Inactive My computer sends too much packets to the Internet

[Eksplorer]

I've been having this problem for last 4 or 5 days, or anyway I didn't notice it before. Since last time I've reinstalled my WinXP (SP3), almost 3 years, i've been using Avira for protection. But last three months automatic updating Avira was disabled by some proxy settings, and I didn't notice it. But I'm pretty sure that this problem I have now is not older than several days. Number of sent packets is almost equal to the number of received packets (or sometimes even higher than it), which I think is not normal, since I'm not uploading anything. Even when I download (after fresh restart of the connection) a file, say 75MB, number of sent packets counts about 25000, and 50000 received. I know that before this problem occured number of sent packets on my computer was always at least about 10 times less than number of received packets.
Since I noticed this problem, I instaled new version of Avira Free, updated and performed system scan. But problem persisted, even though Avira cleared about 30 suspicious entries. I also tried to solve this by reinstalling my network adapter card, but nothing. My web browser, Mozilla Firefox 3.6.23, opens new pages much slower than before, though Speedtest.net results are good, more or less like before, ~2 Mbps down, and ~0.2 Mbps up, ping 80ms.
Then I found this forum. I followed 5 steps that you recommend.
NOTE. After I performed step 2, I've tried to run GMER, but it wasn't possible, because every time I tried to run it, my computer crashed. I think I've tried for at least 20 times. Finally, I managed to run it, but only by running it before any of the programs from my notification area appeared, meaning I've run GMER just after Windows start up and my log on.
Here are the logs of Malwarebytes, GMER and DDS respectively

============Malwarebytes log==============:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8054

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

31.10.2011 22:38:40
mbam-log-2011-10-31 (22-38-40).txt

Scan type: Quick scan
Objects scanned: 199990
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 25

Memory Processes Infected:
c:\WINDOWS\system32\wmpdnc32.exe (Trojan.Agent) -> 1764 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Data Network (Trojan.Agent) -> Value: Windows Data Network -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig (Trojan.Agent) -> Value: MSConfig -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\wmpdnc32.exe (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\miljan\local settings\Temp\tmp19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\Temp\tmp21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp106.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp107.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp23.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\2EFBKVDR\5x2[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\OJH9S89G\2vs[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\OJH9S89G\tn[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\OJH9S89G\pq[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\OXQJGLM7\pq[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\SH2Z4XER\pq[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\SH2Z4XER\2vs[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\miljan\local settings\temporary internet files\Content.IE5\SH2Z4XER\2vs[2].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\45EFCXMF\mg2[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\45EFCXMF\tn[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\CDE34HUJ\pq[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\K167CLEZ\5x2[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\K167CLEZ\68[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\K167CLEZ\80[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\K167CLEZ\80[2].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\K167CLEZ\80[3].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\WL6BGTUB\2vs[1].zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.


=================GMER log:===================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-02 04:56:29
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19 ST3120827AS rev.3.42
Running: pnzzye30.exe; Driver: C:\DOCUME~1\miljan\LOCALS~1\Temp\ugddypow.sys


---- System - GMER 1.0.15 ----

SSDT F7F0DA7C ZwClose
SSDT F7F0DA36 ZwCreateKey
SSDT F7F0DA86 ZwCreateSection
SSDT F7F0DA2C ZwCreateThread
SSDT F7F0DA3B ZwDeleteKey
SSDT F7F0DA45 ZwDeleteValueKey
SSDT F7F0DA77 ZwDuplicateObject
SSDT F7F0DA4A ZwLoadKey
SSDT F7F0DA18 ZwOpenProcess
SSDT F7F0DA1D ZwOpenThread
SSDT F7F0DA9F ZwQueryValueKey
SSDT F7F0DA54 ZwReplaceKey
SSDT F7F0DA90 ZwRequestWaitReplyPort
SSDT F7F0DA4F ZwRestoreKey
SSDT F7F0DA8B ZwSetContextThread
SSDT F7F0DA95 ZwSetSecurityObject
SSDT F7F0DA40 ZwSetValueKey
SSDT F7F0DA9A ZwSystemDebugControl
SSDT F7F0DA27 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[712] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\intelppm.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\drivers\STREAM.SYS[NTOSKRNL.EXE!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\drivers\ks.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Modem.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\point32.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\mouclass.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\serial.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\serenum.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\fdc.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\parport.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\imapi.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\redbook.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\drivers\portcls.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\audstub.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndistapi.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\msgpc.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\rdpdr.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\termdd.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\swenum.sys[NTOSKRNL.EXE!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\update.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\mssmbios.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\wdf01000.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\usbhub.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\drivers\MODEMCSA.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\flpydisk.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Fs_Rec.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Null.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Msfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Npfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\rasacd.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F7D685FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7D68D56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7D68D56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 US30Kbd2K.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 US30Kbd2K.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

---- EOF - GMER 1.0.15 ----


============DDS log:===========

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Run by miljan at 5:31:15 on 2011-11-02
Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.1023.488 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\windows\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\Anvshell.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\miljan\Application Data\T-Mobile Internet Manager\ouc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 193.200.150.82:1010
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Anvshell] c:\windows\Anvshell.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WinFast Schedule] c:\program files\winfast\wftvfm\WFWIZ.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [SmartSync - ScheduleSync] c:\progra~1\mobile~1\smarts~1\SCHEDU~1.EXE
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [NPSStartup]
mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
dRun: [MSConfig] c:\documents and settings\networkservice\ibqhp.exe \u
StartupFolder: c:\docume~1\miljan\startm~1\programs\startup\hddlife.lnk - c:\program files\binarysense\hddlife 3\HDDlifePro.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: UpdateCheck - {A918EE38-F8AA-4E18-B98D-C9CB68CA6358} - c:\windows\system32\mspatuha.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\miljan\application data\mozilla\firefox\profiles\nxkho5rr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.b92.net/sport/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\t-mobile\internetmanager_h\ocx32\addon\components\bmboc_addon3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Bytemobile Optimization Client: ff-bmboc@bytemobile.com - c:\program files\t-mobile\internetmanager_h\ocx32\addon
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-4-27 13184]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-29 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-29 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-29 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-29 74640]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-8-19 229376]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-20 238952]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-31 366152]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-6-15 188736]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2009-8-15 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2009-8-15 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2009-8-15 34789]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-20 36608]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-4-27 63616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-31 22216]
R3 US30Kbd;US30Kbd;c:\windows\system32\drivers\US30Kbd2K.sys [2005-3-31 10464]
R3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2009-8-15 9510]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-4-27 101504]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [2011-4-27 7552]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-4-27 69504]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-10-31 21:29:52 -------- d-----w- c:\documents and settings\miljan\application data\Malwarebytes
2011-10-31 21:29:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-31 21:29:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-31 21:29:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-31 19:51:22 65173 ----a-r- c:\windows\system32\TDInst2K.exe
2011-10-31 12:38:49 -------- d-----w- c:\windows\system32\NtmsData
2011-10-31 11:29:17 -------- d-----w- c:\program files\PrintFolder
2011-10-29 23:52:29 -------- d-----w- c:\program files\Tesseract-OCR
2011-10-29 17:05:57 -------- d-----w- c:\documents and settings\miljan\application data\Avira
2011-10-29 17:04:46 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-29 17:04:45 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-29 17:04:44 -------- d-----w- c:\program files\Avira
2011-10-29 17:04:44 -------- d-----w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2011-10-24 17:41:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 5:32:13,50 ===============

 

[Eksplorer]

============DDS Attached================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume6
Install Date: 8/15/2009 9:28:49 PM
System Uptime: 11/2/2011 12:38:03 AM (5 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | P4P800
Processor: Intel(R) Celeron(R) CPU 2.40GHz | CPU 1 | 2398/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 26 GiB total, 6.531 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 55.563 GiB free.
E: is FIXED (NTFS) - 14 GiB total, 2.782 GiB free.
F: is FIXED (NTFS) - 34 GiB total, 11.548 GiB free.
G: is FIXED (NTFS) - 15 GiB total, 14.581 GiB free.
H: is FIXED (NTFS) - 59 GiB total, 19.482 GiB free.
I: is CDROM ()
J: is CDROM ()
K: is FIXED (NTFS) - 29 GiB total, 17.483 GiB free.
L: is FIXED (NTFS) - 96 GiB total, 12.978 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3A7EE6E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3A7EE6E01800
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3164&SUBSYS_80F41043&REV_06\4&2E98101C&0&20F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3164&SUBSYS_80F41043&REV_06\4&2E98101C&0&20F0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&2E98101C&0&58F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC #3
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&2E98101C&0&58F0
Service: rtl8139
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: VgaSave
Device ID: ROOT\LEGACY_VGASAVE\0000
Manufacturer:
Name: VgaSave
PNP Device ID: ROOT\LEGACY_VGASAVE\0000
Service: VgaSave
.
==== System Restore Points ===================
.
RP521: 9/4/2011 8:04:00 PM - System Checkpoint
RP522: 9/9/2011 10:56:05 AM - System Checkpoint
RP523: 9/20/2011 8:38:47 AM - System Checkpoint
RP524: 10/13/2011 7:00:23 PM - System Checkpoint
RP525: 10/19/2011 9:08:20 PM - System Checkpoint
RP526: 10/21/2011 3:46:51 PM - System Checkpoint
RP527: 10/25/2011 5:21:19 PM - System Checkpoint
RP528: 10/26/2011 5:21:54 PM - System Checkpoint
RP529: 10/27/2011 9:32:47 AM - Avira AntiVir Personal - 27.10.2011 9:32
RP530: 10/28/2011 4:46:18 PM - System Checkpoint
RP531: 10/29/2011 6:47:05 PM - System Checkpoint
RP532: 10/30/2011 1:47:59 AM - Anti reCAPTCHA v2.06 eliminado.
RP533: 10/30/2011 1:52:26 AM - Anti-reCAPTCHA v3.01 JD instalado.
RP534: 10/31/2011 8:21:09 AM - System Checkpoint
RP535: 10/31/2011 8:41:47 PM - Unsigned driver install
RP536: 10/31/2011 9:05:51 PM - Unsigned driver install
RP537: 11/2/2011 4:05:18 AM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.64
A-PDF Image Downsample 1.7
ABC Amber Palm Converter
Adobe Acrobat 7.0 Professional
Adobe Flash Player 11 Plugin
Adobe Reader 8.2.0
Anti-reCAPTCHA v3.01 JD
ArcExplorer Java Edition
ArcGIS Explorer
ArduoPdfMerger
AudioCatalyst
Auto Gordian Knot 2.45
Avira Free Antivirus
AviSynth 2.5
Brew Mobile Commander 1.2
BS.Player FREE
BufferChm
calibre
Comical 0.8
Compatibility Pack for the 2007 Office system
Coojah6
Crystal Reports Basic for Visual Studio 2008
CustomerResearchQFolder
DeviceManagementQFolder
Dolet Light for Finale 2004
DVD Decrypter (Remove Only)
Easy Video Splitter 1.28
ESRI ArcExplorer 2.0
eSupportQFolder
FBReader for Windows
Finale 2004
FlashPeak SlimBrowser
foobar2000 v1.1.6
GPL Ghostscript 8.64
GSpot Codec Information Appliance
Haali Reader 2.0 (remove only)
HI-TECH C PRO for the PIC10/12/16 MCU Family V9.65PL1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photo and Imaging 1.0 - Scanjet 3500c Series
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
JDownloader
K-Lite Codec Pack 5.4.4 (Full)
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft FrontPage Client - English
Microsoft IntelliPoint 7.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows Media Video 9 VCM
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Mobile Modem Assistant
Mobile Phone Manager
Mozilla Firefox (3.6.23)
MPLAB Tools v8.40
MSDN Library for Visual Studio 2008 - ENU
MSXML 6.0 Parser
Nero 7 Demo
Nitro PDF Professional
NVIDIA Windows 2000/XP Display Drivers
PC Wizard 2008.1.871
PDFCreator
PDFill PDF Editor with FREE Writer and Free Tools
Pegasus Imaging's PICVideo 3
PrintFolder 1.3
QUICKfind server v1.1
RapidShare Manager 2
RAR Password Cracker 4.12
RasterStitch 2.30
Readiris Pro 12
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Replay Media Catcher 3.01
Russian Phonetic YaZHert - RusWin.net - Custom - Custom - Custom
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
ShareIns
SmartSync
SolutionCenter
Sony Media Manager 2.0
Sony Noise Reduction Plug-In 2.0e
Sony Sound Forge 9.0
Sony Vegas 6.0c
SopCast 3.0.3
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SQL Editor for Oracle
Srpski elektronski recnik
Status
STDU Viewer version 1.5.635.0
Subtitle Workshop
SyncToy 2.1 (x86)
T-Mobile Internet Manager
TatukGIS Viewer 2.8.0.5031
TDSL Personal Edition 1.1
The KMPlayer (remove only)
Toolbox
TrayApp
Ulead Straight-to-Disc SDK
Ultrafunk Sonitus FX Pack R3a
Universal SQL Editor 1.2.4
Unload
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio.NET Baseline - English
VobSub v2.23 (Remove Only)
Vuze
WebFldrs XP
WebReg
WhereIsIt? 3.57
Winamp
Winamp Detector Plug-in
WinDjView 1.0.3
Windows Live Messenger
Windows Media Format Runtime
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Service Pack 3
WinFast Entertainment Center(WDM Driver)
WinFast PVR
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
XnView 1.93.6
XviD MPEG4 Video Codec (remove only)
YouTube Downloader 3.3
.
==== Event Viewer Messages From Past Week ========
.
11/2/2011 12:20:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv
11/1/2011 8:19:12 PM, error: System Error [1003] - Error code 10000050, parameter1 8ccc12dc, parameter2 00000001, parameter3 86352def, parameter4 00000000.
10/31/2011 9:03:22 PM, error: System Error [1003] - Error code 100000d1, parameter1 00720066, parameter2 00000002, parameter3 00000000, parameter4 eca3b981.
10/31/2011 8:57:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/31/2011 8:57:25 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/31/2011 8:56:41 AM, error: System Error [1003] - Error code 100000d1, parameter1 0074006d, parameter2 00000002, parameter3 00000000, parameter4 ec9ef979.
10/31/2011 8:56:38 PM, error: Print [19] - Sharing printer failed + 1722, Printer PDFill PDF&Image Writer share name Printer2.
10/31/2011 12:48:52 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 ec9ef9ae.
10/31/2011 11:23:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip tcpipBM
10/31/2011 11:23:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 11:23:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 11:23:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 11:23:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 11:10:47 PM, error: System Error [1003] - Error code 0000001a, parameter1 00003451, parameter2 c0218128, parameter3 85db5c00, parameter4 00000000.
10/31/2011 11:06:45 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 85bf8000, parameter3 85bf8828, parameter4 1b050000.
10/31/2011 10:55:14 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 85bce000, parameter3 85bce828, parameter4 1b050000.
10/31/2011 10:03:45 PM, error: PlugPlayManager [11] - The device Root\LEGACY_US30SYS\0000 disappeared from the system without first being prepared for removal.
10/29/2011 7:41:40 PM, error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error 307 (0x133).
10/26/2011 2:41:31 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000C6ED707AE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! As you may have seen in Mbam, there were many files infected by Trojans. We will have to see what additional entries mat be present.
------------------------------------------
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
There are a few installed programs or apps I will ask you to translate them and tell me if you intentionally installed them.
=====================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
============================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

=========================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Please leave the 3 logs in your next reply.
===============================================
Please update Java to v6u29: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

This will include opening Firefox> Addons and removing all other version of Java. You do not have to install a separate Java update in Firefox.
--------------------------------------------------
There will be malware in the Java cache due to the outdated programs so is needs to be cleaned:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel. The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com

There is no log to leave for Java.

 

[Eksplorer]

Hi, Bobbye! Thanks for deciding to help me! I'm afraid it won't go as smooth as I hoped it would.
There is a problem on the first step: when I tried to run Combofix, it wasn't possible to install Microsoft Windows Recovery Console. When I clicked "Yes" to download and install, the prompt popped with something like "boot partition cannot be correctly enumerated". I clicked "OK", and Combofix continued it's work, without MWRC. After it "completed stage_50", and after about a minute of waiting a message in the Combofix console appeared "Deleting files:", and the very next moment the system crashed! After the system recovered, I did all this over again, and the same thing happened. Combofix didn't produce any log, or I was not able to find it. To follow the order of the tasks you asked, after this I didn't do anything. Please, have you any idea what can I do now?

 

[Bobbye]

Folders Infected:
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.

Almost got by me- haven't seen this in a while. This appears to be a Conficker malware infection. It copies itself to the Recycler.

What you need to know: Confiker is spreaad through the local network, mapped network drives and found in P2P progrms and files. It makes use of Auto-Play.
--------------------------------
Please run this Removal Tool from Sophos

Follow any on screen prompts.
================================================
1. Change all of your passwords.
2. Disinfect all removable drives (flash drive etc.)
You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
   Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
4. Wait until it has finished scanning and then exit the program.
5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
3. Check all other computers on the network.
4. If you are using any file sharing programs, stop.
===============================================
To help prevent infection or it's spread:

• Apply this MS08-67 patch
• Disable file and print sharing
• Strengthen your password
• Turn off autorun for USB devices
• Apply a device control policy
• Use network access control (NAC) to check that patches, antivirus and firewall are installed, running and up to date. Check this Wiki page that begins with In Plain English

See how this removal goes.
Then go back and see if you can pick up the scans that did not run.

 

[Eksplorer]

OK, I ran Sophos, changed my passwords (I couldn't find a secure computer, so I installed WinXP on my other HDD, just to change passwords), and disinfected all my drives using Flash Disinfector. I applied the patch you gave me, and disabled File and Print Sharing.

After all this i ran ComboFix again, but exactly the same thing happened like before ( "Error: the Boot Partition couldn't be enumerated correctly" while trying to download and install MWRC, and system crash after the "Deleting files: " message). What should I do now?

 

[Bobbye]

Upon reviewing the logs you have left so far, it appears that you are using programs with express purpose of defeating the digital rights management.It is possible that some of this is legal in your country, however it is not legal here.

There are also many processes that have no English sites for identification.
The system does not show any SP, Windows or Security updates. This usually points to an invalid operating system. You are also using file sharing. Please run the following scans for my review:
=============================
Please run the MGA Diagnostics tool

• You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
• You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
• You must choose to Run this tool when prompted.
• Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
• If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
• After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
• Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
====================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

[Eksplorer]

Upon reviewing the logs you have left so far, it appears that you are using programs with express purpose of defeating the digital rights management.It is possible that some of this is legal in your country, however it is not legal here.

Yes, I am using some those, I'm afraid there is nothing unusual about that in the part of the world where I live, except for the professionals and legal subjects. Thought this doesn't mean that it is legal even in my country.

There are also many processes that have no English sites for identification.

If some of them are suspicious to you, maybe I can explain their purpose, just name them.

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?

It is Win XP Pro with SP1, I got it from the seller where I bought my computer, but I got only the Product Key with it, i have nothing about COA. Obviously, an illegal copy I've got. It was usual practice then (year 2003.) for some sellers to sell computers with non genuine software, and it was not a big concern for buyers either.

The logs you asked:

===MGA diagnostic tool===
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-WRKJB-YKRFQ-XVK98
Windows Product Key Hash: p3JYo49I4HFumf8jBg8no8xdXJY=
Windows Product ID: 55274-648-8637434-23940
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {40AC4759-DF88-498C-83EC-9627FA4F2A3C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{40AC4759-DF88-498C-83EC-9627FA4F2A3C}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XVK98</PKey><PID>55274-648-8637434-23940</PID><PIDType>1</PIDType><SID>S-1-5-21-1417001333-220523388-725345543</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080009 </Version><SMBIOSVersion major="2" minor="3"/><Date>20040223000000.000000+000</Date></BIOS><HWID>B2BD3D6F01848063</HWID><UserLCID>081A</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57240</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1C021:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

======CKScanner======

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\miljan\start menu\programs\rar password cracker\license agreement.lnk
c:\documents and settings\miljan\start menu\programs\rar password cracker\rar password cracker registration.lnk
c:\documents and settings\miljan\start menu\programs\rar password cracker\rar password cracker wizard.lnk
c:\documents and settings\miljan\start menu\programs\rar password cracker\rar password cracker.lnk
c:\documents and settings\miljan\start menu\programs\rar password cracker\readme.lnk
c:\documents and settings\miljan\start menu\programs\rar password cracker\uninstall.lnk
c:\documents and settings\miljan\start menu\programs\rar password cracker\Для русских.lnk
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\morton benson\crack.exe
c:\program files\rar password cracker\example.rpc
c:\program files\rar password cracker\example1.rar
c:\program files\rar password cracker\example2.rar
c:\program files\rar password cracker\license.txt
c:\program files\rar password cracker\readme.txt
c:\program files\rar password cracker\rpc.exe
c:\program files\rar password cracker\special.chr
c:\program files\rar password cracker\uninstall.exe
c:\program files\rar password cracker\Для русских.txt
c:\program files\rasterstitch 2.30\crack.exe
scanner sequence 3.IJ.11.NSAPMX
----- EOF -----

 

[Bobbye]

No matter where you live in the world, stealing software programs is illegal. You've come to my world for help and I don't support piracy.

This thread is closed.