Okay, After the virus scans i lost access to the internet if that tells you anything but here are the logs....
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4291
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
7/19/2010 4:31:57 AM
mbam-log-2010-07-19 (04-31-57).txt
Scan type: Full scan (C:\|)
Objects scanned: 70275
Time elapsed: 1 hour(s), 12 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-07-19 12:24:43
Windows 5.1.2600 Service Pack 3
Running: 60rf26q2.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwqyyfob.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xB9F9E0D0]
SSDT sptd.sys ZwEnumerateKey [0xB9FA3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB9FA4340]
SSDT sptd.sys ZwOpenKey [0xB9F9E0B0]
SSDT sptd.sys ZwQueryKey [0xB9FA4418]
SSDT sptd.sys ZwQueryValueKey [0xB9FA4298]
SSDT sptd.sys ZwSetValueKey [0xB9FA44AA]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B9DCB8AC 5 Bytes JMP 88ADE418
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [B9FB506C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [B9FB5018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [B9FD79AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [B9FB506C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9F9EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9F9EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9F9EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9F9F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9F9F61E] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 88BCE1E8
Device \FileSystem\Fastfat \FatCdrom 88922790
Device \FileSystem\Udfs \UdfsCdRom 8892E1E8
Device \FileSystem\Udfs \UdfsDisk 8892E1E8
Device \Driver\usbohci \Device\USBPDO-0 88B195D0
Device \Driver\usbehci \Device\USBPDO-1 88B1E790
Device \Driver\usbohci \Device\USBPDO-2 88B195D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 88B641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 88B641E8
Device \Driver\Cdrom \Device\CdRom0 88A8C790
Device \Driver\usbstor \Device\00000065 88A5C790
Device \Driver\Cdrom \Device\CdRom1 88A8C790
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000066 88A5C790
Device \Driver\usbstor \Device\0000006b 88A5C790
Device \Driver\usbstor \Device\0000006c 88A5C790
Device \Driver\usbohci \Device\USBFDO-0 88B195D0
Device \Driver\usbstor \Device\0000006d 88A5C790
Device \Driver\usbohci \Device\USBFDO-1 88B195D0
Device \Driver\usbstor \Device\0000006e 88A5C790
Device \Driver\usbehci \Device\USBFDO-2 88B1E790
Device \Driver\usbstor \Device\0000007c 88A5C790
Device \Driver\usbstor \Device\0000006f 88A5C790
Device \Driver\usbstor \Device\0000007d 88A5C790
Device \Driver\Ftdisk \Device\FtControl 88B641E8
Device \FileSystem\Fastfat \Fat 88922790
Device \FileSystem\Cdfs \Cdfs 881681E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x96 0x58 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x96 0x58 0x5E ...
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Owner at 12:30:20.54 on Mon 07/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1214.889 [GMT -7:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1112307167484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276894607968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
S0 bmjxlfqf;bmjxlfqf; [x]
S0 tovjlbv;tovjlbv;c:\windows\system32\drivers\xfmjqlin.sys --> c:\windows\system32\drivers\xfmjqlin.sys [?]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-18 11608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-18 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-18 267432]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-18 60936]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-28 136176]
S2 Runtime Service 3.0;Runtime Optimization Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\drivers\MAudioProducer.sys [2009-9-2 158344]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2005-3-30 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2005-3-30 251904]
=============== Created Last 30 ================
2010-07-18 22:48:07 0 d-----w- c:\docume~1\owner\applic~1\Avira
2010-07-18 22:36:07 0 d-----w- c:\windows\system32\NtmsData
2010-07-18 22:22:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-18 22:22:35 0 d-----w- c:\program files\Avira
2010-07-18 22:22:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-07-16 23:45:05 412 ----a-w- c:\windows\system32\tmp.reg
2010-07-16 07:37:52 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-07-16 04:49:56 0 d-----w- c:\program files\Support Tools
2010-07-16 04:46:44 1917 ----a-w- c:\windows\imsins.BAK
2010-07-16 04:16:20 90313 ----a-w- c:\windows\system32\drivers\NDIS.SY_
2010-07-16 03:52:52 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-10 09:58:03 0 d-----w- c:\program files\Trend Micro
2010-07-09 20:21:55 107846 ----a-w- C:\MGlogs.zip
2010-07-09 20:21:49 0 d-----w- C:\MGtools
2010-07-09 10:23:16 14 ----a-w- c:\windows\system32\tmpPrst.tgz
2010-07-09 09:33:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 08:33:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-09 08:33:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-09 06:31:41 0 d-sha-r- C:\cmdcons
2010-07-09 06:27:22 98816 ----a-w- c:\windows\sed.exe
2010-07-09 06:27:22 77312 ----a-w- c:\windows\MBR.exe
2010-07-09 06:27:22 256512 ----a-w- c:\windows\PEV.exe
2010-07-09 06:27:22 161792 ----a-w- c:\windows\SWREG.exe
2010-07-08 20:01:25 58 ----a-w- c:\windows\RegDefrag.ini
2010-07-08 19:23:42 0 d-----w- c:\program files\WinASO
2010-07-08 10:16:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-08 06:49:32 64 ----a-w- c:\windows\wininit.ini
2010-07-07 21:20:09 47927 ----a-w- c:\windows\system32\ifarmed.html
2010-07-06 10:55:52 0 d-----w- c:\docume~1\alluse~1\applic~1\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-07-06 07:02:05 38 ----a-w- c:\documents and settings\owner\{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
2010-07-03 10:29:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-03 08:59:08 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-07-03 08:46:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 08:46:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 08:46:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 08:46:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-03 08:05:29 38 ----a-w- c:\windows\system32\online_{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
2010-07-03 08:05:22 38 ----a-w- c:\windows\system32\{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
2010-07-03 05:28:31 58 --sh--w- c:\windows\system32\User.ini
2010-07-03 05:27:03 120 ----a-w- c:\windows\Llibe.dat
2010-07-03 05:27:03 0 ----a-w- c:\windows\Wzevobu.bin
2010-07-03 00:11:06 0 d-----w- c:\docume~1\owner\applic~1\Waves Preferences
2010-07-03 00:00:37 0 d-----w- c:\program files\Waves
2010-07-02 23:59:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-25 04:32:30 20480 ----a-w- c:\windows\system32\wbload.dll
2010-06-22 12:15:34 0 ------w- c:\windows\WB.ini
2010-06-22 12:06:54 42672 ------w- c:\windows\system32\wbsys.dll
2010-06-22 12:06:53 0 d-----w- c:\program files\Stardock
2010-06-22 09:53:31 0 d-----w- c:\program files\NCH Software
2010-06-20 07:53:51 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-06-20 07:53:34 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-06-20 07:52:01 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-06-20 07:44:06 0 d-----w- c:\windows\ie8updates
2010-06-20 07:40:04 0 dc-h--w- c:\windows\ie8
2010-06-20 07:38:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 07:38:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 07:38:09 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 07:37:57 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 01:26:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-20 01:25:11 0 d-----w- C:\Westwood
2010-06-20 00:15:02 0 d-----w- c:\windows\Logs
2010-06-19 20:13:54 0 d-----w- c:\docume~1\owner\applic~1\DAEMON Tools Pro
2010-06-19 20:08:58 8650752 ----a-w- c:\documents and settings\owner\ntuser.dat.bak
==================== Find3M ====================
2010-07-03 05:26:30 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-29 11:56:11 2048 ----a-w- c:\windows\system32\sysprs7.dll
2010-05-28 22:12:20 348160 ------w- c:\windows\system32\msvcr71.dll
2010-05-28 22:12:20 1060864 ------w- c:\windows\system32\mfc71.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 12:30:54.25 ===============