Solved Blaster Worm AfterMath

Avira AntiVir Personal
Report file date: Tuesday, April 05, 2011 17:28

Scanning for 2467604 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode with network
Username : Vegeta
Computer name : HOMEPC

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 21:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 21:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 21:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 21:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 21:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 21:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 21:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 21:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 21:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 21:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 21:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 21:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 21:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 21:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 21:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 21:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 01:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 23:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 01:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 23:14:47
VBASE021.VDF : 7.11.4.74 2048 Bytes 3/6/2011 23:14:47
VBASE022.VDF : 7.11.4.75 2048 Bytes 3/6/2011 23:14:47
VBASE023.VDF : 7.11.4.76 2048 Bytes 3/6/2011 23:14:47
VBASE024.VDF : 7.11.4.77 2048 Bytes 3/6/2011 23:14:47
VBASE025.VDF : 7.11.4.78 2048 Bytes 3/6/2011 23:14:47
VBASE026.VDF : 7.11.4.79 2048 Bytes 3/6/2011 23:14:47
VBASE027.VDF : 7.11.4.80 2048 Bytes 3/6/2011 23:14:47
VBASE028.VDF : 7.11.4.81 2048 Bytes 3/6/2011 23:14:47
VBASE029.VDF : 7.11.4.82 2048 Bytes 3/6/2011 23:14:47
VBASE030.VDF : 7.11.4.83 2048 Bytes 3/6/2011 23:14:47
VBASE031.VDF : 7.11.4.89 59392 Bytes 3/7/2011 17:38:01
Engineversion : 8.2.4.178
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 21:36:49
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 3/3/2011 05:00:21
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 21:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 21:36:48
AERDL.DLL : 8.1.9.2 635252 Bytes 3/4/2011 21:36:48
AEPACK.DLL : 8.2.4.11 520566 Bytes 3/3/2011 05:00:21
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 3/4/2011 21:36:47
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 3/3/2011 05:00:21
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 21:36:41
AEGEN.DLL : 8.1.5.2 397683 Bytes 3/4/2011 21:36:41
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 21:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 21:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 21:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 21:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 21:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 21:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 21:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 21:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 21:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 21:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 21:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 21:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Tuesday, April 05, 2011 17:28

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '63' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '42' Module(s) have been scanned
Scan process 'procexp.exe' - '86' Module(s) have been scanned
Scan process 'avcenter.exe' - '104' Module(s) have been scanned
Scan process 'Explorer.EXE' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '111' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'lsass.exe' - '51' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '63' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '465' files ).


Starting the file scan:

Begin scan in 'C:\' <IBM_PRELOAD>
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP1\A0000055.exe
[DETECTION] Is the TR/Code.twa Trojan
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP1\A0000056.dll
[DETECTION] Contains virus patterns of Adware ADWARE/GameVa.C.271
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP1\A0000057.exe
[DETECTION] Is the TR/Code.twa Trojan

Beginning disinfection:
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP1\A0000057.exe
[DETECTION] Is the TR/Code.twa Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP1\A0000056.dll
[DETECTION] Contains virus patterns of Adware ADWARE/GameVa.C.271
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP1\A0000055.exe
[DETECTION] Is the TR/Code.twa Trojan
[NOTE] The file was deleted!


End of the scan: Tuesday, April 05, 2011 18:11
Used time: 42:12 Minute(s)

The scan has been done completely.

5337 Scanned directories
395868 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
3 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
395865 Files not concerned
7773 Archives were scanned
0 Warnings
3 Notes

 

Avira AntiVir Personal
Report file date: Tuesday, April 05, 2011 18:23

Scanning for 2566524 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Vegeta
Computer name : HOMEPC

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 21:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 21:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 21:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 21:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 21:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 21:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 21:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 21:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 21:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 21:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 21:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 21:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 21:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 21:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 21:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 21:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 01:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 23:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 01:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 23:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 01:21:25
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 01:21:26
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 01:21:26
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 01:21:27
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 01:21:28
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 01:21:29
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 01:21:30
VBASE028.VDF : 7.11.5.122 154112 Bytes 3/30/2011 01:21:31
VBASE029.VDF : 7.11.5.174 206336 Bytes 4/4/2011 01:21:32
VBASE030.VDF : 7.11.5.175 2048 Bytes 4/4/2011 01:21:33
VBASE031.VDF : 7.11.5.202 108032 Bytes 4/6/2011 01:21:33
Engineversion : 8.2.4.202
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 21:36:49
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/6/2011 01:21:49
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 21:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 21:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/6/2011 01:21:47
AEPACK.DLL : 8.2.4.15 524662 Bytes 4/6/2011 01:21:46
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/6/2011 01:21:44
AEHEUR.DLL : 8.1.2.96 3412341 Bytes 4/6/2011 01:21:43
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 21:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/6/2011 01:21:37
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 21:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 21:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 21:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 21:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 21:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 21:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 21:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 21:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 21:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 21:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 21:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 21:37:12

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Tuesday, April 05, 2011 18:23

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TpKmpSVC.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TPHDEXLG.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FSRremoS.EXE' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'ICO.EXE' - '1' Module(s) have been scanned
Scan process 'PRONoMgr.exe' - '1' Module(s) have been scanned
Scan process 'TpScrLk.exe' - '1' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '1' Module(s) have been scanned
Scan process 'QCWLICON.EXE' - '1' Module(s) have been scanned
Scan process 'ibmprc.exe' - '1' Module(s) have been scanned
Scan process 'TpScrex.exe' - '1' Module(s) have been scanned
Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned
Scan process 'EzEjMnAp.Exe' - '1' Module(s) have been scanned
Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned
Scan process 'rpcnet.exe' - '1' Module(s) have been scanned
Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'rrpcsb.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '463' files ).



End of the scan: Tuesday, April 05, 2011 18:24
Used time: 00:49 Minute(s)

The scan has been done completely.

0 Scanned directories
512 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
512 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes

 

I can only get Avira to run on this system. For whatever reason AVAST failed to run both in Safe and normal boot. I scanned with Avira first, which gave me some trouble in normal mode first, then scanned in Safe mode pre-update, becuase I couldn't get it to u[date at first, then FINALLY got it update in back in normal mode again. So I ran another scan in normal mode, and a third post update scan in safe mode again.

It was Avira first, then I uninstalled it, and installed AVAST - total failure. So i uninstalled that and tried other viral scanners. (scanners, not full defense AV's). The internet is not continuously connected, I only connect when I need to update. and firewall activated.

Right now because I was scanning with a whole mess of progs, I sort of refrained from leaving anything installed.

 

ok double check - Avira can be active WHILE OTL runs correct?

 

Im being called away from the computer right now and am unable to complete anything further right now. I'll post the logs when I get back tonight. But I've already gotten one error msg out of OTL.

Other things wrong:
- google chrome crapped out (other browsers still work)
- unable to configure mouse pad (mouse still works)
- AVAST still refuses to work (Avira works though)
- icons to notepad, cmd and a few others have gone missing. (able to access them through RUN command though)

have not installed AVIRA though - ran OTL first.

 

Oh, I know! Cardinal rule numbah one: only 1 AV at a time. It's the reason why AVIRA didn't stay installed. I've read that of the 2, AVAST was the one to go with, but both are pretty good for being freebies.
---
eror msg: (I saved a screen shot) "Access violation at address 0040295B in module 'OTL.exe'. Read of Address 001D6000. "
- Then it froze at "creating restore point. Do not interrupt... "

When I got back, I closed it and ran it in normal mode again (both times were in Normal) and completed successfully without any interruptions.
---
The icons completely disappeared out of the start menu as well under ACCESSORIES. That was odd. I'll refresh.

 

OTL logfile created on: 4/11/2011 5:06:45 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 478.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 57.62 Gb Free Space | 77.32% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 2.30 Gb Free Space | 61.07% Space Free | Partition Type: FAT32

Computer Name: HOMEPC | User Name: Vegeta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/28 16:17:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/02/17 08:48:14 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/15 14:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 04:08:00 | 000,086,016 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2005/09/06 04:08:00 | 000,081,920 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/08/24 02:10:00 | 000,040,960 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\TP4EX.exe
PRC - [2005/08/24 02:10:00 | 000,040,960 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\tp4cross.exe
PRC - [2005/08/08 14:01:40 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2004/12/17 05:52:18 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/12/17 04:42:14 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2003/11/20 15:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/08/06 17:08:00 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/28 16:17:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/09/15 14:57:36 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/08/24 02:10:00 | 000,040,960 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\TP4HOOK.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/17 08:48:14 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2005/09/06 04:08:00 | 000,081,920 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/12/17 05:52:18 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/08/11 01:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 22:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2005/09/06 04:08:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/09/06 04:08:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/06 04:08:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/08/31 03:40:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/08/31 02:50:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/08/31 02:50:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/07/19 21:14:02 | 003,289,088 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/25 22:59:12 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 02:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/01/25 16:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 16:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 16:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/17 05:15:24 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/12/17 04:05:16 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/11/04 08:33:08 | 000,013,184 | ---- | M] (IBM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2004/08/03 22:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/03/08 12:43:10 | 001,657,344 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/02/11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/11/19 02:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2001/11/01 12:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/18 02:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1799456947-2972879614-1660739195-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1799456947-2972879614-1660739195-1019\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: tito@no-history:0.100328.4
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.0.7
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.77
FF - prefs.js..extensions.enabledItems: firefox@pidder.com:0.2.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/18 20:35:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 22:37:59 | 000,000,000 | ---D | M]

[2010/03/03 20:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/04/03 00:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/03 04:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (QuickJava) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] ( "pidder ") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\firefox@pidder.com
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\optimizegoogle@optimizegoogle.com
[2010/06/03 04:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\staged-xpis
[2010/04/11 18:46:33 | 000,000,000 | ---D | M] (No History) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f6pggpgg.default\extensions\tito@no-history
[2011/03/06 22:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 01:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/03 01:24:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/03 01:24:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/10 15:58:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1799456947-2972879614-1660739195-1019\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (Lenovo)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1799456947-2972879614-1660739195-1019\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1799456947-2972879614-1660739195-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1799456947-2972879614-1660739195-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1799456947-2972879614-1660739195-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266422316168 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266422292133 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38141.3952199074 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (Lenovo)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/03 21:00:30 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 05:05:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2011/04/10 18:15:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/04/10 18:13:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/10 15:52:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/10 15:51:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/10 15:51:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/10 15:51:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/10 15:51:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/10 15:50:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/10 15:50:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/06 16:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\to save
[2011/04/06 00:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/04/06 00:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/04/06 00:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/04/05 23:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/05 23:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 22:07:16 | 003,404,136 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\user\Desktop\procexp.exe
[2011/04/05 18:18:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/04/05 06:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/04/05 05:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\scans
[2011/04/03 16:49:13 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/04/03 16:49:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/04/03 16:49:12 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/04/03 16:49:12 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/04/03 16:49:11 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/04/03 16:49:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/04/03 16:49:10 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/04/03 16:49:09 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/04/03 16:49:07 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/04/03 16:49:06 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/04/03 16:44:19 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/04/03 16:44:18 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/04/03 16:44:18 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/04/03 16:44:17 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/04/03 16:44:17 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/04/03 16:44:16 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/04/03 16:44:16 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/04/03 16:44:15 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/04/03 16:44:06 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/04/03 16:44:03 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/04/03 16:44:03 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/04/03 16:44:02 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/04/03 16:44:01 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/04/03 16:44:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/04/03 16:44:00 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/04/03 16:43:59 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/04/03 16:43:32 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/04/03 16:43:23 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/04/03 16:43:09 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/04/03 16:43:04 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/04/03 16:43:03 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/04/03 16:43:03 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/04/03 16:43:02 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/04/03 16:43:00 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/04/03 16:42:56 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/04/03 16:42:53 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/04/03 16:42:52 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/04/03 16:42:52 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/04/02 23:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/02 23:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2011/04/02 23:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Free Download Manager
[2011/04/02 23:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/04/02 15:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/02 15:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\SpybotPortable
[2011/04/02 04:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/04/02 01:33:10 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/02 01:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2011/04/02 01:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/02 01:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/04/02 01:25:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/02 01:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/02 01:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/02 01:25:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/02 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 01:21:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/04/02 01:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\InstallShield
[2011/04/01 19:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/04/01 19:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\NPE
[2011/04/01 17:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\FreeFixer
[2011/04/01 17:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FreeFixer
[2011/04/01 17:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\FreeFixer
[2011/04/01 17:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2011/04/01 14:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\SysinternalsSuite
[2011/04/01 14:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\WINBBS TOOLS
[2011/04/01 14:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\ANTI-MALWARE
[2011/04/01 14:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\BLASTER WORM REMOVAL TOOLS AND INSTRUCTIONS
[2011/04/01 05:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2011/04/01 03:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\EraseDrop Portable

========== Files - Modified Within 30 Days ==========

[2011/04/11 05:08:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D95B32E8-0CD8-4F8F-9323-DAE448CE658B}.job
[2011/04/11 04:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/11 04:44:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/10 18:13:31 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/04/10 15:58:26 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 15:58:15 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/04/10 15:58:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/10 15:57:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/10 15:52:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/04/09 16:13:44 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/04/06 00:51:24 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Cloud Scanner.lnk
[2011/04/05 23:55:58 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/05 23:14:59 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/05 08:06:48 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/02 16:20:16 | 000,431,524 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110402-182014.backup
[2011/04/02 16:08:24 | 000,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110402-162016.backup
[2011/04/02 16:07:24 | 000,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110402-160824.backup
[2011/04/02 16:03:25 | 000,431,524 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110402-160724.backup
[2011/04/02 01:31:20 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2011/04/01 19:03:16 | 003,524,196 | ---- | M] () -- C:\Documents and Settings\user\Application Data\SMRBackup162.dat
[2011/04/01 14:40:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\defogger_reenable
[2011/04/01 14:24:52 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to EraserDropPortable.exe.lnk
[2011/04/01 06:47:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/01 04:37:12 | 000,001,688 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/03/28 16:17:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/03/14 12:52:36 | 003,404,136 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\user\Desktop\procexp.exe
[2011/03/13 12:34:34 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 12:34:34 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/04/10 15:52:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/10 15:52:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/10 15:51:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/10 15:51:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/10 15:51:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/10 15:51:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/10 15:51:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/06 00:51:24 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Cloud Scanner.lnk
[2011/04/05 23:33:33 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/05 06:24:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/03 16:43:48 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/04/03 16:43:48 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/04/03 16:43:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/04/03 16:43:47 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/04/03 16:43:46 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/04/03 16:43:46 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/04/03 16:43:45 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/04/03 16:43:45 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/04/03 16:43:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/04/03 16:43:39 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/04/02 01:31:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2011/04/01 19:02:07 | 003,524,196 | ---- | C] () -- C:\Documents and Settings\user\Application Data\SMRBackup162.dat
[2011/04/01 14:40:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\defogger_reenable
[2011/04/01 06:47:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/01 03:42:28 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to EraserDropPortable.exe.lnk
[2010/04/16 18:18:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/11 19:08:11 | 000,001,688 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/04/11 18:35:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 21:28:12 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2005/11/09 10:31:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2005/11/09 10:31:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2005/11/09 09:09:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/09 09:09:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/09 09:09:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/09 09:09:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/09 09:09:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/09 09:09:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/08 16:13:52 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2005/11/08 16:13:33 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2005/07/06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/06/21 19:46:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/06/16 23:23:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/01/20 17:07:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/20 15:48:50 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/12/17 04:42:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/12/17 04:42:14 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/11/04 08:33:08 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\Psasrv.exe
[2004/06/04 13:08:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/30 00:29:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/30 00:25:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/30 00:24:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/30 00:24:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/30 00:24:02 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/04/30 00:07:58 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/30 00:02:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2004/04/29 23:57:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2004/04/29 23:56:40 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/04/29 23:56:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2004/04/29 23:55:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2004/04/29 23:55:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2004/04/29 23:33:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/29 22:15:42 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/02/25 20:45:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/20 23:28:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/20 18:32:28 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/20 18:18:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/20 18:09:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/20 18:03:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/20 18:02:38 | 000,304,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/08 23:28:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpScrLk.exe
[2002/01/10 03:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/23 20:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 20:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 09:00:00 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 09:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 09:00:00 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 09:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 09:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2005/05/17 15:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2004/06/04 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2005/01/20 16:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/04/11 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/02 23:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2004/04/30 00:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2011/04/06 05:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/04/05 23:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Free Download Manager
[2011/04/01 18:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeFixer
[2011/04/01 20:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2010/03/14 14:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IBM
[2010/04/11 20:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2010/04/11 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Software Informer
[2010/04/12 20:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VSRevoGroup
[2005/11/09 09:07:43 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2011/04/11 05:08:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D95B32E8-0CD8-4F8F-9323-DAE448CE658B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/06/03 21:00:30 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/02/17 16:13:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/10 15:52:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2004/04/30 00:09:58 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2004/04/30 00:30:46 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2003/02/20 17:54:04 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/10 17:20:17 | 000,015,348 | ---- | M] () -- C:\ComboFix.txt
[2011/04/06 01:18:22 | 000,000,000 | ---- | M] () -- C:\comodo_log.txt
[2004/06/03 21:00:30 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2011/04/01 23:11:05 | 000,027,503 | ---- | M] () -- C:\engine.log
[2004/06/03 21:00:30 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/11/09 09:10:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/11/09 16:45:10 | 000,000,033 | ---- | M] () -- C:\nofile.txt
[2005/01/20 17:21:03 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/17 09:59:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/10 15:57:51 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2002/08/29 06:00:00 | 000,245,920 | RHS- | M] () -- C:\PELDR

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/02/20 18:13:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2003/07/16 05:35:04 | 000,002,193 | ---- | M] () -- C:\WINDOWS\system32\TpShPrm.jpg

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/02/20 18:02:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/02/20 18:02:10 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/02/20 18:02:10 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/02/17 10:08:21 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/19 14:24:53 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/02/20 18:21:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/28 16:17:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/03/14 12:52:36 | 003,404,136 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\user\Desktop\procexp.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/02/19 14:24:51 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/02/25 16:55:01 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\desktop.ini
[2011/04/11 05:05:56 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/09/22 19:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 06:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 20:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 20:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 20:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 20:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/21 04:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/12/17 20:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 20:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 20:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 20:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

OTL Extras logfile created on: 4/11/2011 5:06:45 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 478.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 57.62 Gb Free Space | 77.32% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 2.30 Gb Free Space | 61.07% Space Free | Partition Type: FAT32

Computer Name: HOMEPC | User Name: Vegeta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1799456947-2972879614-1660739195-1019\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CCleaner\CCleaner.exe" = C:\Program Files\CCleaner\CCleaner.exe:*isabled:CCleaner -- (Piriform Ltd)
"C:\Program Files\ThinkPad\ConnectUtilities\QCWIZARD.EXE" = C:\Program Files\ThinkPad\ConnectUtilities\QCWIZARD.EXE:*isabled:Access Connections -- (Lenovo)
"C:\Program Files\COMODO\COMODO Cloud Scanner\CloudScanner.exe" = C:\Program Files\COMODO\COMODO Cloud Scanner\CloudScanner.exe:*isabled:COMODO Cloud Scanner -- (COMODO Security Solutions, Inc.)
"C:\Documents and Settings\user\Desktop\ANTI-MALWARE\HousecallLauncher.exe" = C:\Documents and Settings\user\Desktop\ANTI-MALWARE\HousecallLauncher.exe:*isabled:HousecallLauncher.exe -- (Trend Micro Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*isabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Documents and Settings\user\Desktop\ANTI-MALWARE\SAS_91348230.COM" = C:\Documents and Settings\user\Desktop\ANTI-MALWARE\SAS_91348230.COM:*isabled:SAS_91348230.COM -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = ThinkVantage Access Connections
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}" = System Migration Assistant 5.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FIRE GL driver for 3D Studio MAX/VIZ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC81CD6C-C2B3-4EE5-A11B-5E9A9B5941DF}" = COMODO Cloud Scanner
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF5A8D64-0B50-46D7-B85D-E66CE690092C}" = WOT for Internet Explorer
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"ERUNT_is1" = ERUNT 1.1j
"FreeFixer0.58" = FreeFixer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTREGOPT_is1" = NTREGOPT 1.1j
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Revo Uninstaller" = Revo Uninstaller 1.85
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"TPKBDLED" = Scroll Lock Indicator Utility
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2011 3:31:21 AM | Computer Name = HOMEPC | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 4/1/2011 3:31:22 AM | Computer Name = HOMEPC | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 4/1/2011 3:31:22 AM | Computer Name = HOMEPC | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 4/1/2011 3:31:22 AM | Computer Name = HOMEPC | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 4/3/2011 1:28:27 AM | Computer Name = HOMEPC | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\15dcf.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/3/2011 2:11:13 AM | Computer Name = HOMEPC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007043c.

Error - 4/3/2011 2:11:13 AM | Computer Name = HOMEPC | Source = VSS | ID = 5012
Description = Volume Shadow Copy Service error: Shadow Copy shim called routine
CoCreateInstance( CLSID_VSSCoordinator, IID_IVssShim) which failed with status 0x8007043c
(converted to 0x8000ffff).

Error - 4/3/2011 2:11:13 AM | Computer Name = HOMEPC | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 4/5/2011 9:18:48 PM | Computer Name = HOMEPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/6/2011 2:18:29 AM | Computer Name = HOMEPC | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\15dcf.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

[ System Events ]
Error - 4/9/2011 7:14:04 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%2

Error - 4/10/2011 6:44:36 PM | Computer Name = HOMEPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/10/2011 6:44:36 PM | Computer Name = HOMEPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/10/2011 6:52:56 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/10/2011 6:58:18 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 4/10/2011 6:58:18 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 4/10/2011 6:58:18 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%2

Error - 4/10/2011 6:58:24 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 4/10/2011 8:14:52 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/10/2011 9:13:31 PM | Computer Name = HOMEPC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 76.213.245.32 on
the Network Card with network address 000D602D097D.


< End of report >

 

Hi brom . I'm sorry, I haven't forgotten. I actually hadn't found time this week. I'll do it today and get those posted straight away.

 

AGH! FINALLY! The week is...OVAAAAA!!! I can actually get this done! Thank you for your patience, and not closing this on me, Broni. I really appreciate it!

OK, I'm running everything as I type. I've already installed/upgraded/re-scanned in AVIRA and it's currently enabled back in place,
(the one aspect I really love about this and CCLeaner - easy to read/edit *.ini config files that I can add everything into and save - AWESOME!!)upgraded the Java, run the OTL custom Fix - I'll post the Log with this - ran TFC, and am currently running the ESET scanner. I've yet to run the Security check.

I have however re-ran the MBR check, and it still said "UNKNOWN MBR DETECTED." At first I thought that's what you fixed, then remembered that what you ran after that was BOOTREMOVER. Not the NTBR like what we've previously used. I remember from my own prob previously how you fixed that and if it was anything to be concerned about. But with that in consideration, My computers system files ARE corrupt, so maybe the MBR could be a result of that. I wasn't sure. I don't have a disk to fix that. This is a laptop, and NO backups of ANY kind were ever made on this system, and it's proving to be near mission impossible to find a replacement retail disk to fix that, so there's not much I can do on that aspect. But I was just curious about the MBR ordeal. ok here's the OTL scan and MBR scan (I know you didn't ask for the MBR.) If ESET gives me the option for a log, I'll post that the minute it's done. THank you again, BRONI. I'm sorry for the delay. < The AVIRA scan came up clean, btw. Ididn't think it was necessary to repost the billionth scan, lol.

=====================================
MBR scan:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF79F2000 \WINDOWS\system32\KDCOM.DLL
0xF7902000 \WINDOWS\system32\BOOTVID.dll
0xF74A3000 ACPI.sys
0xF79F4000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7492000 pci.sys
0xF74F2000 isapnp.sys
0xF7906000 compbatt.sys
0xF790A000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7ABA000 pciide.sys
0xF7772000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7474000 pcmcia.sys
0xF7502000 MountMgr.sys
0xF7455000 ftdisk.sys
0xF790E000 ACPIEC.sys
0xF7ABB000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF777A000 PartMgr.sys
0xF7512000 Shockprf.sys
0xF7522000 VolSnap.sys
0xF743D000 atapi.sys
0xF7532000 disk.sys
0xF7542000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF741D000 fltmgr.sys
0xF740B000 sr.sys
0xF7782000 PxHelp20.sys
0xF73F4000 KSecDD.sys
0xF7367000 Ntfs.sys
0xF79F6000 ANCSQ.sys
0xF733A000 \WINDOWS\System32\drivers\NDIS.SYS
0xF7552000 ohci1394.sys
0xF7562000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7320000 Mup.sys
0xF7572000 agp440.sys
0xF6985000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6800000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF67EC000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF780A000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF67C8000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7812000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF67A4000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF6975000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF781A000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF6778000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF7A10000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7822000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF6965000 \SystemRoot\System32\DRIVERS\serial.sys
0xF79AE000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6764000 \SystemRoot\System32\DRIVERS\parport.sys
0xF782A000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF79B2000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF79BA000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF7832000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF6955000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF6945000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF6935000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6741000 \SystemRoot\System32\DRIVERS\ks.sys
0xF66B3000 \SystemRoot\system32\drivers\smwdm.sys
0xF668F000 \SystemRoot\system32\drivers\portcls.sys
0xF6925000 \SystemRoot\system32\drivers\drmk.sys
0xF6677000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6552000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF783A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7BC8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7842000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF784A000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF75B2000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF79CE000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6513000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF75C2000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF75D2000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF6502000 \SystemRoot\System32\DRIVERS\psched.sys
0xF75E2000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7852000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF785A000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF64D2000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF75F2000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7A12000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6474000 \SystemRoot\System32\DRIVERS\update.sys
0xF79E6000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7612000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7642000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7986000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A1E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AD0000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A20000 \SystemRoot\System32\Drivers\Beep.SYS
0xF789A000 \SystemRoot\System32\drivers\vga.sys
0xF7A22000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A24000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78A2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78AA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF798A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBA62A000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBA5D1000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA5A9000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA587000 \SystemRoot\System32\drivers\afd.sys
0xF7672000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF78B2000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF78BA000 \SystemRoot\System32\drivers\Tppwr.sys
0xF78C2000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF78CA000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF78D2000 \SystemRoot\System32\drivers\Smapint.sys
0xF7A26000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xBA49C000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xBA42C000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7AEE000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF7692000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA406000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF76B2000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF78DA000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF654E000 \SystemRoot\System32\drivers\ANC.SYS
0xB8DBA000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB8DA2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A3A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6447000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77EA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AEF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E6000 \SystemRoot\System32\ativvaxx.dll
0xBF37A000 \SystemRoot\System32\ATMFD.DLL
0xB6C9C000 \SystemRoot\System32\DRIVERS\irda.sys
0xB6D36000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB6A07000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6B34000 \SystemRoot\system32\drivers\sysaudio.sys
0xB67F4000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7A5A000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xB6B44000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xB66AC000 \SystemRoot\System32\DRIVERS\srv.sys
0xB6A40000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF76C2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB60F3000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8DF6000 \??\C:\ComboFix\catchme.sys
0xF7A5C000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA364000 \??\C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys
0xB5E9A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A1C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB5E85000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 43):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
912 C:\WINDOWS\system32\ibmpmsvc.exe
940 C:\WINDOWS\system32\ati2evxx.exe
952 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1144 C:\WINDOWS\system32\svchost.exe
1192 svchost.exe
1300 svchost.exe
1700 C:\WINDOWS\system32\ati2evxx.exe
1820 C:\WINDOWS\system32\spoolsv.exe
396 svchost.exe
1120 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
1224 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1240 C:\Program Files\Java\jre6\bin\jqs.exe
1248 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1432 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1480 C:\WINDOWS\system32\TP4EX.exe
1584 C:\IBMTOOLS\utils\ibmprc.exe
1636 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
1972 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
1456 C:\WINDOWS\system32\QCONSVC.EXE
260 C:\WINDOWS\system32\tp4cross.exe
268 C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
280 C:\WINDOWS\system32\ico.exe
1292 C:\WINDOWS\system32\rpcnet.exe
2280 C:\WINDOWS\system32\svchost.exe
2356 C:\WINDOWS\system32\TPHDEXLG.exe
2500 wdfmgr.exe
3744 alg.exe
3244 C:\WINDOWS\system32\ctfmon.exe
2024 C:\WINDOWS\explorer.exe
2824 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1344 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1404 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2692 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
656 wmiprvse.exe
3932 C:\Documents and Settings\user\Desktop\WINBBS TOOLS\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD800BEVE-00UYT0, Rev: 01.04A01
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 91DFF5EBA9B4894A1AD4644CDED7012A51464633

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


===================================================
OTL RunFIX:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: user
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 6071402 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04162011_145039
Files\Folders moved on Reboot...
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\1CJRMPZK\98598-active-blaster-worm-aftermath[1].html moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\1CJRMPZK\iframescript[1].htm moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...

 

PS: by "My computer," I mean the computer I'm "doctoring." It doesn't belong to me, it belongs to a friend who asked me to take a look at it. He's a novice user, and knows nothing about custom settings, backups or security details of import. So, that's the case why no backups.

 

Ok. Thank you it was a precaution. I hope your weekend is going well. The ESET scanner is still running so I'm waiting for the results on that.