Solved recycle bin on drive C: is corrupted

broni · 2011/01/24

Good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

810311 · 2011/01/24

I am getting the following OTL response:

"Cannot create C:\........\cmd.bat "

broni · 2011/01/24

Disable your AV program and try again.

810311 · 2011/01/24

they are disabled. I am gonna try again.

broni · 2011/01/24

Ok...

810311 · 2011/01/24

OTL logfile created on: 1/24/2011 9:08:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Sergei Prigara\My Documents\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.10 Gb Total Space | 67.32 Gb Free Space | 72.32% Space Free | Partition Type: NTFS

Computer Name: DG3X5RC1 | User Name: Sergei Prigara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/24 20:46:01 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sergei Prigara\My Documents\downloads\OTL.exe
PRC - [2011/01/13 16:01:32 | 001,771,288 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/01/07 21:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/01/04 11:05:06 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/07/30 15:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/12/09 17:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/09/08 07:32:54 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/09/05 09:09:10 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe
PRC - [2006/06/29 11:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 11:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/06/12 09:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/07 12:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 14:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/28 21:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe

========== Modules (SafeList) ==========

MOD - [2011/01/24 20:46:01 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sergei Prigara\My Documents\downloads\OTL.exe
MOD - [2011/01/24 20:19:13 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 16:01:32 | 001,771,288 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/12/09 17:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/09/05 09:09:10 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2006/06/29 11:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/06/12 09:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe)

810311 · 2011/01/24

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/01/13 16:01:42 | 000,094,784 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/01/13 16:01:42 | 000,027,576 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/01/13 16:01:41 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/12/30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 09:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 09:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/28 14:23:36 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/11/23 02:45:24 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/29 08:56:19 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\prodigy.sys -- (PRODIGY)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/19 08:14:00 | 003,595,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/09 14:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/10 09:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 18:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/06/15 13:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTKCMOS.sys -- (GTKCMOS)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070330
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070330

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070330
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070330
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..browser.startup.homepage: "http://today.ask.com/dvdvideosoft?o=13162&l=dis "

FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/14 19:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/30 21:02:43 | 000,000,000 | ---D | M]

[2011/01/03 15:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\extensions
[2010/03/18 21:18:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/20 22:49:21 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2011/01/03 15:34:57 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\Sergei Prigara\Application Data\Mozilla\Firefox\Profiles\vqk11lbx.default\extensions\DefaultManager@Microsoft
[2010/12/29 21:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/26 23:46:48 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2009/11/26 23:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}-trash
[2010/12/29 21:40:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/11/01 23:13:40 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/12 21:28:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/12/17 15:59:30 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/17 15:59:31 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/17 15:59:32 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/17 15:59:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/17 15:59:35 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/24 20:18:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (29568483305979904)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 20:05:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/23 19:15:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/23 19:03:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/23 19:02:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/23 14:53:37 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Sergei Prigara\Desktop\remover.exe
[2011/01/12 21:31:33 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/01/12 18:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/08 21:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/01/07 16:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/07 16:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/07 16:00:27 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/01/07 15:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/01/07 15:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/01/07 15:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/01/06 16:36:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/01/03 15:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/03 15:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/12/30 22:27:03 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2010/12/30 21:43:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/30 21:09:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/30 21:09:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/30 21:09:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/30 21:08:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/30 20:42:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sergei Prigara\Recent
[2010/12/29 21:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/29 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/12/29 01:42:04 | 000,285,480 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/12/29 01:41:28 | 000,094,784 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010/12/29 01:41:28 | 000,027,576 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010/12/29 01:41:26 | 000,239,368 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2010/12/29 01:41:26 | 000,015,592 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2010/12/27 19:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/26 00:02:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/26 00:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/26 00:02:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/26 00:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/06 11:48:14 | 003,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/06/28 22:31:27 | 056,826,856 | ---- | C] (Logitech Inc. ) -- C:\Program Files\setpoint460.exe

========== Files - Modified Within 30 Days ==========

[2011/01/24 20:43:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005UA.job
[2011/01/24 20:39:01 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/24 20:19:41 | 000,464,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/24 20:19:40 | 000,081,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/24 20:18:14 | 000,023,592 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/01/24 20:18:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2011/01/24 20:18:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/24 20:17:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/24 20:13:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/24 20:13:11 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/24 19:43:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2035379329-1741775744-3220261347-1005Core.job
[2011/01/22 01:31:05 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Sergei Prigara\Desktop\~$w Microsoft Word Document.doc
[2011/01/22 01:28:19 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Sergei Prigara\Desktop\New Microsoft Word Document.doc
[2011/01/14 15:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/13 16:01:42 | 000,094,784 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/01/13 16:01:42 | 000,027,576 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/01/13 16:01:42 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/01/13 16:01:41 | 000,239,368 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/01/12 18:25:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/07 15:57:41 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/01/05 19:13:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/31 14:31:18 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\Sergei Prigara\Desktop\Shortcut to Jobs.lnk
[2010/12/30 21:43:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/29 20:57:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/12/28 01:27:24 | 000,040,640 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/12/26 00:02:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/01/23 19:18:20 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/22 01:31:05 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Sergei Prigara\Desktop\~$w Microsoft Word Document.doc
[2011/01/22 01:28:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Sergei Prigara\Desktop\New Microsoft Word Document.doc
[2011/01/08 21:30:38 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/07 15:57:41 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/01/06 16:37:01 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/05 19:13:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/31 14:31:18 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\Sergei Prigara\Desktop\Shortcut to Jobs.lnk
[2010/12/30 21:43:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/30 21:43:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/30 21:09:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/30 21:09:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/30 21:09:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/30 21:09:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/30 21:09:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/30 21:02:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2010/12/29 20:57:27 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/12/29 19:57:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2010/12/26 00:02:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/19 17:24:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\.ini
[2010/09/19 17:24:03 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ZipFilter.INI
[2010/09/19 17:24:03 | 000,000,089 | ---- | C] () -- C:\WINDOWS\XMLFilter.INI
[2010/09/19 17:24:03 | 000,000,089 | ---- | C] () -- C:\WINDOWS\WTFilter.INI
[2010/09/19 17:24:03 | 000,000,089 | ---- | C] () -- C:\WINDOWS\TextFilter.INI
[2009/12/01 22:13:56 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\Sergei Prigara\Application Data\Comma Separated Values (Windows).ADR
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/23 21:12:29 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Sergei Prigara\Application Data\DMX.bmk
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/29 18:02:21 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/06 19:12:03 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/11 21:07:13 | 000,040,640 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/04 22:27:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/27 19:24:44 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/04/08 17:44:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/04/06 20:47:50 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/05 18:55:50 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\fusioncache.dat
[2007/03/30 04:32:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/30 04:30:05 | 000,000,338 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/30 04:28:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/03/30 04:26:47 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/03/30 04:26:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/03/30 04:22:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/03/30 04:22:15 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/03/30 04:04:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/30 04:03:59 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/30 04:03:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/30 04:03:58 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/30 04:03:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/09 20:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/12 11:07:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/09/12 11:01:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/09/12 11:01:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/09/12 11:01:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/09/12 11:01:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/09/12 11:01:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/09/12 11:01:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/09/12 11:01:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/09/12 11:00:58 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/09/12 11:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/09/12 11:00:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/09/08 07:32:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/09/08 07:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/05 09:05:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/09/05 08:26:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/09/05 08:25:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/09/05 08:25:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/09/05 08:25:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/09/05 08:25:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/09/05 08:25:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/09/05 08:24:58 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/09/05 08:24:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/09/05 08:24:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/09/05 08:24:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2006/06/12 09:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 09:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 09:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 09:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 09:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 09:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 09:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/12/01 13:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 12:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/21 14:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 13:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 17:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/19 17:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flypaper Studio
[2010/02/27 20:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/12/27 19:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/27 20:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/02/27 19:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/09/22 20:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/01/05 22:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/19 17:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trivantis
[2007/03/30 04:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/03/28 18:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/01/27 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
[2010/04/11 16:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\FileZilla
[2007/04/05 19:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\Leadertech
[2007/04/08 19:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\MSNInstaller
[2010/03/09 20:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\NoteTab Std
[2010/02/27 19:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\PC Suite
[2010/02/15 15:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\TeamViewer
[2010/12/31 23:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergei Prigara\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/09 19:56:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/30 21:43:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/24 20:22:20 | 000,016,921 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/03/30 04:04:50 | 000,005,444 | RH-- | M] () -- C:\dell.sdr
[2010/08/07 16:03:06 | 006,562,377 | ---- | M] () -- C:\Don
[2011/01/24 20:13:11 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2007/05/12 19:39:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/22 12:39:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/24 20:13:06 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/07 16:25:48 | 003,160,189 | ---- | M] () -- C:\test.mp.3
[2008/06/22 10:11:29 | 000,000,162 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/06/06 11:48:14 | 003,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/06/28 22:31:30 | 056,826,856 | ---- | M] (Logitech Inc. ) -- C:\Program Files\setpoint460.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/01/12 18:20:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/06/22 13:49:32 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Sergei Prigara\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 17:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sergei Prigara\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Sergei Prigara\Desktop\remover.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/06/22 13:49:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sergei Prigara\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/11/02 22:06:13 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Sergei Prigara\Cookies\desktop.ini
[2011/01/24 21:06:35 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Sergei Prigara\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 23:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 23:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 23:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2011/01/22 01:09:28 | 000,004,096 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1063995
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

810311 · 2011/01/24

OTL Extras logfile created on: 1/24/2011 9:08:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Sergei Prigara\My Documents\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.10 Gb Total Space | 67.32 Gb Free Space | 72.32% Space Free | Partition Type: NTFS

Computer Name: DG3X5RC1 | User Name: Sergei Prigara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabledreamweaver MX -- (Macromedia, Inc.)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Macromedia\Flash MX\Flash.exe" = C:\Program Files\Macromedia\Flash MX\Flash.exe:*:Enabled:Flash 6.0 r25 -- (Macromedia, Inc.)
"C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Sergei Prigara\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{150493B7-B59F-C677-F3AD-67C7E97CAAAF}" = Adobe Help Viewer 2
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 23
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE40EC9E-9466-4288-916D-C1D6C13F4A40}" = upekmsi
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDD4761A-3D3F-4487-9AAF-7855A36E0D31}" = Wave Infrastructure Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{E33956B7-301C-429D-9E6C-2C12EACB8A62}" = NWZ-E340 WALKMAN Guide
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE2EE62C-E27D-486A-AF6D-FA4A06E67476}" = Preboot Manager
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"TeamViewer 5" = TeamViewer 5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"xampp" = XAMPP 1.7.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2011 11:27:34 PM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 1/3/2011 11:48:10 PM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 1/3/2011 11:57:16 PM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 1/4/2011 2:11:17 PM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 1/4/2011 8:06:15 PM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 1/4/2011 8:16:39 PM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1001
Description = Fault bucket 1922860428.

Error - 1/6/2011 12:06:15 AM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 1/6/2011 3:07:25 PM | Computer Name = DG3X5RC1 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.2.4, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 1/6/2011 6:13:25 PM | Computer Name = DG3X5RC1 | Source = MsiInstaller | ID = 1013
Description = Product: Skypeâ„¢ 4.2 -- A later version of Skypeâ„¢ 4.2 is already installed.

Error - 1/10/2011 12:26:41 AM | Computer Name = DG3X5RC1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8107.0, P3 timeout, P4 1.1.6402.0, P5 fixed, P6 2 _ 2048, P7 10 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/23/2011 9:01:45 PM | Computer Name = DG3X5RC1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2011 9:01:48 PM | Computer Name = DG3X5RC1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2011 9:02:36 PM | Computer Name = DG3X5RC1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2011 9:17:28 PM | Computer Name = DG3X5RC1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/24/2011 11:57:09 AM | Computer Name = DG3X5RC1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 99.226.196.243
on the Network Card with network address 0019B967677B.

Error - 1/24/2011 5:08:19 PM | Computer Name = DG3X5RC1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 99.226.196.243
on the Network Card with network address 0019B967677B.

Error - 1/24/2011 10:04:12 PM | Computer Name = DG3X5RC1 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/24/2011 10:06:24 PM | Computer Name = DG3X5RC1 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/24/2011 10:06:24 PM | Computer Name = DG3X5RC1 | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 1/24/2011 10:06:24 PM | Computer Name = DG3X5RC1 | Source = Service Control Manager | ID = 7034
Description = The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

broni · 2011/01/24

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2035379329-1741775744-3220261347-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1063995
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

810311 · 2011/01/24

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2035379329-1741775744-3220261347-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {44990301-3C9D-426D-81DF-AAB636FA4345}
C:\WINDOWS\Downloaded Program Files\tgctlsr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A1063995 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 1152 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Sergei Prigara
->Temp folder emptied: 67630 bytes
->Temporary Internet Files folder emptied: 834352 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 190513442 bytes
->Flash cache emptied: 2332 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110391 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 183.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sergei Prigara
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.5 log created on 01242011_214600

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

810311 · 2011/01/24

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader X
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Comodo Firewall cmdagent.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

broni · 2011/01/24

Uninstall Java(TM) 6 Update 7.

Uninstall Firefox 2.0.0.
If you still want to use Firefox, you need to download current 3.6.13 version.

810311 · 2011/01/24

Uninstall Java(TM) 6 Update 7.

Uninstall Firefox 2.0.0.
If you still want to use Firefox, you need to download current 3.6.13 version.
Click to expand...

uninstall done

broni · 2011/01/24

I still need Eset log

810311 · 2011/01/24

ESET Online Scanner - no threats found. there's no log.

broni · 2011/01/24

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

810311 · 2011/01/25

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 4766 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sergei Prigara
->Temp folder emptied: 36294 bytes
->Temporary Internet Files folder emptied: 1801679 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 15011291 bytes
->Flash cache emptied: 1124 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130290 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sergei Prigara
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.5 log created on 01252011_105035

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2011/01/25

12. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready....

810311 · 2011/01/25

I will. thanks broni.

just in case you are interested, here's the issue because of what I was suggested to ask for help at antivirus/malware removal forum.

I am gonna go back to goddez1 from windows xp forum and confirm my machine was reported clean now.

http://www.windowsbbs.com/windows-xp/97311-recycle-bin-drive-c-corrupted.html

broni · 2011/01/25

Very well....

Good luck

Log in or Sign up

Solved recycle bin on drive C: is corrupted

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

810311 Inactive Thread Starter

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved recycle bin on drive C: is corrupted

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

810311 Inactive Thread Starter

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

810311 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches