[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1292428093-746137067-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1292428093-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\Calvin\Desktop\utorrent.exe" -> [C:\Documents and Settings\Calvin\Desktop\utorrent.exe:*:Enabled:µTorrent]
YN -> "C:\Program Files\AVG\AVG10\avgmfapx.exe" -> [C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\Auto\command ->
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\Auto\command\\"" -> [G:\run.exe]
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun ->
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\command ->
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL run.exe]
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\Auto\command ->
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\Auto\command\\"" -> [G:\run.exe]
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun ->
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\command ->
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL run.exe]
[Files/Folders - Modified Within 30 Days]
NY -> 85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\Calvin\Local Settings\Application Data\85ofw6p8b0gy3qnjn6mw
NY -> 85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\All Users\Application Data\85ofw6p8b0gy3qnjn6mw
[Files - No Company Name]
NY -> 85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\Calvin\Local Settings\Application Data\85ofw6p8b0gy3qnjn6mw
NY -> 85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\All Users\Application Data\85ofw6p8b0gy3qnjn6mw
[File - Lop Check]
NY -> AVG10 -> C:\Documents and Settings\All Users\Application Data\AVG10
NY -> avg9 -> C:\Documents and Settings\All Users\Application Data\avg9
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Controlling the computer is possible without Windows Explorer running (for example, the File | Run command in Task Manager on NT-derived versions of Windows will function without it, as will commands typed in a command prompt window). It is sometimes referred to as the Windows Shell, explorer.exe, or simply “Explorer”.http://en.wikipedia.org/wiki/Windows_Explorer
MBAM showing that you're not infected. Looks like you're clean.You know not of what you speak! ::)
But try to rescan with avast! and make a boot-time scan to be sure you're realy clear of viruses.
06:58:19.515 Disk 0 MBR [TDL4] **ROOTKIT**Re-Run aswMBR
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-606747145-861567501-1417001333-500\] > ->
YN -> HKEY_USERS\S-1-5-21-606747145-861567501-1417001333-500\: "ProxyServer" -> http=127.0.0.1:8888; https=127.0.0.1:8888
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrador\Application Data\Mozilla\FireFox\Profiles\5f9spbeh.default\prefs.js
YN -> extensions.charles.settings.disabled.network.proxy.http -> "127.0.0.1"
YN -> extensions.charles.settings.disabled.network.proxy.http_port -> 8888
YN -> extensions.charles.settings.disabled.network.proxy.socks -> ""
YN -> extensions.charles.settings.disabled.network.proxy.ssl -> "127.0.0.1"
YN -> extensions.charles.settings.disabled.network.proxy.ssl_port -> 8888
YN -> extensions.charles.settings.enabled.network.proxy.http -> "127.0.0.1"
YN -> extensions.charles.settings.enabled.network.proxy.http_port -> 8888
YN -> extensions.charles.settings.enabled.network.proxy.ssl -> "127.0.0.1"
YN -> extensions.charles.settings.enabled.network.proxy.ssl_port -> 8888
YN -> network.proxy.http -> "127.0.0.1"
YN -> network.proxy.http_port -> 8888
YN -> network.proxy.ssl -> "127.0.0.1"
YN -> network.proxy.ssl_port -> 8888
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YY -> mexyuhxq.dll -> C:\WINDOWS\System32\mexyuhxq.dll
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{385907f1-1404-11df-9422-0013ce6bf428}\Shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{385907f1-1404-11df-9422-0013ce6bf428}\Shell\AutoRun\command ->
YN -> \{385907f1-1404-11df-9422-0013ce6bf428}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nEIopi.EXE]
[Files/Folders - Created Within 30 Days]
NY -> mexyuhxq.dll -> C:\WINDOWS\System32\mexyuhxq.dll
[Files/Folders - Modified Within 30 Days]
NY -> mexyuhxq.dll -> C:\WINDOWS\System32\mexyuhxq.dll
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
@peja could you start your own thread please as it could get very confusing otherwise