Author Topic: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND (Read 20333 times)

810311 · « **on:** December 24, 2010, 09:15:14 PM »

Hello good people,

I would appreciate your advice on the following. The sequence of events are as they happened.

SYMPTOMS:

- Trojan Horse Back Door YY13 was detected and cured by AVG as well as another Trojan was detected and removed by Malwarebytes (I have attached Malwarebytes log - AVG log doesn't show any threat detected and removed for some reason).

- My Google Chrome icon changed to a blank icon (like exe file) and I wasn't able to launch Chrome. I found info on the internet saying it could be due to conflict between AVG and Chrome. So I went to AVG and revert to previous settings as was advised. That allowed me to uninstall Chrome and install it again. For now Chrome seems to run OK.

- Now I keep receiving two system messages after each start up:

RUNDLL: Error loading C:\WINDOWS\sphpxpnt.dll - The specified module could not be found.

RUNDLL: Error loading C:\WINDOWS\aracetuw.dll - The specified module could not be found.

Please, see screenshot of the error and Malwarebytes log attached. Please, let me know if I should follow any of the steps outlined at
http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095 (Computer Hope Virus and Spyware section Guidelines) e.g. I am not sure if I have firewall installed.

Thanks for your time and effort.

[recovering disk space - old attachment deleted by admin]

SuperDave · « **Reply #1 on:** December 25, 2010, 10:37:10 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
The MBAM log is an from an old version of MBAM. Please uninstall it, download and run a new scan with this:
Please do not attach your logs unless absolutely necessary. Copy and paste them.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

810311 · « **Reply #2 on:** December 26, 2010, 02:19:27 PM »

Hello SuperDave,

Please, find below logs requested.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/25/2010 at 07:55 PM

Application Version : 4.47.1000

Core Rules Database Version : 6069
Trace Rules Database Version: 3881

Scan type : Complete Scan
Total Scan Time : 01:17:03

Memory items scanned : 624
Memory threats detected : 0
Registry items scanned : 7384
Registry threats detected : 0
File items scanned : 83329
File threats detected : 182

Adware.Tracking Cookie
   C:\Documents and Settings\Sergei Prigara\Cookies\[email protected][1].txt
   adknowledge.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   ads1.msn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   bc.youporn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   cdn-www.pornhub.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   cdn4.specificclick.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   googleads.g.doubleclick.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   ia.media-imdb.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   interclick.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   macromedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   media.mtvnservices.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   media.scanscout.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   media.socialvibe.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   media.tattomedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   media01.isagenix.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   media01.kyte.tv [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   msnbcmedia.msn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   msntest.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   multimedia.metacafe [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   naiadsystems.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   objects.tremormedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   s0.2mdn.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   secure-it.imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   static.xxxmatch.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   static.youporn.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   track.trackads.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   trackads.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   udn.specificclick.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   vitamine.networldmedia.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   www.alphaporno.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   www.naiadsystems.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   www.pornhub.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   yieldmanager.edgesuite.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Macromedia\Flash Player\#SharedObjects\R3HBP9BD ]
   .apmebf.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .smileycentral.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .smileycentral.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .starmedia.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .tripod.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .adserver.easyad.info [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .adserver.easyad.info [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .bnbfinder.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .try.starware.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .www3.addfreestats.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .crackle.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .partypoker.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .www.addfreestats.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .keywordmax.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .keywordmax.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .rocku.adbureau.net [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .sexyyorkgirl.sparkusers.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .www.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .eas.apm.emediate.eu [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .eas.apm.emediate.eu [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .eas.apm.emediate.eu [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .sitestats.ets.org [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .stats.clicktracks.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .fr.sitestat.com [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\cookies.txt ]
   .collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User
   ads.crakmedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.pornhub.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

   delivery.staging.trafficjunky.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   pixel.invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .workopolis.122.2o7.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .bellcan.adbureau.net [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5396

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2010 12:38:30 PM
mbam-log-2010-12-26 (12-38-30).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 231835
Time elapsed: 1 hour(s), 2 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1019\A0133090.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1019\A0133091.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1019\A0133092.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1022\A0134076.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1022\A0134077.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2007 7:55:36 PM
System Uptime: 12/26/2010 12:40:38 PM (3 hours ago)

Motherboard: Dell Inc. | | 0JF242
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1994/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 64.133 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP971: 9/28/2010 6:21:51 PM - System Checkpoint
RP972: 9/29/2010 7:56:08 PM - Software Distribution Service 3.0
RP973: 10/1/2010 8:48:42 PM - System Checkpoint
RP974: 10/3/2010 12:02:49 PM - Software Distribution Service 3.0
RP975: 10/4/2010 11:23:56 PM - System Checkpoint
RP976: 10/6/2010 7:40:52 PM - Avg8 Update
RP977: 10/7/2010 10:06:06 PM - System Checkpoint
RP978: 10/24/2010 10:35:31 PM - System Checkpoint
RP979: 10/26/2010 6:55:35 AM - Software Distribution Service 3.0
RP980: 10/26/2010 7:44:38 PM - Avg8 Update
RP981: 10/26/2010 7:46:22 PM - Avg8 Update
RP982: 10/28/2010 8:24:23 PM - System Checkpoint
RP983: 10/29/2010 10:36:07 PM - System Checkpoint
RP984: 10/30/2010 11:17:18 PM - System Checkpoint
RP985: 11/1/2010 9:49:21 PM - System Checkpoint
RP986: 11/3/2010 8:23:39 PM - System Checkpoint
RP987: 11/4/2010 8:51:51 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP988: 11/4/2010 9:03:26 PM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
RP989: 11/4/2010 9:04:11 PM - Removed Compatibility Pack for the 2007 Office system
RP990: 11/6/2010 1:09:01 PM - System Checkpoint
RP991: 11/7/2010 6:26:38 PM - System Checkpoint
RP992: 11/8/2010 8:29:45 PM - System Checkpoint
RP993: 11/9/2010 9:44:18 PM - System Checkpoint
RP994: 11/11/2010 9:32:30 PM - Software Distribution Service 3.0
RP995: 11/13/2010 11:05:45 AM - System Checkpoint
RP996: 11/14/2010 2:11:38 PM - System Checkpoint
RP997: 11/15/2010 9:00:06 PM - System Checkpoint
RP998: 11/16/2010 9:16:17 PM - System Checkpoint
RP999: 11/17/2010 10:08:59 PM - System Checkpoint
RP1000: 11/19/2010 9:47:13 PM - System Checkpoint
RP1001: 11/20/2010 10:01:49 PM - System Checkpoint
RP1002: 11/21/2010 10:43:52 PM - System Checkpoint
RP1003: 11/22/2010 10:55:33 PM - System Checkpoint
RP1004: 11/24/2010 2:38:39 PM - System Checkpoint
RP1005: 11/24/2010 3:02:38 PM - Installed Compatibility Pack for the 2007 Office system
RP1006: 11/25/2010 11:44:46 AM - Software Distribution Service 3.0
RP1007: 11/26/2010 2:16:55 PM - System Checkpoint
RP1008: 11/27/2010 8:03:14 PM - System Checkpoint
RP1009: 11/29/2010 11:42:50 AM - System Checkpoint
RP1010: 11/30/2010 12:58:52 PM - System Checkpoint
RP1011: 12/1/2010 12:59:36 PM - System Checkpoint
RP1012: 12/2/2010 1:37:49 PM - System Checkpoint
RP1013: 12/3/2010 3:55:21 PM - System Checkpoint
RP1014: 12/4/2010 9:16:28 PM - System Checkpoint
RP1015: 12/5/2010 10:22:46 PM - System Checkpoint
RP1016: 12/6/2010 11:50:27 PM - System Checkpoint
RP1017: 12/8/2010 11:36:35 AM - System Checkpoint
RP1018: 12/9/2010 12:14:53 PM - System Checkpoint
RP1019: 12/10/2010 1:28:05 PM - System Checkpoint
RP1020: 12/11/2010 5:29:26 PM - System Checkpoint
RP1021: 12/12/2010 5:44:29 PM - System Checkpoint
RP1022: 12/13/2010 6:55:35 PM - System Checkpoint
RP1023: 12/14/2010 7:14:23 PM - System Checkpoint
RP1024: 12/15/2010 7:54:21 PM - System Checkpoint
RP1025: 12/16/2010 12:38:15 PM - Software Distribution Service 3.0
RP1026: 12/17/2010 3:46:33 PM - System Checkpoint
RP1027: 12/19/2010 9:36:15 PM - System Checkpoint
RP1028: 12/21/2010 6:01:45 PM - System Checkpoint
RP1029: 12/22/2010 6:06:20 PM - System Checkpoint
RP1030: 12/23/2010 6:08:04 PM - System Checkpoint
RP1031: 12/25/2010 12:14:12 AM - System Checkpoint
RP1032: 12/26/2010 11:55:25 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer 2
Adobe Photoshop 7.0
Adobe Reader 9.3.4
ALPS Touch Pad Driver
Apple Software Update
AVG 8.5
biolsp patch
Broadcom TPM Driver Installer
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Content Transfer
Cool FLAC To MP3 Converter 1.0
Critical Update for Windows Media Player 11 (KB959772)
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
ETS Upgrade
FileZilla Client 3.3.2.1
Google Chrome
Google Talk (remove only)
Google Talk Plugin
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huffyuv AVI lossless video codec (Remove Only)
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 7
KhalInstallWrapper
LightScribe 1.4.136.1
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (2.0.0.20)
MSVC80_x86
MSVC80_x86_v2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NTRU Hybrid TSS v2.0.25
NVIDIA Drivers
NWZ-E340 WALKMAN Guide
OGA Notifier 2.0.0048.0
Picasa 3
PowerDVD 5.7
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio Activation Module
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
TeamViewer 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
VLC media player 1.0.2
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XAMPP 1.7.1

==== Event Viewer Messages From Past Week ========

12/24/2010 7:23:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 7:23:33 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Sergei Prigara.
12/24/2010 6:46:30 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut\author.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 6:46:15 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut\author.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 6:45:49 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/24/2010 6:38:20 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

==== End Of File ===========================

DDS (Ver_10-12-12.02) - NTFSx86
Run by Sergei Prigara at 15:07:36.79 on Sun 12/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1228 [GMT -6:00]

AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergei Prigara\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070330
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {7c5c0f58-e061-457d-9033-77307f5ed00c} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sergei prigara\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Dbonujodivo] rundll32.exe "c:\windows\sphpxpnt.dll",Startup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Lqitefoki] rundll32.exe "c:\windows\aracetuw.dll",Startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sergei~1\applic~1\mozilla\firefox\profiles\vqk11lbx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-1 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-1 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-11-1 297752]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-27 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-27 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-2-27 32377]

=============== Created Last 30 ================

2010-12-26 06:02:46   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 06:02:43   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-26 06:02:43   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-12-26 00:30:00   --------   d-----w-   c:\docume~1\sergei~1\applic~1\SUPERAntiSpyware.com
2010-12-26 00:30:00   --------   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-26 00:29:41   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-12-25 00:45:51   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
2010-12-25 00:45:51   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
2010-12-25 00:45:08   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
2010-12-22 04:32:25   0   ----a-w-   c:\windows\Sfapahi.bin
2010-12-22 04:32:24   --------   d-----w-   c:\docume~1\sergei~1\locals~1\applic~1\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}
2010-12-15 19:15:58   40960   ------w-   c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 19:15:11   45568   ------w-   c:\windows\system32\dllcache\wab.exe
2010-12-14 17:03:26   --------   d-----w-   c:\docume~1\sergei~1\applic~1\AVG8
2010-12-03 23:43:53   --------   d-----w-   c:\program files\Cool FLAC To MP3 Converter

==================== Find3M ====================

2010-11-18 18:12:44   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-12 18:46:58   4280320   ----a-w-   c:\windows\system32\GPhotos.scr
2010-11-06 00:26:58   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-06 00:26:58   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54   385024   ----a-w-   c:\windows\system32\html.iec
2010-10-28 13:13:22   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25:00   1853312   ----a-w-   c:\windows\system32\win32k.sys
2009-06-06 17:48:14   3371384   ----a-w-   c:\program files\mbam-setup.exe
2008-06-29 04:31:30   56826856   ----a-w-   c:\program files\setpoint460.exe

============= FINISH: 15:08:47.92 ===============

SuperDave · « **Reply #3 on:** December 26, 2010, 04:57:57 PM »

P2P - I see you have P2P software installed on your machine (µTorrent ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***********************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

810311 · « **Reply #4 on:** December 27, 2010, 11:53:21 AM »

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 8.5
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.4
Out of date Adobe Reader installed!
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

I am not able to run ComboFix because of AVG 8.5.449 version on my machine. I tried to disable it but was only able to disable Web Shield, Resident Shield and Link Scanner. E-mail Scanner, Anti-Rootkit, Anti-Spyware and Anti-Virus are still active and I can't disable them even though I followed instructions. I tried to uninstall AVG but I am unable to do so - getting the following error.

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

SuperDave · « **Reply #5 on:** December 27, 2010, 12:34:59 PM »

ComboFix will not run with AVG on the computer. Your AVG is way out of date. I suggest you download a new one from the list below, install it and then run the AVG Removal tool below. I would recommend MicroSoft Security Essentials.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**********************************************
AVG Antivirus - AVG Antivirus Remover utility

*************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
*****************************************************
Now please try to run ComboFix and post the log.

810311 · « **Reply #6 on:** December 27, 2010, 05:12:33 PM »

Hi SuperDave,

The link "Microsoft Security Essentials for Windows XP" doesn't work. I have Win XP on my machine.

Thanks.

SuperDave · « **Reply #7 on:** December 28, 2010, 04:19:10 PM »

Sorry. Here is the correct one.
Microsoft Security Essentials for Windows XP

810311 · « **Reply #8 on:** December 28, 2010, 05:45:56 PM »

when I click the link it prompts me to this page http://majorgeeks.com/compatibility8066.html but there's no actual button or link to download.

please,advise. thank you.

SuperDave · « **Reply #9 on:** December 29, 2010, 12:35:55 PM »

Quote

but there's no actual button or link to download.

When you're right, you're right. There's something wrong with Majorgeeks' site. Here's the MS site where you download the correct version
http://www.microsoft.com/security_essentials/default.aspx

810311 · « **Reply #10 on:** December 29, 2010, 07:51:10 PM »

Hi SuperDave,

How do I run CCleaner ?

Thanks.

SuperDave · « **Reply #11 on:** December 30, 2010, 12:26:30 PM »

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes.[/I] Exit CCleaner after it has completed it's process.

810311 · « **Reply #12 on:** December 30, 2010, 08:12:49 PM »

Hi SuperDave,

Thanks for your help with CCleaner.

Please find ComboFix log below.

ComboFix 10-12-26.01 - Sergei Prigara 12/30/2010 21:44:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1378 [GMT -6:00]
Running from: c:\documents and settings\Sergei Prigara\Desktop\commy.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\chrome.manifest
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\chrome\content\_cfg.js
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\chrome\content\overlay.xul
c:\documents and settings\Sergei Prigara\Local Settings\Application Data\{4DB65C6D-6C59-47BA-86AD-36311D7161E4}\install.rdf
C:\IE8-WI~1.EXE
c:\windows\system32\Oeminfo.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-31 02:38 . 2010-12-31 02:38   --------   d-----w-   c:\program files\CCleaner
2010-12-30 03:40 . 2010-11-13 00:53   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-12-30 03:40 . 2010-11-13 00:53   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-30 03:02 . 2010-11-10 02:33   6273872   ------w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47AD4A16-81CF-4E19-843D-A623F5E01B7B}\mpengine.dll
2010-12-30 03:02 . 2010-10-19 16:41   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-12-30 01:56 . 2010-12-30 02:57   --------   d-----w-   c:\program files\Microsoft Security Client
2010-12-28 01:03 . 2010-12-28 01:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2010-12-26 06:02 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 06:02 . 2010-12-26 06:02   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-12-26 06:02 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-26 00:30 . 2010-12-26 00:30   --------   d-----w-   c:\documents and settings\Sergei Prigara\Application Data\SUPERAntiSpyware.com
2010-12-26 00:30 . 2010-12-26 00:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-26 00:29 . 2010-12-26 00:30   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-12-25 00:45 . 2004-08-04 10:00   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
2010-12-25 00:45 . 2004-08-04 10:00   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
2010-12-25 00:45 . 2003-03-24 22:52   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
2010-12-22 04:32 . 2010-12-23 06:24   0   ----a-w-   c:\windows\Sfapahi.bin
2010-12-15 19:15 . 2010-11-02 15:17   40960   ------w-   c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 19:15 . 2010-10-11 14:59   45568   ------w-   c:\windows\system32\dllcache\wab.exe
2010-12-14 17:03 . 2010-12-14 17:03   --------   d-----w-   c:\documents and settings\Sergei Prigara\Application Data\AVG8
2010-12-03 23:43 . 2010-12-03 23:43   --------   d-----w-   c:\program files\Cool FLAC To MP3 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2004-08-11 23:12   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-12 22:34 . 2008-07-25 02:34   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-11-12 18:46 . 2010-11-12 18:46   4280320   ----a-w-   c:\windows\system32\GPhotos.scr
2010-11-06 00:26 . 2004-08-11 23:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-11 23:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-11 23:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-11 23:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-11 23:00   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 23:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-11 23:00   1853312   ----a-w-   c:\windows\system32\win32k.sys
2010-10-25 03:25 . 2010-10-25 03:25   165264   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2009-06-06 17:48 . 2009-06-06 17:48   3371384   ----a-w-   c:\program files\mbam-setup.exe
2008-06-29 04:31 . 2008-06-29 04:31   56826856   ----a-w-   c:\program files\setpoint460.exe
2008-12-17 21:59 . 2009-11-02 05:13   67688   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 21:59 . 2009-11-02 05:13   54368   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 21:59 . 2009-11-02 05:13   34944   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 21:59 . 2009-11-02 05:13   46712   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 21:59 . 2009-11-02 05:13   172136   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-03 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-02 417792]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Documents and Settings\\Sergei Prigara\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/9/2008 5:10 PM 24636]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 1:55 PM 7882]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/27/2010 8:56 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2/27/2010 8:56 PM 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2/27/2010 7:21 PM 32377]
.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005Core.job
- c:\documents and settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005UA.job
- c:\documents and settings\Sergei Prigara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 04:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-Dbonujodivo - c:\windows\sphpxpnt.dll
HKLM-Run-Lqitefoki - c:\windows\aracetuw.dll
Notify-avgrsstarter - avgrsstx.dll
AddRemove-InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC2F378D-3371-11F1-C66B-6FA2D3FFA350}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafplbalkmabgficgi"=hex:69,61,6c,66,70,6d,6d,64,65,70,63,61,6b,66,63,61,70,68,
00,00
"hahonaclildhmomj"=hex:69,61,6c,66,70,6d,6d,64,65,70,63,61,6b,66,63,61,70,68,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(8868)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-12-30 21:55:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-31 03:55

Pre-Run: 72,215,674,880 bytes free
Post-Run: 72,131,633,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E63D36F80BD0FA9D8E5B303E3B18ABF7

SuperDave · « **Reply #13 on:** December 31, 2010, 01:28:47 PM »

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
***************************************

810311 · « **Reply #14 on:** January 01, 2011, 05:12:53 PM »

Hi SuperDave,

Please find RootRepeal log below.

Thank you

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/01/01 18:43
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\SERGEI~1\LOCALS~1\Temp\catchme.sys
Address: 0xBA3B8000   Size: 31744   File Visible: No   Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB64ED000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA660000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA5E6000   Size: 7872   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB39F1000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\microsoft\microsoft antimalware\support\mpwpptracing-12302010-214943-00000003-ffffffff.bin
Status: Allocation size mismatch (API: 4194304, Raw: 2097152)

Path: C:\Documents and Settings\Sergei Prigara\Local Settings\Apps\2.0\P5XV2HOZ.06D\CA82H1C5.02A\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sergei Prigara\Local Settings\Apps\2.0\P5XV2HOZ.06D\CA82H1C5.02A\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

==EOF==

Computer Hope Forum

News:

Author Topic: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND (Read 20333 times)

810311

ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

SuperDave

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

810311

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

SuperDave

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

810311

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

SuperDave

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

810311

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

SuperDave

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

810311

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

SuperDave

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

810311

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

SuperDave

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

810311

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

SuperDave

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND

810311

Re: ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND