Autorun.inf in my computer wreaking havoc in my drives. Wish for a permanent fix!

[Mindasploded]

Fairly certain my computer's playing host to the autorun.inf malware. Should've known better than to bring random flash drives I'd used on university computers anywhere near mine, but well, you live and learn. It even got to my Kindle and disappeared everything on it, but I managed to get my books to show and remove the malware from the device. The blasted thing, however, is still hiding somewhere in my computer, so whatever I plug into it comes away from it with the files turned invisible and yet another autorun.inf file popping into existence. I want it gone from my computer for good, so I'll leave it to you experts before I do any more damage!

As per the instructions, I've provided the necessary logs below, from the DDS and Attach text files, respectively:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6000.17123 BrowserJavaVersion: 1.6.0_16

Run by ASUS at 18:51:27 on 2013-03-23

Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2047.774 [GMT 7:00]

.

AV: ESET Smart Security 3.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Prey\platform\windows\cronsvc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe

C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files\ASUS\ATK Hotkey\HControl.exe

C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\CPE17\CPE17AntiAutorun1330.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Documents and Settings\ASUS\My Documents\My Music\Installations\AutoRunExterminator.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\Documents and Settings\ASUS\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Documents and Settings\ASUS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://gaxpaxita.info/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -

BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [sRS Premium Sound] "c:\program files\srs labs\srs premium sound\SRSPremiumSoundBig_Small.exe" /hideme

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon

uRun: [Google Update] "c:\documents and settings\asus\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [F.lux] "c:\documents and settings\asus\local settings\apps\f.lux\flux.exe" /noshow

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [nwiz] nwiz.exe /installquiet

mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe

mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe

mRun: [MsgTranAgt] c:\program files\asus\atk hotkey\MsgTranAgt.exe

mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe

mRun: [ATKHOTKEY] c:\program files\asus\atk hotkey\HControl.exe

mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe

mRun: [Power4Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1

mRun: [Net4Switch] c:\program files\asus\net4switch\Net4Switch.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe

mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe

mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe

mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe

mRun: [protect_autorun] c:\program files\cpe17\CPE17AntiAutorun1330.exe /start

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [AutoRunExterminator] c:\documents and settings\asus\my documents\my music\installations\AutoRunExterminator.exe

dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32

mExplorerRun: [39390] c:\docume~1\alluse~1\locals~1\temp\mszanr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{a9feb6d7-9c52-49fc-b956-7ab275b78890}\_5598CE641C54B66A23693F.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ninja.lnk - c:\program files\ninja\ninja.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoAutorun = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - c:\progra~1\flashget\jc_all.htm

IE: &ดาวน์โหลดโดยใช้ FlashGet - c:\progra~1\flashget\jc_link.htm

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

TCP: NameServer = 50.23.239.24 208.67.222.222

TCP: Interfaces\{E9B736FB-01C5-4C7B-A0C0-DFF9C01578DD} : DHCPNameServer = 50.23.239.24 208.67.222.222

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: Antiwpa - antiwpa.dll

Notify: Aspwdflt - c:\program files\asus\asus data security manager\ASPWDFLT.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\asus\application data\mozilla\firefox\profiles\giv8unu5.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://gaxpaxita.info/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\asus\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\asus\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\asus\application data\mozilla\plugins\npo1d.dll

FF - plugin: c:\documents and settings\asus\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - ExtSQL: !HIDDEN! 2010-05-15 01:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]

R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-11 95232]

R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\srs labs\srs premium sound\SRS_VolSync.exe [2009-4-8 70880]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-9-30 89856]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-9-30 233128]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-30 1684736]

S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\e:\i386\asprocob.sys --> e:\i386\AsProcOb.sys [?]

S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656]

S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-9-30 41656]

.

=============== File Associations ===============

.

FileExt: .pif: piffile_disabled - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]

FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx\Dreamweaver.exe" "%1"

.

=============== Created Last 30 ================

.

2013-03-22 16:10:32 -------- d-----w- c:\program files\Ninja

2013-03-21 11:59:17 -------- d-----w- c:\program files\Dropbox

2013-03-16 20:56:02 -------- d-----w- c:\documents and settings\asus\application data\QuickStoresToolbar

2013-03-16 20:55:55 -------- d-----w- c:\program files\Unlocker

2013-03-16 20:52:44 -------- d-----w- c:\program files\AVAST Software

2013-03-16 20:52:08 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2013-03-16 08:51:06 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-14 14:20:06 -------- d-----w- c:\documents and settings\asus\application data\{4530AD6C-8F37-48FC-A98E-05BC4DC37899}

2013-03-14 14:19:44 -------- d-----w- c:\documents and settings\asus\application data\{51C471C6-A70A-495C-B2A6-718887CE5203}

2013-03-08 12:26:17 -------- d-----w- c:\documents and settings\asus\application data\{994F4882-DDEA-4BE4-81E8-EA6EEDAC6CE1}

2013-03-08 12:25:53 -------- d-----w- c:\documents and settings\asus\application data\{C64C782F-F116-458F-971F-3CFEC4CD44CF}

2013-03-08 12:25:41 -------- d-----w- C:\TEMP

2013-02-28 09:55:11 -------- d-----w- c:\documents and settings\asus\application data\Foxit Software

.

==================== Find3M ====================

.

2013-03-23 11:38:12 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat

2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-06 00:51:16 832512 ----a-w- c:\windows\system32\wininet.dll

2013-02-06 00:51:15 78336 ----a-w- c:\windows\system32\ieencode.dll

2013-02-06 00:51:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-06 00:51:15 17408 ----a-w- c:\windows\system32\corpol.dll

2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll

2006-05-03 05:06:54 163328 --sha-w- c:\windows\system32\flvDX.dll

2007-02-21 06:47:16 31232 --sha-w- c:\windows\system32\msfDX.dll

2008-03-16 08:30:52 216064 --sha-w- c:\windows\system32\nbDX.dll

2010-01-06 17:00:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll

.

============= FINISH: 18:52:10.43 ===============

and

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 30/9/2552 8:08:45

System Uptime: 23/3/2556 18:37:36 (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K40IN

Processor: Intel Pentium III Xeon processor | Socket 478 | 2099/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 45.817 GiB free.

D: is FIXED (NTFS) - 200 GiB total, 65.223 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Atheros AR928X Wireless Network Adapter

Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_10671A3B&REV_01\4&BF75662&0&00B0

Manufacturer: Atheros

Name: Atheros AR928X Wireless Network Adapter

PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_10671A3B&REV_01\4&BF75662&0&00B0

Service: AR5416

.

==== System Restore Points ===================

.

RP652: 22/3/2556 20:18:40 - System Checkpoint

.

==== Installed Programs ======================

.

?Torrent

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

ALTools Update

AmIcoSingLun

Anki

Apple Mobile Device Support

Apple Software Update

Applian FLV Player

ASUS Data Security Manager

ASUS FancyStart

ASUS MultiFrame

ASUS Power4Gear

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

Asus_Camera_ScreenSaver

Atheros Client Installation Program

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

Bonjour

calibre

CCleaner

CDisplay 1.8

Celtx (2.7)

ClamWin Free Antivirus 0.95.2

CutePDF Writer 2.8

CyberLink PowerDVD 8

Defraggler

DivX Web Player

Dropbox

DVD Flick 1.3.0.7

Eraser 6.0.10.2620

ESET Smart Security

ETDWare PS/2-x86 7.0.5.3 WHQL

EVEREST Home Edition v2.20

Evernote v. 4.1

F.lux

Fanfiction Downloader v4.0.3

FileZilla Client 3.3.2

FlashGet 1.9.6.1073

focus booster

foobar2000 v1.0.2.1

Foxit Reader

Freecorder 5

GOM Player

Google Chrome

Google Talk Plugin

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

iTunes

Java 6 Update 16

JDownloader 0.9

LifeFrame2

LyX 2.0.0-3 (Installed for Current User)

Macromedia Dreamweaver MX

Macromedia Extension Manager

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee SiteAdvisor

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2003 Thai User Interface Pack

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIRC

Mozilla Firefox 15.0.1 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT Redists

Multimedia Card Reader

NB Probe

Nero 7 Ultra Edition

Net4Switch

Notepad++

NVIDIA Drivers

OpenOffice.org 3.1

PDF-Viewer

QuickStores-Toolbar 1.1.0

QuickTime

QuotePad 2.2

RaySource 2.2.0.1

RealPlayer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Recuva

RocketDock 1.3.5

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB2722913)

Security Update for Windows Internet Explorer 7 (KB2744842)

Security Update for Windows Internet Explorer 7 (KB2761465)

Security Update for Windows Internet Explorer 7 (KB2792100)

Security Update for Windows Internet Explorer 7 (KB2797052)

Security Update for Windows Internet Explorer 7 (KB2799329)

Security Update for Windows Internet Explorer 7 (KB2809289)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype? 4.2

Spelling Dictionaries Support For Adobe Reader 9

SRS Premium Sound

SumatraPDF 2.1.1

Trillian

TrueCrypt

Unlocker 1.9.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB 2.0 1.3M UVC WebCam

VC80CRTRedist - 8.0.50727.762

VLC media player 2.0.4

WampServer 2.2

WebFldrs XP

Winamp

WinDirStat 1.1.2

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

WinFlash

WinRAR archiver

WinZip 11.1

Wireless Console 3

Workrave 1.9.4

Zune Desktop Theme

.

==== Event Viewer Messages From Past Week ========

.

20/3/2556 16:17:57, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf8488e2, parameter3 b1583ae4, parameter4 00000000.

19/3/2556 7:22:55, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0026184711DD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

19/3/2556 17:09:01, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

.

==== End Of File ===========================

By the way, I've actually already done a Quick Scan before I found this forum and these files came up:

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|39390 (Trojan.Agent.CO) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mszanr.exe -> No action taken.

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Files Detected: 2

C:\Documents and Settings\All Users\Local Settings\Temp\mszanr.exe (Trojan.Agent.CO) -> No action taken.

C:\TEMP\TrustedInstaller.exe (Backdoor.Androm.ST) -> No action taken.

As you can see, I left them alone since I wanted to do this whole thing properly and not send my computer to an early grave.

Looking forward to tackling this pesky problem together. You guys are my only hope!

[MrCharlie]

Welcome to the forum.

First thing to do is download, install and run Panda USB and AutoRun Vaccine, vaccinate all drives:

http://research.pand...utoRun-Vaccine/

Then scan then with Malwarebytes and you anti-virus.

Let me know...MrC

[Mindasploded]

By "vaccinate all drives," do you mean just clicking the "Vaccinate computer" button?

Also, my main anti-virus protection, this ESET Smart Security 3.0.669.0 the ASUS store where I bought my laptop installed for me, has been out-of-date for quite some time, and in my defense, I've tried updating it, but it's kept telling me time and again that my username and/or password, which I was never given, were invalid. Since it never seemed that big of a deal to me (actually, I was a little too lazy to deal with it the moment the problem began), I've always overlooked it, so when you said to scan with my anti-virus program after vaccinating my computer, I don't think my current setup is what you had in mind. What do you recommend I do?

Thanks in advance!

[MrCharlie]

By "vaccinate all drives," do you mean just clicking the "Vaccinate computer" button?

Yes and then plug in all your usb flash drives to "Vaccinate" them also.

Avast free for your AV:

http://www.avast.com/en-us/index

MrC

[Mindasploded]

Couldn't install Avast, as my ESET "Smart" Security deleted it for being "a variant of Win32/Genetik trojan." I may be hasty in saying this, but does this mean I should go ahead and get rid of the program since it seems to be useless?

[MrCharlie]

Yes, you have to uninstall it. MrC

[Mindasploded]

Okay, I've now replaced ESET Smart Security with Avast, and I love it. Also, my computer has now been vaccinated; I wasn't expecting the process to be so quick!

However, while some of my USB flash drives made it through, others failed the vaccination process; the message I kept getting with them was "Vaccination was not possible. Error reading the volume." Should I format them or leave them alone for now? Since my computer got infected, I haven't plugged in my external hard drive yet, lest that become infected as well (I'm fairly certain it's autorun-free, seeing as the files were visible the last time I checked it and not replaced by one shifty-looking file called "Removable Disk (4GB)" or some such that seems to lead to system32 when I hold my cursor over it), so I'm dreading when I have to do it in order to vaccinate it, or is that unnecessary?

Afterwards, when I scan my computer with Malwarebytes, do you want me to do a Quick or Full Scan?

Thanks again!

[MrCharlie]

However, while some of my USB flash drives made it through, others failed the vaccination process; the message I kept getting with them was "Vaccination was not possible. Error reading the volume." Should I format them or leave them alone for now?

Yes, I would format them

Since my computer got infected, I haven't plugged in my external hard drive yet, lest that become infected as well (I'm fairly certain it's autorun-free, seeing as the files were visible the last time I checked it and not replaced by one shifty-looking file called "Removable Disk (4GB)" or some such that seems to lead to system32 when I hold my cursor over it), so I'm dreading when I have to do it in order to vaccinate it, or is that unnecessary?

Yes, I would

Afterwards, when I scan my computer with Malwarebytes, do you want me to do a Quick or Full Scan?

If you have the time do a Full scan, if not the Quick scan will do.

MrC

[Mindasploded]

All right, so I've formatted one of my USB flash drives that prompted that "Vaccination was not possible. Error reading the volume." message and tried vaccinating it again. Still couldn't do it, alas, and got the same message. Is it ruined?

If I plug in my 1TB external hard drive now in order to vaccinate it, wouldn't the autorun malware get in there and mess with my files? I would hate to have to format it, let alone have it be for naught like with what happened above, because there are a lot of files on it that I can't afford to lose.

Could I skip ahead and start scanning my computer with Malwarebytes and Avast instead? Apologies if I'm being unreasonably cautious; I'm just too scared to inadvertently wreck my computer.

[MrCharlie]

All right, so I've formatted one of my USB flash drives that prompted that "Vaccination was not possible. Error reading the volume." message and tried vaccinating it again. Still couldn't do it, alas, and got the same message. Is it ruined?

Can you use it other wise?

If I plug in my 1TB external hard drive now in order to vaccinate it, wouldn't the autorun malware get in there and mess with my files? I would hate to have to format it, let alone have it be for naught like with what happened above, because there are a lot of files on it that I can't afford to lose.

Could I skip ahead and start scanning my computer with Malwarebytes and Avast instead? Apologies if I'm being unreasonably cautious; I'm just too scared to inadvertently wreck my computer.

Yes, try that

MrC

[Mindasploded]

That's the strangest thing: I just tried vaccinating the USB flash drive that was giving me trouble earlier, and well, what do you know? It's now protected! Wish I didn't have to format it, though, but if I still got that "Vaccination was not possible. Error reading the volume." message even after formatting it, was the formatting not necessary after all?

By the way, the thing's still usable, so there's the extra good news!

I did a full Malwarebytes scan and quick Avast scan (please let me know if the latter is insufficient), so here are the results:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.22.12

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

ASUS :: ASUS-3AFEBB7C4D [administrator]

26/3/2556 19:14:44

MBAM-log-2556-03-26 (21-40-38).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 334579

Time elapsed: 2 hour(s), 23 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|39390 (Trojan.Agent.CO) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mszanr.exe -> No action taken.

Registry Data Items Detected: 2

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Documents and Settings\All Users\Local Settings\Temp\mszanr.exe (Trojan.Agent.CO) -> No action taken.

C:\TEMP\TrustedInstaller.exe (Backdoor.Androm.ST) -> No action taken.

C:\WINDOWS\AntiWPA\antiwpa.dll (PUP.Wpakill) -> No action taken.

(end)

and

Avast didn't give me any logs, just the "NO THREAT FOUND" message. Would a full Avast scan be better, or do you already have all that you need?

Again, thanks for everything so far, MrCharlie!

[MrCharlie]

No action taken. <------you did delete these right??

------------------------------------

Lets run some scans........

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

[Mindasploded]

No action taken. <------you did delete these right??

No, I kind of took you at face value when you said to scan my computer and didn't mention anything about erasing files, as I'd assumed you wanted the logs. Sorry!

But should I delete ALL of the detected files? I should inform you at this point that I bought this Asus laptop in Thailand, so I'm pretty sure I've been using a cracked version of Windows XP. From a quick Google search on some of what Malwarebytes picked up, particularly the "TrustedInstaller.exe" and "antiwpa.dll" files, would deleting some of them end up causing more trouble than before? This is just me thinking out loud, so it'd be great if you could clear up any ambiguities.

[MrCharlie]

I'm pretty sure I've been using a cracked version of Windows XP

Well thanks for being honest about that, but that's against the policy on Piracy:

http://forums.malwar...showtopic=97700

So I have to stop now, I have to go by the rules also. You have the opportunity to make it right.

There's plenty of offers on E-Bay and other sites to purchase genuine versions of XP pro or you can contact Microsoft a get a license.

Let me know...MrC