Computer Hope
Software => Computer viruses and spyware => Topic started by: 810311 on December 24, 2010, 09:15:14 PM
-
Hello good people,
I would appreciate your advice on the following. The sequence of events are as they happened.
SYMPTOMS:
- Trojan Horse Back Door YY13 was detected and cured by AVG as well as another Trojan was detected and removed by Malwarebytes (I have attached Malwarebytes log - AVG log doesn't show any threat detected and removed for some reason).
- My Google Chrome icon changed to a blank icon (like exe file) and I wasn't able to launch Chrome. I found info on the internet saying it could be due to conflict between AVG and Chrome. So I went to AVG and revert to previous settings as was advised. That allowed me to uninstall Chrome and install it again. For now Chrome seems to run OK.
- Now I keep receiving two system messages after each start up:
RUNDLL: Error loading C:\WINDOWS\sphpxpnt.dll - The specified module could not be found.
RUNDLL: Error loading C:\WINDOWS\aracetuw.dll - The specified module could not be found.
Please, see screenshot of the error and Malwarebytes log attached. Please, let me know if I should follow any of the steps outlined at
http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095 (Computer Hope Virus and Spyware section Guidelines) e.g. I am not sure if I have firewall installed.
Thanks for your time and effort.
[recovering disk space - old attachment deleted by admin]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
The MBAM log is an from an old version of MBAM. Please uninstall it, download and run a new scan with this:
Please do not attach your logs unless absolutely necessary. Copy and paste them.
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Hello SuperDave,
Please, find below logs requested.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/25/2010 at 07:55 PM
Application Version : 4.47.1000
Core Rules Database Version : 6069
Trace Rules Database Version: 3881
Scan type : Complete Scan
Total Scan Time : 01:17:03
Memory items scanned : 624
Memory threats detected : 0
Registry items scanned : 7384
Registry threats detected : 0
File items scanned : 83329
File threats detected : 182
Adware.Tracking Cookie
C:\Documents and Settings\Sergei Prigara\Cookies\[email protected][1].txt
adknowledge.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
ads1.msn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
bc.youporn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
cdn-www.pornhub.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
cdn4.specificclick.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
ia.media-imdb.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
interclick.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
macromedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
media.mtvnservices.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
media.scanscout.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
media.socialvibe.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
media.tattomedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
media01.isagenix.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
media01.kyte.tv [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
msnbcmedia.msn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
msntest.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
multimedia.metacafe [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
naiadsystems.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
objects.tremormedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
s0.2mdn.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
secure-it.imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
static.xxxmatch.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
static.youporn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
track.trackads.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
trackads.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
udn.specificclick.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
vitamine.networldmedia.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
www.alphaporno.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
www.naiadsystems.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
www.pornhub.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
yieldmanager.edgesuite.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
.apmebf.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.smileycentral.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.smileycentral.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.starmedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.adserver.easyad.info [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.adserver.easyad.info [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.bnbfinder.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.try.starware.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.www3.addfreestats.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.crackle.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.partypoker.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.www.addfreestats.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.keywordmax.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.keywordmax.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.rocku.adbureau.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.sexyyorkgirl.sparkusers.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.www.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.eas.apm.emediate.eu [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.eas.apm.emediate.eu [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.eas.apm.emediate.eu [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.sitestats.ets.org [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.fr.sitestat.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User
ads.crakmedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.pornhub.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
delivery.staging.trafficjunky.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
pixel.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.workopolis.122.2o7.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bellcan.adbureau.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5396
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/26/2010 12:38:30 PM
mbam-log-2010-12-26 (12-38-30).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 231835
Time elapsed: 1 hour(s), 2 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1019\A0133090.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1019\A0133091.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1019\A0133092.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1022\A0134076.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1022\A0134077.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2007 7:55:36 PM
System Uptime: 12/26/2010 12:40:38 PM (3 hours ago)
Motherboard: Dell Inc. | | 0JF242
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1994/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 93 GiB total, 64.133 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP971: 9/28/2010 6:21:51 PM - System Checkpoint
RP972: 9/29/2010 7:56:08 PM - Software Distribution Service 3.0
RP973: 10/1/2010 8:48:42 PM - System Checkpoint
RP974: 10/3/2010 12:02:49 PM - Software Distribution Service 3.0
RP975: 10/4/2010 11:23:56 PM - System Checkpoint
RP976: 10/6/2010 7:40:52 PM - Avg8 Update
RP977: 10/7/2010 10:06:06 PM - System Checkpoint
RP978: 10/24/2010 10:35:31 PM - System Checkpoint
RP979: 10/26/2010 6:55:35 AM - Software Distribution Service 3.0
RP980: 10/26/2010 7:44:38 PM - Avg8 Update
RP981: 10/26/2010 7:46:22 PM - Avg8 Update
RP982: 10/28/2010 8:24:23 PM - System Checkpoint
RP983: 10/29/2010 10:36:07 PM - System Checkpoint
RP984: 10/30/2010 11:17:18 PM - System Checkpoint
RP985: 11/1/2010 9:49:21 PM - System Checkpoint
RP986: 11/3/2010 8:23:39 PM - System Checkpoint
RP987: 11/4/2010 8:51:51 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP988: 11/4/2010 9:03:26 PM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
RP989: 11/4/2010 9:04:11 PM - Removed Compatibility Pack for the 2007 Office system
RP990: 11/6/2010 1:09:01 PM - System Checkpoint
RP991: 11/7/2010 6:26:38 PM - System Checkpoint
RP992: 11/8/2010 8:29:45 PM - System Checkpoint
RP993: 11/9/2010 9:44:18 PM - System Checkpoint
RP994: 11/11/2010 9:32:30 PM - Software Distribution Service 3.0
RP995: 11/13/2010 11:05:45 AM - System Checkpoint
RP996: 11/14/2010 2:11:38 PM - System Checkpoint
RP997: 11/15/2010 9:00:06 PM - System Checkpoint
RP998: 11/16/2010 9:16:17 PM - System Checkpoint
RP999: 11/17/2010 10:08:59 PM - System Checkpoint
RP1000: 11/19/2010 9:47:13 PM - System Checkpoint
RP1001: 11/20/2010 10:01:49 PM - System Checkpoint
RP1002: 11/21/2010 10:43:52 PM - System Checkpoint
RP1003: 11/22/2010 10:55:33 PM - System Checkpoint
RP1004: 11/24/2010 2:38:39 PM - System Checkpoint
RP1005: 11/24/2010 3:02:38 PM - Installed Compatibility Pack for the 2007 Office system
RP1006: 11/25/2010 11:44:46 AM - Software Distribution Service 3.0
RP1007: 11/26/2010 2:16:55 PM - System Checkpoint
RP1008: 11/27/2010 8:03:14 PM - System Checkpoint
RP1009: 11/29/2010 11:42:50 AM - System Checkpoint
RP1010: 11/30/2010 12:58:52 PM - System Checkpoint
RP1011: 12/1/2010 12:59:36 PM - System Checkpoint
RP1012: 12/2/2010 1:37:49 PM - System Checkpoint
RP1013: 12/3/2010 3:55:21 PM - System Checkpoint
RP1014: 12/4/2010 9:16:28 PM - System Checkpoint
RP1015: 12/5/2010 10:22:46 PM - System Checkpoint
RP1016: 12/6/2010 11:50:27 PM - System Checkpoint
RP1017: 12/8/2010 11:36:35 AM - System Checkpoint
RP1018: 12/9/2010 12:14:53 PM - System Checkpoint
RP1019: 12/10/2010 1:28:05 PM - System Checkpoint
RP1020: 12/11/2010 5:29:26 PM - System Checkpoint
RP1021: 12/12/2010 5:44:29 PM - System Checkpoint
RP1022: 12/13/2010 6:55:35 PM - System Checkpoint
RP1023: 12/14/2010 7:14:23 PM - System Checkpoint
RP1024: 12/15/2010 7:54:21 PM - System Checkpoint
RP1025: 12/16/2010 12:38:15 PM - Software Distribution Service 3.0
RP1026: 12/17/2010 3:46:33 PM - System Checkpoint
RP1027: 12/19/2010 9:36:15 PM - System Checkpoint
RP1028: 12/21/2010 6:01:45 PM - System Checkpoint
RP1029: 12/22/2010 6:06:20 PM - System Checkpoint
RP1030: 12/23/2010 6:08:04 PM - System Checkpoint
RP1031: 12/25/2010 12:14:12 AM - System Checkpoint
RP1032: 12/26/2010 11:55:25 AM - System Checkpoint
==== Installed Programs ======================
µTorrent
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer 2
Adobe Photoshop 7.0
Adobe Reader 9.3.4
ALPS Touch Pad Driver
Apple Software Update
AVG 8.5
biolsp patch
Broadcom TPM Driver Installer
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Content Transfer
Cool FLAC To MP3 Converter 1.0
Critical Update for Windows Media Player 11 (KB959772)
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
ETS Upgrade
FileZilla Client 3.3.2.1
Google Chrome
Google Talk (remove only)
Google Talk Plugin
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huffyuv AVI lossless video codec (Remove Only)
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 7
KhalInstallWrapper
LightScribe 1.4.136.1
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (2.0.0.20)
MSVC80_x86
MSVC80_x86_v2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NTRU Hybrid TSS v2.0.25
NVIDIA Drivers
NWZ-E340 WALKMAN Guide
OGA Notifier 2.0.0048.0
Picasa 3
PowerDVD 5.7
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio Activation Module
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
TeamViewer 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
VLC media player 1.0.2
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XAMPP 1.7.1
==== Event Viewer Messages From Past Week ========
12/24/2010 7:23:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 7:23:33 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Sergei Prigara.
12/24/2010 6:46:30 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut\author.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 6:46:15 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut\author.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 6:45:49 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 6:38:20 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
==== End Of File ===========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by Sergei Prigara at 15:07:36.79 on Sun 12/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1228 [GMT -6:00]
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070330
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {7c5c0f58-e061-457d-9033-77307f5ed00c} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sergei prigara\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Dbonujodivo] rundll32.exe "c:\windows\sphpxpnt.dll",Startup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Lqitefoki] rundll32.exe "c:\windows\aracetuw.dll",Startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sergei~1\applic~1\mozilla\firefox\profiles\vqk11lbx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-1 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-1 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-11-1 297752]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-27 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-27 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-2-27 32377]
=============== Created Last 30 ================
2010-12-26 06:02:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 06:02:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 06:02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-26 00:30:00 -------- d-----w- c:\docume~1\sergei~1\applic~1\SUPERAntiSpyware.com
2010-12-26 00:30:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-26 00:29:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-25 00:45:51 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2010-12-25 00:45:51 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2010-12-25 00:45:08 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2010-12-22 04:32:25 0 ----a-w- c:\windows\Sfapahi.bin
2010-12-22 04:32:24 -------- d-----w- c:\docume~1\sergei~1\locals~1\applic~1\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}
2010-12-15 19:15:58 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 19:15:11 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 17:03:26 -------- d-----w- c:\docume~1\sergei~1\applic~1\AVG8
2010-12-03 23:43:53 -------- d-----w- c:\program files\Cool FLAC To MP3 Converter
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-06-06 17:48:14 3371384 ----a-w- c:\program files\mbam-setup.exe
2008-06-29 04:31:30 56826856 ----a-w- c:\program files\setpoint460.exe
============= FINISH: 15:08:47.92 ===============
-
P2P - I see you have P2P software installed on your machine (µTorrent ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***********************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 8.5
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.4
Out of date Adobe Reader installed!
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
I am not able to run ComboFix because of AVG 8.5.449 version on my machine. I tried to disable it but was only able to disable Web Shield, Resident Shield and Link Scanner. E-mail Scanner, Anti-Rootkit, Anti-Spyware and Anti-Virus are still active and I can't disable them even though I followed instructions. I tried to uninstall AVG but I am unable to do so - getting the following error.
Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005
-
ComboFix will not run with AVG on the computer. Your AVG is way out of date. I suggest you download a new one from the list below, install it and then run the AVG Removal tool below. I would recommend MicroSoft Security Essentials.
Before we continue download and install a free antivirus.
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_XP_d6243.html)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**********************************************
AVG Antivirus - AVG Antivirus Remover utility (http://www.avg.com/download-tools)
*************************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)
Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.
Once old versions are gone, please install the newest version.
*****************************************************
Now please try to run ComboFix and post the log.
-
Hi SuperDave,
The link "Microsoft Security Essentials for Windows XP" doesn't work. I have Win XP on my machine.
Thanks.
-
Sorry. Here is the correct one.
Microsoft Security Essentials for Windows XP (http://majorgeeks.com/compatibility8066.html)
-
when I click the link it prompts me to this page http://majorgeeks.com/compatibility8066.html but there's no actual button or link to download.
please,advise. thank you.
-
but there's no actual button or link to download.
When you're right, you're right. There's something wrong with Majorgeeks' site. Here's the MS site where you download the correct version
http://www.microsoft.com/security_essentials/default.aspx
-
Hi SuperDave,
How do I run CCleaner ?
Thanks.
-
Download CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim) and save it to your Desktop - Alternate download link (http://www.majorgeeks.com/CCleaner_Slim_No_Toolbar_d4191.html)
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes.[/I] Exit CCleaner after it has completed it's process.
-
Hi SuperDave,
Thanks for your help with CCleaner.
Please find ComboFix log below.
ComboFix 10-12-26.01 - Sergei Prigara 12/30/2010 21:44:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1378 [GMT -6:00]
Running from: c:\documents and settings\Sergei Prigara\Desktop\commy.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\chrome.manifest
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\chrome\content\_cfg.js
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\chrome\content\overlay.xul
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\install.rdf
C:\IE8-WI~1.EXE
c:\windows\system32\Oeminfo.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.
2010-12-31 02:38 . 2010-12-31 02:38 -------- d-----w- c:\program files\CCleaner
2010-12-30 03:40 . 2010-11-13 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-30 03:40 . 2010-11-13 00:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-30 03:02 . 2010-11-10 02:33 6273872 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47AD4A16-81CF-4E19-843D-A623F5E01B7B}\mpengine.dll
2010-12-30 03:02 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-30 01:56 . 2010-12-30 02:57 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-28 01:03 . 2010-12-28 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-26 06:02 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 06:02 . 2010-12-26 06:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-26 06:02 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 00:30 . 2010-12-26 00:30 -------- d-----w- c:\documents and settings\Sergei Prigara\Application Data\SUPERAntiSpyware.com
2010-12-26 00:30 . 2010-12-26 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-26 00:29 . 2010-12-26 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-25 00:45 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2010-12-25 00:45 . 2004-08-04 10:00 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2010-12-25 00:45 . 2003-03-24 22:52 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2010-12-22 04:32 . 2010-12-23 06:24 0 ----a-w- c:\windows\Sfapahi.bin
2010-12-15 19:15 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 19:15 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 17:03 . 2010-12-14 17:03 -------- d-----w- c:\documents and settings\Sergei Prigara\Application Data\AVG8
2010-12-03 23:43 . 2010-12-03 23:43 -------- d-----w- c:\program files\Cool FLAC To MP3 Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2004-08-11 23:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 22:34 . 2008-07-25 02:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-06 00:26 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-11 23:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-11 23:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-25 03:25 . 2010-10-25 03:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-06-06 17:48 . 2009-06-06 17:48 3371384 ----a-w- c:\program files\mbam-setup.exe
2008-06-29 04:31 . 2008-06-29 04:31 56826856 ----a-w- c:\program files\setpoint460.exe
2008-12-17 21:59 . 2009-11-02 05:13 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 21:59 . 2009-11-02 05:13 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 21:59 . 2009-11-02 05:13 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 21:59 . 2009-11-02 05:13 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 21:59 . 2009-11-02 05:13 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-03 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-02 417792]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Documents and Settings\\Sergei Prigara\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/9/2008 5:10 PM 24636]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 1:55 PM 7882]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/27/2010 8:56 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2/27/2010 8:56 PM 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2/27/2010 7:21 PM 32377]
.
Contents of the 'Scheduled Tasks' folder
2010-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005Core.job
- c:\documents and settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40]
2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005UA.job
- c:\documents and settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-*CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-Dbonujodivo - c:\windows\sphpxpnt.dll
HKLM-Run-Lqitefoki - c:\windows\aracetuw.dll
Notify-avgrsstarter - avgrsstx.dll
AddRemove-InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 21:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC2F378D-3371-11F1-C66B-6FA2D3FFA350}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafplbalkmabgficgi"=hex:69,61,6c,66,70,6d,6d,64,65,70,63,61,6b,66,63,61,70,68,
00,00
"hahonaclildhmomj"=hex:69,61,6c,66,70,6d,6d,64,65,70,63,61,6b,66,63,61,70,68,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(8868)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-12-30 21:55:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-31 03:55
Pre-Run: 72,215,674,880 bytes free
Post-Run: 72,131,633,152 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E63D36F80BD0FA9D8E5B303E3B18ABF7
-
* Download the following tool: RootRepeal - Rootkit Detector (http://rootrepeal.googlepages.com/)
* Direct download link is here: RootRepeal.zip (http://rootrepeal.googlepages.com/RootRepeal.zip)
* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of such programs and how to disable them.
* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
***************************************
-
Hi SuperDave,
Please find RootRepeal log below.
Thank you
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/01/01 18:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\SERGEI~1\LOCALS~1\Temp\catchme.sys
Address: 0xBA3B8000 Size: 31744 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB64ED000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA660000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA5E6000 Size: 7872 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB39F1000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\documents and settings\all users\application data\microsoft\microsoft antimalware\support\mpwpptracing-12302010-214943-00000003-ffffffff.bin
Status: Allocation size mismatch (API: 4194304, Raw: 2097152)
Path: C:\Documents and Settings\Sergei Prigara\Local Settings\Apps\2.0\P5XV2HOZ.06D\CA82H1C5.02A\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Sergei Prigara\Local Settings\Apps\2.0\P5XV2HOZ.06D\CA82H1C5.02A\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!
==EOF==
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi SuperDave,
I wasn't presented with the option "List of found threats" so I guess all OK now....? I went and copied content of logfile from C:\Program Files\ESET\ESET Online Scanner\log.txt . Please,see below.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=cbbc7935b4a69044b2afaad39ce1b0cf
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-02 09:41:03
# local_time=2011-01-02 03:41:03 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 0 5101448 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=86919
# found=0
# cleaned=0
# scan_time=4279
-
That's looks good. If there are no other issues, let's do some cleanup.
You may keep SAS and MBAM. Update them and run them on a regular basis.
All the others can be uninstalled or deleted.
Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt
You may encounter a folder that refuses to be deleted. In that case, clean out all the files that you can in that folder and leave it. Or, you can download and install Unlocker (http://download.cnet.com/Unlocker/3000-2248_4-10493998.html?tag=mncol;pop) and delete it.
To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.
To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give you a new, clean Restore Point.
****************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Hi SuperDave,
I have encountered a folder (it's empty and it's in my recycle bin) and I am not able to delete it from there:
Dc53 - folder name
Also, I have Windows XP firewall which is not good. Which one you suggest from the list you sent me?
thanks a lot
-
Also, I am using Google Chrome. Which addon you will recommend? - Web of Trust or Spywareblaster...?
-
I have encountered a folder (it's empty and it's in my recycle bin) and I am not able to delete it from there:
Dc53 - folder name
You can download and install Unlocker (http://download.cnet.com/Unlocker/3000-2248_4-10493998.html)
and try to delete it with that. What happens when you hit the "Empty recycling bin"?
Also, I have Windows XP firewall which is not good. Which one you suggest from the list you sent me?
The only one I have experience with is Comodo. It's a little bit overbearing at first but it gets better after a bit. One thing I do when trying to install a new program is to disable it and enable the Windows Firewall because it can turn a 2 mins. job into 30 mins. of swearing. But, that's the price we have to pay for security. Compare it to the body scans and pat-downs at the airport. LOL.
Also, I am using Google Chrome. Which addon you will recommend? - Web of Trust or Spywareblaster...?
Both. They both do different jobs.
-
You can download and install Unlocker (http://download.cnet.com/Unlocker/3000-2248_4-10493998.html)
and try to delete it with that. What happens when you hit the "Empty recycling bin"?
I tried Unlocker and it didn't work. When I hit delete from recycle bin I get a pop up message "Cannot remove folder Dc55: Access is denied. Make sure the disk is not full or write protected"
I also started getting Java related message saying: "Computer encountered a problem with jereud.exe..."(I don't remember exact file name, next time I'll write it down)
-
I am not able to install Comodo - it says "This installation doesn't support target platform".
-
I am not able to install Comodo - it says "This installation doesn't support target platform".
Check you got the right version for your version of Windows (64 or 32 bit).
-
Check you got the right version for your version of Windows (64 or 32 bit).
hope you dont mind but dave is giving the op advice
-
32 bit
-
please, see printscreen of an error message I am getting.
[recovering disk space - old attachment deleted by admin]
-
"You can download and install Unlocker
and try to delete it with that. What happens when you hit the "Empty recycling bin"?
I tried Unlocker and it didn't work. When I hit delete from recycle bin I get a pop up message "Cannot remove folder Dc55: Access is denied. Make sure the disk is not full or write protected"
-
Now I have one more problem - I am unable to launch Skype.
-
Do I need Microsoft Security Essentials since I already have SAS and MalwareBytes ?
-
Is it Dc53 or Dc55? Right-click on that file and click Propterties and tell me about this folder.
Do I need Microsoft Security Essentials since I already have SAS and MalwareBytes
MicroSoft Security Essentials is you anti-virus program. You certainly need one AV program on your computer. SAS and MBAM are for malware, spyware etc. and they are not full-time scanners. You will need to initiate the scans with those two.
Now I have one more problem - I am unable to launch Skype.
Try reinstalling the program.
-
1.
Now I have one more problem - I am unable to launch Skype.
I was able to resolve this by turning off Windows XP Firewall.
2. Do I need Microsoft Security Essentials since I already have SAS and MalwareBytes
Understood. Thank you.
3. Is it Dc53 or Dc55? Right-click on that file and click Propterties and tell me about this folder.
Please, see printscreen attached.
4. I am not able to install Comodo - it says "This installation doesn't support target platform".
I am running WinXP 32.
5. I started getting an error message "jusched.exe encountered a problem and needs to close".
Please, see printscreen attached.
[recovering disk space - old attachment deleted by admin]
-
I am not able to install Comodo - it says "This installation doesn't support target platform".
Are you quite certain that you didn't download the 64 bit one? Try downloading it again.
I started getting an error message "jusched.exe encountered a problem and needs to close".
Please, see printscreen attached.
Please try this (http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/) and see if it gets rid of the error.
-
Are you quite certain that you didn't download the 64 bit one? Try downloading it again.
You are right. My mistake. I downloaded 64 one from http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html
There's no 32 version there. Can you give me the safe link where I can download 32 one from. Thanks.
-
Can you give me the safe link where I can download 32 one from. Thanks
Just go to that link and choose "download @ author's site"
-
1. I was able to download and install COMODO from cfw_installer_x86 which was the file at "download @ author's site". I am not sure if this 32 version but it works for now.
2. "You can download and install Unlocker
and try to delete it with that. What happens when you hit the "Empty recycling bin"?
I tried Unlocker and it didn't work. When I hit delete from recycle bin I get a pop up message "Cannot remove folder Dc55: Access is denied. Make sure the disk is not full or write protected"
Thanks SuperDave
-
I am not sure if this 32 version but it works for now.
That's the one.
I tried Unlocker and it didn't work. When I hit delete from recycle bin I get a pop up message "Cannot remove folder Dc55: Access is denied. Make sure the disk is not full or write protected"
I found this (http://www.pctools.com/forum/showthread.php?t=34334) just after I posted my reply. The same folder.
Sorry. I fixed it. Please try again.
-
I found this just after I posted my reply. The same folder.
Sorry, can you give me the full link - I am getting "Google Chrome could not find http".
Thanks.
-
I fixed it. Please try again.
-
Start a command prompt (cmd.exe) - done.
Move to the Recycler folder - how do I do that? Should I do it in cmd.exe window ?
Enter the command - "attrib -h *.*" is it the exact command ?
attrib -h *.*
Delete the file
Restart the computer
-
Take a look at this:
http://forums.techarena.in/windows-xp-support/990228.htm
-
I did those steps mentioned at http://forums.techarena.in/windows-xp-support/990228.htm and was able to get rid of this Dc 55 empty folder in my recycle bin HOWEVER I started having the following issues with my recycle bin:
1. When I restart my machine, I get " Recycle Bin on drive C: is corrupted. Do you want to empty the recycle bin for this drive?"
2. The recycle bin remains empty even though I unchecked " Don't move files to the Recycle Bin. Remove files immediately when deleted" option in the properties.
I downloaded and run latest Service Pack 3 but it didn't fix the issue. Also Googled some advice which didn't help.
I know this is a different topic, SuperDave. I appreciate all your help with the previous issue which HAS BEEN RESOLVED. Now , should I start a different thread on this ?
P.S. Some folks believe this may be due to INFO2 file corruption. I tried to look it up on my machine but didn't find it.
-
I know this is a different topic, SuperDave. I appreciate all your help with the previous issue which HAS BEEN RESOLVED. Now , should I start a different thread on this ?
Why not delete all the recycling bins from each drive.(Follow the directions in the link). If that doesn't work, start a new thread in the appropriate forum for you OS, not this forum. Good luck.