hi, i have a problem regarding the malware bds\small.iuj... my anti virus is avira, and it keep giving me warnings about my explorer.exe...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :filefind
explorer.exe

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:05 on 09/08/2010 by jakee anghag (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565

-=End Of File=-

Download and SAVE this file to your Desktop: ftp://ftp.geekpolice.net/GPUser/DragonMasterJay/explorer.exe (do not open it!)

---

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  killall::
  
  FCopy::
  c:\documents and settings\jakee anghag\desktop\explorer.exe | c:\windows\explorer.exe
  
  Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

NOTE:

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

ComboFix 10-08-09.02 - jakee anghag 08/10/2010 8:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.424 [GMT 1:00]
Running from: c:\documents and settings\jakee anghag\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\jakee anghag\My Documents\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
ADS - explorer.exe: deleted 26 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\documents and settings\jakee anghag\desktop\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-09 18:48 . 2010-08-09 18:48 -------- d-----w- c:\documents and settings\jakee anghag\Local Settings\Application Data\WMTools Downloaded Files
2010-08-09 01:13 . 2010-08-09 01:13 -------- d-----w- c:\documents and settings\jakee anghag\Local Settings\Application Data\Graboid_Inc
2010-08-09 01:13 . 2010-08-09 01:13 -------- d-----w- c:\documents and settings\jakee anghag\Local Settings\Application Data\Graboid
2010-08-09 01:13 . 2010-08-09 01:13 -------- d-----w- c:\documents and settings\jakee anghag\Application Data\MozillaControl
2010-08-09 01:13 . 2010-08-09 01:13 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-08-09 01:11 . 2010-08-09 01:16 -------- d-----w- c:\documents and settings\jakee anghag\Application Data\vlc
2010-08-09 01:07 . 2010-08-09 01:07 -------- d-----w- c:\program files\VideoLAN
2010-08-09 01:07 . 2010-08-09 01:33 -------- d-----w- c:\program files\Graboid
2010-08-08 14:38 . 2010-08-08 14:38 25 ----a-w- c:\windows\popcinfot.dat
2010-08-08 14:38 . 2010-08-08 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-08-08 14:25 . 2010-08-08 14:38 -------- d-----w- c:\program files\Plants vs. Zombies
2010-08-07 18:07 . 2006-04-18 03:00 102400 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
2010-08-07 18:07 . 2010-08-07 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-08-07 18:07 . 2004-09-10 19:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-08-07 18:07 . 2006-08-10 01:02 75264 ----a-w- c:\windows\system32\E_FLBBHP.DLL
2010-08-07 18:07 . 2006-04-19 01:00 62976 ----a-w- c:\windows\system32\E_FD4BBHP.DLL
2010-08-07 18:07 . 2006-01-06 14:53 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-07 18:06 . 2010-08-07 18:06 -------- d-----w- c:\program files\EPSON
2010-08-07 17:22 . 2010-08-07 17:22 -------- d-----w- C:\Rooter$
2010-08-07 17:10 . 2010-08-07 17:10 -------- d-----w- c:\documents and settings\jakee anghag\Application Data\Malwarebytes
2010-08-07 17:10 . 2010-08-07 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 17:10 . 2010-08-07 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 16:19 . 2010-08-07 16:31 -------- d-----w- c:\windows\system32\NtmsData
2010-08-07 11:43 . 2010-08-08 11:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-07 08:35 . 2010-08-07 08:35 393587 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll
2010-08-05 19:22 . 2010-08-09 09:55 96 ---ha-w- c:\windows\system32\HsInfo.dat
2010-08-05 19:20 . 2010-08-05 19:20 -------- d-----w- c:\program files\Level Up Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 07:40 . 2010-08-05 06:07 -------- d-----w- c:\documents and settings\jakee anghag\Application Data\LimeWire
2010-08-10 07:15 . 2006-01-13 01:46 1033216 ----a-w- c:\windows\explorer.exe
2010-08-08 10:27 . 2010-08-07 13:59 40832 ----a-w- c:\windows\system32\drivers\Yonline.ahc
2010-08-05 14:16 . 2010-08-05 13:25 -------- d-----w- c:\documents and settings\jakee anghag\Application Data\Apple Computer
2010-08-05 13:51 . 2010-08-05 13:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2010-08-05 13:39 . 2010-08-05 13:39 -------- d-----w- c:\program files\Avira
2010-08-05 13:39 . 2010-08-05 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-05 13:28 . 2010-08-05 13:28 15544 ----a-w- c:\documents and settings\jakee anghag\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-05 13:25 . 2010-08-05 13:24 -------- d-----w- c:\program files\iTunes
2010-08-05 13:25 . 2010-08-05 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-05 13:24 . 2010-08-05 13:24 -------- d-----w- c:\program files\iPod
2010-08-05 13:24 . 2010-08-05 13:23 -------- d-----w- c:\program files\Common Files\Apple
2010-08-05 13:24 . 2010-08-05 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-05 13:24 . 2010-08-05 12:39 -------- d-----w- c:\program files\QuickTime Alternative
2010-08-05 13:23 . 2010-08-05 13:23 -------- d-----w- c:\program files\Apple Software Update
2010-08-05 13:23 . 2010-08-05 13:23 -------- d-----w- c:\program files\Bonjour
2010-08-05 13:23 . 2010-08-05 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-05 13:15 . 2010-08-05 13:15 -------- d-----w- c:\documents and settings\jakee anghag\Application Data\Camfrog
2010-08-05 12:55 . 2010-08-05 12:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-05 12:51 . 2010-08-05 12:51 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-05 12:51 . 2010-08-05 12:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-05 12:51 . 2010-08-05 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-08-05 12:50 . 2010-08-05 12:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 12:49 . 2010-08-05 12:49 -------- d-----w- c:\program files\Vtune
2010-08-05 12:43 . 2010-08-05 12:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-05 12:39 . 2010-08-05 12:39 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-08-05 12:39 . 2010-08-05 12:39 2293 ----a-w- c:\windows\mozver.dat
2010-08-05 12:38 . 2010-08-05 12:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 12:37 . 2010-08-05 12:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-05 12:35 . 2010-08-05 12:35 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-05 12:34 . 2010-08-05 12:34 -------- d-----w- c:\program files\Unlocker
2010-08-05 12:31 . 2010-08-05 12:31 -------- d-----w- c:\program files\MSN Messenger
2010-08-05 06:57 . 2010-08-05 06:57 -------- d-----w- c:\documents and settings\jakee anghag\Application Data\Avira
2010-08-05 06:06 . 2010-08-05 06:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 06:06 . 2010-08-05 06:06 61440 ----a-w- c:\documents and settings\jakee anghag\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-11e5225c-n\decora-sse.dll
2010-08-05 06:06 . 2010-08-05 06:06 12800 ----a-w- c:\documents and settings\jakee anghag\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-11e5225c-n\decora-d3d.dll
2010-08-05 06:06 . 2010-08-05 06:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-05 06:06 . 2010-08-05 06:06 -------- d-----w- c:\program files\Java
2010-08-05 06:04 . 2010-08-05 06:04 0 ----a-w- c:\windows\nsreg.dat
2010-08-05 06:00 . 2010-08-05 05:59 -------- d-----w- c:\program files\IDT
2010-08-05 05:59 . 2010-08-05 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2010-08-10 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-10_07.25.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-10 07:39 . 2010-08-10 07:39 16384 c:\windows\temp\Perflib_Perfdata_424.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-10-05 2158592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\jakee anghag\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - d:\program files\LimeWire\LimeWire.exe [2010-7-29 503808]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Level Up Games\\K.O.S. Secret Operations\\game_sting_pak\\sting.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12032:TCP"= 12032:TCP:????

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/5/2010 2:39 PM 135336]
R2 Yonline;Yonline;c:\windows\system32\drivers\Yonline.ahc [8/7/2010 2:59 PM 40832]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [8/5/2010 1:59 PM 37376]
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jakee anghag\Application Data\Mozilla\Firefox\Profiles\df4t9ird.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 08:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Yonline]
"ImagePath"="\??\c:\windows\system32\drivers\Yonline.ahc"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-10 08:42:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-10 07:42
ComboFix2.txt 2010-08-10 07:27

Pre-Run: 32,680,931,328 bytes free
Post-Run: 32,671,371,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1BFE6B7D011E2DB1B6CB69FE73B14830

Excellent. Good job. Now, let's check for any other malware.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/10/2010 6:50:51 PM
mbam-log-2010-08-10 (18-50-51).txt

Scan type: Quick scan
Objects scanned: 125189
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jakee anghag\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

---

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply as well as the scan log from ESET.

Hi, i can't download kaspersky GetSystemInfo because when i click the link this message appears:

Not Found

The requested URL /GSI/GetSystemInfo.exe was not found on this server.

Here's the log from Eset:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a43c874a7eb74d4296b4c4121325bb3e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-11 06:32:55
# local_time=2010-08-11 07:32:55 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775125 100 93 1575 40596509 31569 0
# compatibility_mode=8192 67108863 100 0 302 302 0 0
# scanned=41674
# found=1
# cleaned=1
# scan_time=1360
C:\WINDOWS\system32\Tools\Hide.exe probably a variant of Win32/Adware.Agent.IXOUQJP application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Are there any other signs of infection?

i don't know, but the warnings about my explorer stopped...

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results. Post only the contents of both logs. There is no way to attach.
• Close the program window, and delete the program from your Desktop.

ATTACH.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2010 1:39:49 PM
System Uptime: 8/12/2010 7:54:00 AM (0 hours ago)

Motherboard: ECS | | A740GM-M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | CPU 1 | 2400/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | CPU 1 | 2400/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 30.345 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 29.617 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1057&DEV_5608&SUBSYS_00001057&REV_00\4&2966AB86&0&00A4
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1057&DEV_5608&SUBSYS_00001057&REV_00\4&2966AB86&0&00A4
Service:

==== System Restore Points ===================

RP10: 8/8/2010 9:33:19 AM - clean
RP11: 8/10/2010 8:33:17 AM - ComboFix created restore point
RP12: 8/11/2010 10:49:14 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner
EPSON Printer Software
ESET Online Scanner v3
IDT Audio
iTunes
Java Auto Updater
Java(TM) 6 Update 21
July 2010
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.
NVIDIA Drivers
NVIDIA PhysX
QuickTime
QuickTime Alternative 1.67
Software Update for Web Folders
Tumble Bugs
VLC media player 1.0.1
Vtune 7.6
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/7/2010 7:12:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/7/2010 6:41:16 PM, error: Service Control Manager [7000] - The Cardex service failed to start due to the following error: Cannot create a file when that file already exists.
8/7/2010 11:41:08 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001E908BB2E5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/6/2010 1:55:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001E908BB2E5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/5/2010 2:38:01 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
8/5/2010 2:38:01 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\JAKEEA~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
8/5/2010 2:38:01 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
8/5/2010 1:42:47 PM, information: Windows File Protection [64032] - Windows File Protection is not active on this system.
8/5/2010 1:39:57 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
8/10/2010 8:34:24 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2010 6:54:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
8/10/2010 6:54:01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================


DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by jakee anghag at 7:57:40.57 on Thu 08/12/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.517 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
D:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jakee anghag\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [EPSON Stylus C59 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibhp.exe /fu "c:\docume~1\jakeea~1\locals~1\temp\E_S63.tmp" /EF "HKCU"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\jakeea~1\startm~1\programs\startup\limewi~1.lnk - d:\program files\limewire\LimeWire.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jakeea~1\applic~1\mozilla\firefox\profiles\df4t9ird.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-5 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-5 60936]
R2 Yonline;Yonline;c:\windows\system32\drivers\Yonline.ahc [2010-8-7 40832]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2010-8-5 37376]

=============== Created Last 30 ================

2010-08-11 06:05:14 0 d-----w- c:\program files\ESET
2010-08-10 21:05:14 4096 ----a-w- c:\windows\d3dx.dat
2010-08-10 21:05:11 0 d-----w- c:\docume~1\jakeea~1\applic~1\Wildfire
2010-08-10 21:04:35 0 d-----w- c:\program files\ReflexiveArcade
2010-08-10 17:37:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 17:37:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 16:42:03 25 ----a-w- c:\windows\popcinfot.dat
2010-08-10 07:34:02 0 d-sha-r- C:\cmdcons
2010-08-10 07:33:01 0 d-----w- C:\ComboFix
2010-08-10 07:18:06 98816 ----a-w- c:\windows\sed.exe
2010-08-10 07:18:06 77312 ----a-w- c:\windows\MBR.exe
2010-08-10 07:18:06 256512 ----a-w- c:\windows\PEV.exe
2010-08-10 07:18:06 161792 ----a-w- c:\windows\SWREG.exe
2010-08-09 01:13:17 0 d-----w- c:\docume~1\jakeea~1\applic~1\MozillaControl
2010-08-09 01:13:12 0 d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-08-09 01:07:21 0 d-----w- c:\program files\VideoLAN
2010-08-09 01:07:07 0 d-----w- c:\program files\Graboid
2010-08-08 14:38:52 25 ----a-w- c:\program files\popcinfot.dat
2010-08-08 14:38:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2010-08-08 14:25:26 0 d-----w- c:\program files\Plants vs. Zombies
2010-08-07 18:07:49 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-08-07 18:07:46 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-08-07 18:07:45 75264 ----a-w- c:\windows\system32\E_FLBBHP.DLL
2010-08-07 18:07:45 62976 ----a-w- c:\windows\system32\E_FD4BBHP.DLL
2010-08-07 18:07:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-07 18:06:46 0 d-----w- c:\program files\EPSON
2010-08-07 17:22:53 0 d-----w- C:\Rooter$
2010-08-07 17:10:18 0 d-----w- c:\docume~1\jakeea~1\applic~1\Malwarebytes
2010-08-07 17:10:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 17:10:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-07 16:19:01 0 d-----w- c:\windows\system32\NtmsData
2010-08-07 13:59:07 40832 ----a-w- c:\windows\system32\drivers\Yonline.ahc
2010-08-05 21:06:26 0 d-----w- c:\windows\pss
2010-08-05 19:22:52 96 ---ha-w- c:\windows\system32\HsInfo.dat
2010-08-05 19:20:24 0 d-----w- c:\program files\Level Up Games
2010-08-05 13:39:30 0 d-----w- c:\program files\Avira
2010-08-05 13:39:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-08-05 13:27:30 0 d-----w- c:\program files\common files\ODBC
2010-08-05 13:27:03 0 d-----r- c:\documents and settings\all users\Documents
2010-08-05 13:24:43 0 d-----w- c:\program files\iPod
2010-08-05 13:24:41 0 d-----w- c:\program files\iTunes
2010-08-05 13:24:41 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-05 13:23:28 0 d-----w- c:\program files\Bonjour
2010-08-05 13:15:03 0 d-----w- c:\docume~1\jakeea~1\applic~1\Camfrog
2010-08-05 12:51:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-08-05 12:51:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-08-05 12:50:51 0 d-----w- c:\program files\NVIDIA Corporation
2010-08-05 12:49:10 0 d-----w- c:\program files\Vtune
2010-08-05 12:43:45 0 d-----w- c:\program files\Microsoft ActiveSync
2010-08-05 12:39:19 0 d-----w- c:\program files\QuickTime Alternative
2010-08-05 12:37:30 0 d-sh--w- c:\documents and settings\all users\DRM
2010-08-05 12:37:07 0 d--h--w- c:\program files\WindowsUpdate
2010-08-05 12:37:03 0 d-----w- c:\program files\Online Services
2010-08-05 12:36:16 0 d-----w- c:\program files\common files\MSSoap
2010-08-05 12:34:46 0 d-----w- c:\program files\Unlocker
2010-08-05 12:31:37 0 d-----w- c:\program files\MSN Messenger
2010-08-05 12:31:13 0 d-----w- c:\program files\Windows NT
2010-08-05 06:57:31 0 d-----w- c:\docume~1\jakeea~1\applic~1\Avira
2010-08-05 06:07:03 0 d-----w- c:\docume~1\jakeea~1\applic~1\LimeWire
2010-08-05 05:59:59 0 d-----w- c:\program files\IDT

==================== Find3M ====================

2010-08-10 07:15:45 1033216 ----a-w- c:\windows\explorer.exe
2010-08-05 12:39:18 2293 ----a-w- c:\windows\mozver.dat
2010-08-05 12:39:18 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-08-05 12:35:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-05 06:06:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 7:58:04.07 ===============

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
  
• Ran OTC
  
• Ran TFC
  
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.