Mindasploded

No, I kind of took you at face value when you said to scan my computer and didn't mention anything about erasing files, as I'd assumed you wanted the logs. Sorry! But should I delete ALL of the detected files? I should inform you at this point that I bought this Asus laptop in Thailand, so I'm pretty sure I've been using a cracked version of Windows XP. From a quick Google search on some of what Malwarebytes picked up, particularly the "TrustedInstaller.exe" and "antiwpa.dll" files, would deleting some of them end up causing more trouble than before? This is just me thinking out loud, so it'd be great if you could clear up any ambiguities.

That's the strangest thing: I just tried vaccinating the USB flash drive that was giving me trouble earlier, and well, what do you know? It's now protected! Wish I didn't have to format it, though, but if I still got that "Vaccination was not possible. Error reading the volume." message even after formatting it, was the formatting not necessary after all? By the way, the thing's still usable, so there's the extra good news! I did a full Malwarebytes scan and quick Avast scan (please let me know if the latter is insufficient), so here are the results: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.22.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 ASUS :: ASUS-3AFEBB7C4D [administrator] 26/3/2556 19:14:44 MBAM-log-2556-03-26 (21-40-38).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 334579 Time elapsed: 2 hour(s), 23 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|39390 (Trojan.Agent.CO) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mszanr.exe -> No action taken. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\All Users\Local Settings\Temp\mszanr.exe (Trojan.Agent.CO) -> No action taken. C:\TEMP\TrustedInstaller.exe (Backdoor.Androm.ST) -> No action taken. C:\WINDOWS\AntiWPA\antiwpa.dll (PUP.Wpakill) -> No action taken. (end)and Avast didn't give me any logs, just the "NO THREAT FOUND" message. Would a full Avast scan be better, or do you already have all that you need? Again, thanks for everything so far, MrCharlie!

All right, so I've formatted one of my USB flash drives that prompted that "Vaccination was not possible. Error reading the volume." message and tried vaccinating it again. Still couldn't do it, alas, and got the same message. Is it ruined? If I plug in my 1TB external hard drive now in order to vaccinate it, wouldn't the autorun malware get in there and mess with my files? I would hate to have to format it, let alone have it be for naught like with what happened above, because there are a lot of files on it that I can't afford to lose. Could I skip ahead and start scanning my computer with Malwarebytes and Avast instead? Apologies if I'm being unreasonably cautious; I'm just too scared to inadvertently wreck my computer.

Okay, I've now replaced ESET Smart Security with Avast, and I love it. Also, my computer has now been vaccinated; I wasn't expecting the process to be so quick! However, while some of my USB flash drives made it through, others failed the vaccination process; the message I kept getting with them was "Vaccination was not possible. Error reading the volume." Should I format them or leave them alone for now? Since my computer got infected, I haven't plugged in my external hard drive yet, lest that become infected as well (I'm fairly certain it's autorun-free, seeing as the files were visible the last time I checked it and not replaced by one shifty-looking file called "Removable Disk (4GB)" or some such that seems to lead to system32 when I hold my cursor over it), so I'm dreading when I have to do it in order to vaccinate it, or is that unnecessary? Afterwards, when I scan my computer with Malwarebytes, do you want me to do a Quick or Full Scan? Thanks again!

Couldn't install Avast, as my ESET "Smart" Security deleted it for being "a variant of Win32/Genetik trojan." I may be hasty in saying this, but does this mean I should go ahead and get rid of the program since it seems to be useless?

By "vaccinate all drives," do you mean just clicking the "Vaccinate computer" button? Also, my main anti-virus protection, this ESET Smart Security 3.0.669.0 the ASUS store where I bought my laptop installed for me, has been out-of-date for quite some time, and in my defense, I've tried updating it, but it's kept telling me time and again that my username and/or password, which I was never given, were invalid. Since it never seemed that big of a deal to me (actually, I was a little too lazy to deal with it the moment the problem began), I've always overlooked it, so when you said to scan with my anti-virus program after vaccinating my computer, I don't think my current setup is what you had in mind. What do you recommend I do? Thanks in advance!

Fairly certain my computer's playing host to the autorun.inf malware. Should've known better than to bring random flash drives I'd used on university computers anywhere near mine, but well, you live and learn. It even got to my Kindle and disappeared everything on it, but I managed to get my books to show and remove the malware from the device. The blasted thing, however, is still hiding somewhere in my computer, so whatever I plug into it comes away from it with the files turned invisible and yet another autorun.inf file popping into existence. I want it gone from my computer for good, so I'll leave it to you experts before I do any more damage! As per the instructions, I've provided the necessary logs below, from the DDS and Attach text files, respectively: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.17123 BrowserJavaVersion: 1.6.0_16 Run by ASUS at 18:51:27 on 2013-03-23 Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2047.774 [GMT 7:00] . AV: ESET Smart Security 3.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Prey\platform\windows\cronsvc.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATK Hotkey\HControl.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Wireless Console 3\wcourier.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\Net4Switch\Net4Switch.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\CPE17\CPE17AntiAutorun1330.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ASUS\ATK Hotkey\WDC.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Documents and Settings\ASUS\My Documents\My Music\Installations\AutoRunExterminator.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Documents and Settings\ASUS\Local Settings\Apps\F.lux\flux.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://gaxpaxita.info/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [sRS Premium Sound] "c:\program files\srs labs\srs premium sound\SRSPremiumSoundBig_Small.exe" /hideme uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon uRun: [Google Update] "c:\documents and settings\asus\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [F.lux] "c:\documents and settings\asus\local settings\apps\f.lux\flux.exe" /noshow uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nwiz] nwiz.exe /installquiet mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe mRun: [MsgTranAgt] c:\program files\asus\atk hotkey\MsgTranAgt.exe mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe mRun: [ATKHOTKEY] c:\program files\asus\atk hotkey\HControl.exe mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe mRun: [Power4Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1 mRun: [Net4Switch] c:\program files\asus\net4switch\Net4Switch.exe mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe mRun: [protect_autorun] c:\program files\cpe17\CPE17AntiAutorun1330.exe /start mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [AutoRunExterminator] c:\documents and settings\asus\my documents\my music\installations\AutoRunExterminator.exe dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 mExplorerRun: [39390] c:\docume~1\alluse~1\locals~1\temp\mszanr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{a9feb6d7-9c52-49fc-b956-7ab275b78890}\_5598CE641C54B66A23693F.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ninja.lnk - c:\program files\ninja\ninja.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoAutorun = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - c:\progra~1\flashget\jc_all.htm IE: &ดาวน์โหลดโดยใช้ FlashGet - c:\progra~1\flashget\jc_link.htm IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab TCP: NameServer = 50.23.239.24 208.67.222.222 TCP: Interfaces\{E9B736FB-01C5-4C7B-A0C0-DFF9C01578DD} : DHCPNameServer = 50.23.239.24 208.67.222.222 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: Antiwpa - antiwpa.dll Notify: Aspwdflt - c:\program files\asus\asus data security manager\ASPWDFLT.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\asus\application data\mozilla\firefox\profiles\giv8unu5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://gaxpaxita.info/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\asus\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\asus\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\asus\application data\mozilla\plugins\npo1d.dll FF - plugin: c:\documents and settings\asus\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - ExtSQL: !HIDDEN! 2010-05-15 01:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968] R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-11 95232] R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\srs labs\srs premium sound\SRS_VolSync.exe [2009-4-8 70880] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-9-30 89856] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-9-30 233128] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-30 1684736] S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\e:\i386\asprocob.sys --> e:\i386\AsProcOb.sys [?] S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656] S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-9-30 41656] . =============== File Associations =============== . FileExt: .pif: piffile_disabled - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas] FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx\Dreamweaver.exe" "%1" . =============== Created Last 30 ================ . 2013-03-22 16:10:32 -------- d-----w- c:\program files\Ninja 2013-03-21 11:59:17 -------- d-----w- c:\program files\Dropbox 2013-03-16 20:56:02 -------- d-----w- c:\documents and settings\asus\application data\QuickStoresToolbar 2013-03-16 20:55:55 -------- d-----w- c:\program files\Unlocker 2013-03-16 20:52:44 -------- d-----w- c:\program files\AVAST Software 2013-03-16 20:52:08 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2013-03-16 08:51:06 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-14 14:20:06 -------- d-----w- c:\documents and settings\asus\application data\{4530AD6C-8F37-48FC-A98E-05BC4DC37899} 2013-03-14 14:19:44 -------- d-----w- c:\documents and settings\asus\application data\{51C471C6-A70A-495C-B2A6-718887CE5203} 2013-03-08 12:26:17 -------- d-----w- c:\documents and settings\asus\application data\{994F4882-DDEA-4BE4-81E8-EA6EEDAC6CE1} 2013-03-08 12:25:53 -------- d-----w- c:\documents and settings\asus\application data\{C64C782F-F116-458F-971F-3CFEC4CD44CF} 2013-03-08 12:25:41 -------- d-----w- C:\TEMP 2013-02-28 09:55:11 -------- d-----w- c:\documents and settings\asus\application data\Foxit Software . ==================== Find3M ==================== . 2013-03-23 11:38:12 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 00:51:16 832512 ----a-w- c:\windows\system32\wininet.dll 2013-02-06 00:51:15 78336 ----a-w- c:\windows\system32\ieencode.dll 2013-02-06 00:51:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-06 00:51:15 17408 ----a-w- c:\windows\system32\corpol.dll 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll 2006-05-03 05:06:54 163328 --sha-w- c:\windows\system32\flvDX.dll 2007-02-21 06:47:16 31232 --sha-w- c:\windows\system32\msfDX.dll 2008-03-16 08:30:52 216064 --sha-w- c:\windows\system32\nbDX.dll 2010-01-06 17:00:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll . ============= FINISH: 18:52:10.43 ===============and . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 30/9/2552 8:08:45 System Uptime: 23/3/2556 18:37:36 (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K40IN Processor: Intel Pentium III Xeon processor | Socket 478 | 2099/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 45.817 GiB free. D: is FIXED (NTFS) - 200 GiB total, 65.223 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Atheros AR928X Wireless Network Adapter Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_10671A3B&REV_01\4&BF75662&0&00B0 Manufacturer: Atheros Name: Atheros AR928X Wireless Network Adapter PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_10671A3B&REV_01\4&BF75662&0&00B0 Service: AR5416 . ==== System Restore Points =================== . RP652: 22/3/2556 20:18:40 - System Checkpoint . ==== Installed Programs ====================== . ?Torrent Acrobat.com Adobe AIR Adobe Flash Player 10 Plugin ALTools Update AmIcoSingLun Anki Apple Mobile Device Support Apple Software Update Applian FLV Player ASUS Data Security Manager ASUS FancyStart ASUS MultiFrame ASUS Power4Gear ASUS Splendid Video Enhancement Technology ASUS Virtual Camera Asus_Camera_ScreenSaver Atheros Client Installation Program ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 Bonjour calibre CCleaner CDisplay 1.8 Celtx (2.7) ClamWin Free Antivirus 0.95.2 CutePDF Writer 2.8 CyberLink PowerDVD 8 Defraggler DivX Web Player Dropbox DVD Flick 1.3.0.7 Eraser 6.0.10.2620 ESET Smart Security ETDWare PS/2-x86 7.0.5.3 WHQL EVEREST Home Edition v2.20 Evernote v. 4.1 F.lux Fanfiction Downloader v4.0.3 FileZilla Client 3.3.2 FlashGet 1.9.6.1073 focus booster foobar2000 v1.0.2.1 Foxit Reader Freecorder 5 GOM Player Google Chrome Google Talk Plugin Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) iTunes Java 6 Update 16 JDownloader 0.9 LifeFrame2 LyX 2.0.0-3 (Installed for Current User) Macromedia Dreamweaver MX Macromedia Extension Manager Malwarebytes Anti-Malware version 1.70.0.1100 McAfee SiteAdvisor Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2003 Thai User Interface Pack Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 mIRC Mozilla Firefox 15.0.1 (x86 en-GB) Mozilla Maintenance Service MSVCRT Redists Multimedia Card Reader NB Probe Nero 7 Ultra Edition Net4Switch Notepad++ NVIDIA Drivers OpenOffice.org 3.1 PDF-Viewer QuickStores-Toolbar 1.1.0 QuickTime QuotePad 2.2 RaySource 2.2.0.1 RealPlayer REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Recuva RocketDock 1.3.5 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 7 (KB2744842) Security Update for Windows Internet Explorer 7 (KB2761465) Security Update for Windows Internet Explorer 7 (KB2792100) Security Update for Windows Internet Explorer 7 (KB2797052) Security Update for Windows Internet Explorer 7 (KB2799329) Security Update for Windows Internet Explorer 7 (KB2809289) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype? 4.2 Spelling Dictionaries Support For Adobe Reader 9 SRS Premium Sound SumatraPDF 2.1.1 Trillian TrueCrypt Unlocker 1.9.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB 2.0 1.3M UVC WebCam VC80CRTRedist - 8.0.50727.762 VLC media player 2.0.4 WampServer 2.2 WebFldrs XP Winamp WinDirStat 1.1.2 Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) WinFlash WinRAR archiver WinZip 11.1 Wireless Console 3 Workrave 1.9.4 Zune Desktop Theme . ==== Event Viewer Messages From Past Week ======== . 20/3/2556 16:17:57, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf8488e2, parameter3 b1583ae4, parameter4 00000000. 19/3/2556 7:22:55, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0026184711DD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 19/3/2556 17:09:01, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File ===========================By the way, I've actually already done a Quick Scan before I found this forum and these files came up: Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|39390 (Trojan.Agent.CO) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mszanr.exe -> No action taken. Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Files Detected: 2 C:\Documents and Settings\All Users\Local Settings\Temp\mszanr.exe (Trojan.Agent.CO) -> No action taken. C:\TEMP\TrustedInstaller.exe (Backdoor.Androm.ST) -> No action taken.As you can see, I left them alone since I wanted to do this whole thing properly and not send my computer to an early grave. Looking forward to tackling this pesky problem together. You guys are my only hope!