link Id=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08scheduled to be deleted on reboot. Link Id=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

Comments Malwarebytes program error updating 12016