Malwarebytes and Hijackthis cannot scan

[fatman]

My laptop is screwed.

so I have both Hijack this and Malwarebytes. They will boot up after the install, and as soon as I select scan after a few seconds it closes - and beyond that i can't re-boot it without re-installing it.

now...I read someone else's similar problem and got the fr33 program and dragged the MWB exe file on it and it seemed to work it said 'finished', tryed to boot up and the same thing happened when I tried to scan.

I'm worried I'll end up having to do a master reboot (which sucks becaues I lose everything I have on the computer).

I really appreciate you guys helping and running this forum...this virus is unbelievable.

[Maurice Naggar]

Hello,

Windows version ???

Please be explicit in stating your version/edition of Windows. That is really helpful to know up front. I am having to make some guesses.

Start with this:

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

=

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

• Double-click FixPolicies.exe.
  
• Click the "Install" button on the bottom toolbar of the box that will open.
  
• The program will create a new Folder called FixPolicies.
  
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  
• A black box will briefly appear and then close.
  
• This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
  

=

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

=

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe and really try to Rename it ALPHA.exe

IF unable to download it, use another pc to download and then transfer it to the DESKTOP

• Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.
  

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[fatman]

Sorry it's windows XP and it's an IBM thinkpad - don't know if that matters. I'm going to start you instructions within the next 15 minutes. I'm moving some things to an external HD just in case.

<Moderator Edit and Note !>

Fatman,

Kindly only use the ADDREPLY button at the very bottom of forum window when you start a reply.

Do NOT use the "Reply when doing that. In case you don't notice, a quoted reply takes a lot of space and makes for a long read.

Thanks.

~ Maurice

[fatman]

OTL logfile created on: 9/6/2009 10:59:56 AM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Fraser\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.46% Memory free

3.35 Gb Paging File | 2.76 Gb Available in Paging File | 82.36% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.16 Gb Total Space | 11.87 Gb Free Space | 35.80% Space Free | Partition Type: NTFS

Drive D: | 74.53 Gb Total Space | 13.62 Gb Free Space | 18.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IBM-AF3F5BC72E6

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2003/07/03 05:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2006/03/09 14:48:22 | 00,235,168 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

PRC - [2004/03/19 17:21:10 | 00,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

PRC - [2004/04/23 15:04:16 | 00,158,848 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\navapsvc.exe

PRC - [2004/03/12 07:10:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\QCONSVC.EXE

PRC - [2005/01/26 01:48:50 | 00,194,272 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\SAVScan.exe

PRC - [2003/07/11 22:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe

PRC - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe

PRC - [2004/11/02 20:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2003/11/13 07:12:00 | 00,094,208 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\tp4serv.exe

PRC - [2003/12/17 15:12:16 | 00,102,400 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\TpShocks.exe

PRC - [2004/03/10 14:10:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

PRC - [2003/12/25 06:04:00 | 00,208,896 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe

PRC - [2006/03/09 14:47:52 | 00,071,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2004/03/19 16:12:10 | 00,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\UTILS\ibmprc.exe

PRC - [2004/03/10 14:10:44 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

PRC - [2002/01/10 19:01:34 | 00,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

PRC - [2004/03/12 07:10:00 | 00,663,552 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE

PRC - [2004/03/12 07:10:00 | 00,049,152 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

PRC - [2008/06/10 07:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2009/02/08 02:41:33 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe

PRC - [2006/10/19 00:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

PRC - [2003/10/29 06:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2009/01/09 22:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2009/01/09 23:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/09/06 10:59:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fraser\Desktop\ALPHA.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2004/07/15 05:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2006/03/09 14:47:58 | 00,255,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Stopped])

SRV - [2006/03/09 14:48:08 | 00,087,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])

SRV - [2006/03/09 14:48:22 | 00,235,168 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])

SRV - File not found -- -- (gusvc [On_Demand | Stopped])

SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2004/03/19 17:21:10 | 00,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service [Auto | Running])

SRV - [2003/07/03 05:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])

SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

SRV - [2008/04/13 20:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])

SRV - File not found -- -- (Lavasoft Ad-Aware Service [Auto | Stopped])

SRV - [2004/04/23 15:04:16 | 00,158,848 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc [Auto | Running])

SRV - [2009/02/08 00:27:48 | 00,032,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\psasrv.exe -- (PsaSrv [On_Demand | Stopped])

SRV - [2004/03/12 07:10:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\QCONSVC.EXE -- (QCONSVC [Auto | Running])

SRV - [2005/01/26 01:48:50 | 00,194,272 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan [Auto | Running])

SRV - [2003/06/24 22:23:10 | 00,066,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService [Auto | Stopped])

SRV - [2005/01/22 02:32:12 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])

SRV - [2004/11/02 20:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])

SRV - [2003/07/11 22:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])

SRV - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 16:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])

DRV - [2003/10/23 15:17:10 | 00,100,384 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])

DRV - [2001/08/17 17:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])

DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])

DRV - [2004/03/12 07:10:00 | 00,009,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\ANC.SYS -- (ANC [system | Running])

DRV - [2004/01/18 20:15:10 | 00,326,528 | ---- | M] (Accton Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])

DRV - [2001/08/17 17:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])

DRV - [2001/08/17 17:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])

DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2001/08/17 17:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [On_Demand | Stopped])

DRV - [2001/08/17 17:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])

DRV - [2003/08/14 18:46:48 | 00,125,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])

DRV - [2001/08/17 16:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])

DRV - [2004/03/03 15:20:52 | 00,005,120 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])

DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])

DRV - [2002/11/18 21:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand | Stopped])

DRV - [2004/01/21 16:02:14 | 00,197,888 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])

DRV - [2004/01/21 15:57:58 | 01,041,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

DRV - File not found -- Service key not found. -- (hyqshr [unknown | Running])

DRV - [2003/11/20 13:25:14 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])

DRV - [2004/03/19 16:05:36 | 00,063,872 | ---- | M] (IBM) -- C:\WINDOWS\System32\drivers\ibmfilter.sys -- (ibmfilter [Auto | Running])

DRV - [2003/07/03 05:25:00 | 00,011,344 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])

DRV - [2004/03/12 07:10:00 | 00,002,295 | ---- | M] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS -- (IBMTPCHK [system | Running])

DRV - [2009/02/08 00:10:24 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])

DRV - [2003/04/09 17:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

DRV - [2001/08/17 17:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])

DRV - [2009/02/25 05:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090520.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])

DRV - [2009/02/25 05:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090520.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

DRV - [2008/04/13 14:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])

DRV - [2004/08/04 02:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])

DRV - [2001/09/13 11:58:02 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])

DRV - [2009/02/08 00:27:48 | 00,013,312 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\psadd.sys -- (psadd [On_Demand | Stopped])

DRV - [2001/08/18 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2009/02/08 00:27:48 | 00,017,232 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2004/03/12 07:10:00 | 00,012,288 | ---- | M] (IBM Corporation.) -- C:\WINDOWS\System32\drivers\qcndisif.SYS -- (QCNDISIF [On_Demand | Stopped])

DRV - [2001/08/17 17:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])

DRV - [2001/08/17 17:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])

DRV - [2001/08/17 17:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])

DRV - [2005/01/26 01:48:52 | 00,305,288 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\SAVRT.SYS -- (SAVRT [system | Running])

DRV - [2005/01/26 01:48:52 | 00,037,000 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [system | Running])

DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2003/12/15 21:29:10 | 00,004,433 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr [Auto | Running])

DRV - [2003/12/17 17:50:10 | 00,058,568 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf [boot | Running])

DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])

DRV - [2003/10/24 05:35:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [system | Running])

DRV - [2003/10/27 18:09:06 | 00,578,432 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])

DRV - [2001/08/17 18:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])

DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2001/08/17 18:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])

DRV - [2001/08/17 18:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])

DRV - [2003/08/16 00:22:12 | 00,082,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

DRV - [2005/01/22 02:31:48 | 00,026,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])

DRV - [2005/01/22 02:31:50 | 00,267,384 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [system | Running])

DRV - [2001/08/17 18:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])

DRV - [2001/08/17 18:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])

DRV - [2003/10/24 05:35:00 | 00,008,831 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [system | Running])

DRV - [2003/11/13 07:12:00 | 00,013,904 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\DRIVERS\tp4track.sys -- (Tp4Track [On_Demand | Running])

DRV - [2004/03/10 14:10:32 | 00,016,195 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [system | Running])

DRV - [2003/12/25 05:36:00 | 00,015,360 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\Tppwr.sys -- (TPPWR [system | Running])

DRV - [2003/12/18 06:30:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [system | Running])

DRV - [2001/08/17 17:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

DRV - [2004/01/21 15:59:34 | 00,675,840 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

DRV - [2003/11/20 13:26:20 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])

DRV - [2003/11/20 13:26:12 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [36029EB5D63F4D5A] C:\WINDOWS\System32\36029EB5D63F4D5A.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.CPL (Microsoft Corporation)

O4 - HKLM..\Run: [bMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)

O4 - HKLM..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()

O4 - HKLM..\Run: [bMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe ()

O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)

O4 - HKLM..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe (IBM Corp.)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)

O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (IBM Corporation)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)

O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (IBM Corporation)

O4 - HKLM..\Run: [uC_SMB] File not found

O4 - HKLM..\Run: [uC_Start] C:\Program Files\IBM\Updater\ucstartup.exe ()

O4 - HKCU..\Run: [bitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [Monopod] C:\DOCUME~1\Fraser\LOCALS~1\Temp\a.exe File not found

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\Fraser\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Documents and Settings\Fraser\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1234254278156 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/...all-141-win.cab (Java Plug-in 1.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/02/08 02:05:34 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]

[2009/09/06 10:54:19 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fraser\Desktop\ALPHA.exe

[2009/09/06 10:51:36 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Fraser\Desktop\ATF-Cleaner.exe

[2009/09/06 10:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fraser\Desktop\FixPolicies

[2009/09/06 10:45:37 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Fraser\Desktop\FixPolicies.exe

[2009/09/06 10:41:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/09/06 10:41:14 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Fraser\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/09/06 10:41:12 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\Fraser\Desktop\NTREGOPT.lnk

[2009/09/06 10:41:12 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\Fraser\Desktop\ERUNT.lnk

[2009/09/06 10:41:11 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/09/06 09:52:39 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/09/06 09:46:22 | 00,136,382 | ---- | C] ( ) -- C:\Documents and Settings\Fraser\Desktop\fr33.exe

[2009/09/06 08:18:15 | 00,001,649 | ---- | C] () -- C:\Documents and Settings\Fraser\Desktop\HijackThis.lnk

[2009/09/06 08:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/09/06 08:18:01 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Fraser\Desktop\HJTInstall.exe

[2009/09/06 08:04:59 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/06 08:04:56 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/09/06 08:04:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/09/05 12:33:58 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\36029EB5D63F4D5A.exe

[2009/09/05 00:18:48 | 16,006,38976 | -HS- | C] () -- C:\hiberfil.sys

[2009/09/05 00:03:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fraser\Application Data\Malwarebytes

[2009/09/05 00:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/09/05 00:03:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/09/05 00:02:48 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fraser\Desktop\mbam-setup.exe

[2009/09/04 22:27:16 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/09/04 22:26:46 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009/09/04 22:26:46 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/09/04 22:26:46 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009/09/04 22:26:46 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009/09/04 22:26:46 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009/09/04 22:26:42 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2009/09/04 22:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2009/09/04 22:24:50 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/09/04 20:06:49 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/09/04 20:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/09/04 18:59:34 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

[2009/09/04 18:56:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/09/04 18:51:37 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/09/04 18:51:36 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/09/04 18:23:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/09/04 17:01:38 | 00,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009/09/03 18:55:25 | 00,016,141 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Twistys.Heather.Vandeven.Speechless.XXX.WMV-CuMBuCKeTS-[rarbg.com].torrent

[2009/09/03 18:47:04 | 00,014,730 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Big.Wet.Butts_-_Bree.Olsen-[rarbg.com].torrent

[2009/09/03 18:44:29 | 00,010,739 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Bree_Olson_-_Bore_My_Asshole-[rarbg.com].torrent

[2009/09/01 18:31:34 | 00,018,766 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\[www.seedpeer.com]_Ballerina_Babes_Tv.SEEDPEER.torrent

[2009/08/31 23:13:14 | 00,017,591 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\The.Great.Buck.Howard.2008.LiMiTED.BDSCR.XViD-NO.4931704.TPB.torrent

[2009/08/31 22:34:10 | 00,016,687 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Fighting[2009]DvDrip-[Eng]Latino-JcGoku21.5073190.TPB.torrent

[2009/08/30 20:43:10 | 00,014,776 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\The.Private.Life.Of.Suzie.Diamond.XviD-SWE6RUS-[rarbg.com].torrent

[2009/08/30 20:31:49 | 00,010,957 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Milf.MI-Sue_Diamond_(AKA_Diana_Doll)-[rarbg.com].torrent

[2009/08/30 20:23:04 | 00,017,136 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Tamed.Teens.E123.Leona.And.Destiny.XXX.WMV-CuMBuCKeTS-[rarbg.com].torrent

[2009/08/30 20:20:30 | 00,014,657 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Asstraffic_E062_-_Gloria-[rarbg.com].torrent

[2009/08/30 19:09:42 | 00,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

[2009/08/30 19:09:33 | 00,000,000 | ---D | C] -- C:\spoolerlogs

[2009/08/30 19:09:09 | 00,015,711 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\sarah_j_shq.wmv-[rarbg.com].torrent

[2009/08/30 18:30:18 | 00,015,533 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Angel_Dark_from_Anal_Fever-[rarbg.com].torrent

[2009/08/30 18:28:37 | 00,013,059 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Analteenangels_-_Barbamiska-[rarbg.com].torrent

[2009/08/30 18:24:49 | 00,013,238 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Desi_Babe_Anal-[rarbg.com].torrent

[2009/08/30 17:06:30 | 00,020,200 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Extratorrent_com_angel_veil.rar.torrent

[2009/08/30 16:15:59 | 03,741,796 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\AmishPorn.wmv

[2009/08/27 15:44:19 | 00,031,096 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\K-tel_records.4743782.TPB.torrent

[2009/08/27 14:40:36 | 00,008,082 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Roy_Ayers_-_millenium_collection_best_of[www.btmon.com].torrent

[2009/08/27 14:24:20 | 00,027,609 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\SUN_DISCOGRAPHY.torrent

[2009/08/27 14:12:56 | 00,013,395 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Extratorrent_com_Brittney_Skye_-_American_Ass_-_Hot_Blond_Anal.torrent

[2009/08/27 14:09:53 | 00,011,154 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Brittney_Skye_-_Total_Babe_4.avi.torrent

[2009/08/24 01:20:32 | 00,011,609 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\True.Blood.S02E10.HDTV.XviD-NoTV.avi.5067580.TPB.torrent

[2009/08/24 01:16:36 | 00,022,336 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\True.Blood.S02E10.HDTV.XviD-NoTV.avi.5067596.TPB.torrent

[2009/08/23 22:48:44 | 00,022,376 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\True.Blood.S02E09.HDTV.XviD-NoTV.avi.5057215.TPB.torrent

[2009/08/23 03:52:00 | 00,011,074 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Brittney_Skye_&amp

[2009/08/23 03:51:27 | 00,012,196 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Brittney_Skye_-_Collection_1-[rarbg.com].torrent

[2009/08/23 03:39:46 | 00,013,957 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Jodie+Moore+-+Blonde+babysitter+(Excellent).mpg.torrent

[2009/08/23 03:39:28 | 00,055,289 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\[xxx]_Private_-_The_private_life_of_Jodie_Moore_avi.3327883.TPB.torrent

[2009/08/23 03:24:18 | 00,043,042 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Can_He_Score_-_TORI_BLACK-[rarbg.com].torrent

[2009/08/23 03:22:04 | 00,016,203 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\My_Sisters_Hot_Friend_-_Tori_Black-[rarbg.com].torrent

[2009/08/23 00:36:55 | 00,040,826 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18-Haila_Hill-[rarbg.com].torrent

[2009/08/23 00:35:48 | 00,038,241 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18.com.Madison.The.Best.censored.XXX-[rarbg.com].torrent

[2009/08/23 00:32:37 | 00,012,280 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard18.com_-_Deena-[rarbg.com].torrent

[2009/08/23 00:30:27 | 00,014,839 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard18.com_-_Halia-[rarbg.com].torrent

[2009/08/23 00:29:36 | 00,020,090 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard18.com_-_Madison2-[rarbg.com].torrent

[2009/08/23 00:23:46 | 00,015,867 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censoreded_Hard_18_Amia_-_The_“Petite_Bombshell”_censored-[rarbg.com].torrent

[2009/08/23 00:23:08 | 00,017,733 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18_-_Angelica_Heart-[rarbg.com].torrent

[2009/08/23 00:20:59 | 00,029,937 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard_18_-_Amai-[rarbg.com].torrent

[2009/08/23 00:19:29 | 00,035,026 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18_-_Aletta_Ocean-[rarbg.com].torrent

[2009/08/23 00:15:17 | 00,020,391 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Ivana_Fukalot_-_03-11-06-[rarbg.com].torrent

[2009/08/23 00:12:27 | 00,011,476 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Ivana_Fukalot_-_4_bathroom_censored-[rarbg.com].torrent

[2009/08/22 22:42:48 | 00,024,646 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Extratorrent_com_Temptation_-_Cute_Blonde_Teen_does_Anal_-_TryTeens.com.torrent

[2009/08/22 22:36:03 | 00,013,435 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\TryTeens+-+Autumn+(18+yo+brunette,+busty)+-+anal.torrent

[2009/08/22 22:21:24 | 00,010,931 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Monsters_Of_Cock_-_Autumn_rocks_Miami-[rarbg.com].torrent

[2009/08/22 20:38:06 | 00,016,681 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Mutant.Chronicles.2008.DVDRip.XviD-PLUBE.4289209.TPB.torrent

[2009/08/22 20:35:50 | 00,056,499 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Mutant.Chronicles.2008.DVDRip.Corrected.PSK.avi.4286067.TPB.torrent

[2009/08/22 20:28:45 | 00,014,747 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\I_Love_You__Man_[2009]_dvd_rip_nlx.5022539.TPB.torrent

[2009/08/21 15:25:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fraser\Desktop\Forms

[2009/08/21 15:07:14 | 02,118,227 | ---- | C] () -- C:\Documents and Settings\Fraser\Desktop\shanedeal.JPG

[2009/08/20 13:17:18 | 00,634,305 | ---- | C] () -- C:\Documents and Settings\Fraser\Desktop\Forms.zip

[2009/08/20 13:05:38 | 00,053,651 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\ashley3.jpg

[2009/08/20 12:59:01 | 00,078,508 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\thong19.jpg

[2009/08/20 12:56:22 | 00,021,675 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\thursday.jpg

[2009/08/18 20:37:14 | 00,020,437 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\The_Hurt_Locker_DVD_eng_2008_xivid_[switch]-[ExtraTorrent].5028744.TPB.torrent

[2009/08/18 20:34:31 | 00,014,638 | ---- | C] () -- C:\Documents and Settings\Fraser\My Documents\Knowing.5030323.TPB.torrent

[2009/08/15 13:38:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fraser\Desktop\toronto pics

[2009/08/13 03:05:22 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll

[2009/08/12 12:23:58 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/08/12 12:23:48 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll

[2009/02/08 05:34:14 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/02/08 05:34:09 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/02/08 00:37:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/02/08 00:32:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2009/02/08 00:31:57 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2009/02/08 00:31:57 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2009/02/08 00:31:19 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\ANC.sys

[2009/02/08 00:31:19 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS

[2009/02/08 00:15:47 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Welcome.ini

[2009/02/08 00:10:16 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2009/02/08 00:10:16 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\LeeArgon.dll

[2009/02/08 00:10:16 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2009/02/08 00:10:07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2009/02/08 00:09:47 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2009/02/08 00:09:20 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2009/02/08 00:08:35 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sensor.dll

[2009/02/07 23:42:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/02/07 23:27:32 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/03/19 16:12:10 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll

[2004/03/19 16:12:10 | 00,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini

[2004/01/20 18:28:20 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll

[2003/02/19 17:39:14 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[1980/01/01 04:00:00 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

[1980/01/01 04:00:00 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll

[1980/01/01 04:00:00 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll

[1980/01/01 04:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll

[1980/01/01 04:00:00 | 00,000,517 | ---- | C] () -- C:\WINDOWS\win.ini

[1980/01/01 04:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[2 C:\WINDOWS\*.tmp files]

[2009/09/06 11:01:47 | 00,030,720 | ---- | M] () -- C:\WINDOWS\System32\36029EB5D63F4D5A.exe

[2009/09/06 11:00:00 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

[2009/09/06 11:00:00 | 00,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009/09/06 10:59:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fraser\Desktop\ALPHA.exe

[2009/09/06 10:58:00 | 00,000,428 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2009/09/06 10:51:53 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Fraser\Desktop\ATF-Cleaner.exe

[2009/09/06 10:45:44 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Fraser\Desktop\FixPolicies.exe

[2009/09/06 10:41:14 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Fraser\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/09/06 10:41:12 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\Fraser\Desktop\NTREGOPT.lnk

[2009/09/06 10:41:12 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\Fraser\Desktop\ERUNT.lnk

[2009/09/06 09:53:46 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/06 09:53:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/06 09:52:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/06 09:52:36 | 16,006,38976 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/06 09:51:25 | 03,764,608 | -H-- | M] () -- C:\Documents and Settings\Fraser\Local Settings\Application Data\IconCache.db

[2009/09/06 09:48:11 | 00,001,649 | ---- | M] () -- C:\Documents and Settings\Fraser\Desktop\HijackThis.lnk

[2009/09/06 09:47:24 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/06 09:46:22 | 00,136,382 | ---- | M] ( ) -- C:\Documents and Settings\Fraser\Desktop\fr33.exe

[2009/09/06 08:18:12 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Fraser\Desktop\HJTInstall.exe

[2009/09/06 07:57:24 | 00,000,532 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Fraser.job

[2009/09/05 00:02:49 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fraser\Desktop\mbam-setup.exe

[2009/09/04 22:27:16 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/09/04 22:08:29 | 00,138,240 | ---- | M] () -- C:\Documents and Settings\Fraser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/04 20:06:51 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/09/04 18:59:14 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/09/03 18:55:25 | 00,016,141 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Twistys.Heather.Vandeven.Speechless.XXX.WMV-CuMBuCKeTS-[rarbg.com].torrent

[2009/09/03 18:47:04 | 00,014,730 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Big.Wet.Butts_-_Bree.Olsen-[rarbg.com].torrent

[2009/09/03 18:44:31 | 00,010,739 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Bree_Olson_-_Bore_My_Asshole-[rarbg.com].torrent

[2009/09/01 18:31:35 | 00,018,766 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\[www.seedpeer.com]_Ballerina_Babes_Tv.SEEDPEER.torrent

[2009/08/31 23:13:14 | 00,017,591 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\The.Great.Buck.Howard.2008.LiMiTED.BDSCR.XViD-NO.4931704.TPB.torrent

[2009/08/31 22:34:12 | 00,016,687 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Fighting[2009]DvDrip-[Eng]Latino-JcGoku21.5073190.TPB.torrent

[2009/08/30 20:43:10 | 00,014,776 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\The.Private.Life.Of.Suzie.Diamond.XviD-SWE6RUS-[rarbg.com].torrent

[2009/08/30 20:31:49 | 00,010,957 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Milf.MI-Sue_Diamond_(AKA_Diana_Doll)-[rarbg.com].torrent

[2009/08/30 20:23:05 | 00,017,136 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Tamed.Teens.E123.Leona.And.Destiny.XXX.WMV-CuMBuCKeTS-[rarbg.com].torrent

[2009/08/30 20:20:31 | 00,014,657 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Asstraffic_E062_-_Gloria-[rarbg.com].torrent

[2009/08/30 19:09:13 | 00,015,711 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\sarah_j_shq.wmv-[rarbg.com].torrent

[2009/08/30 18:30:18 | 00,015,533 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Angel_Dark_from_Anal_Fever-[rarbg.com].torrent

[2009/08/30 18:28:37 | 00,013,059 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Analteenangels_-_Barbamiska-[rarbg.com].torrent

[2009/08/30 18:24:49 | 00,013,238 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Desi_Babe_Anal-[rarbg.com].torrent

[2009/08/30 17:06:30 | 00,020,200 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Extratorrent_com_angel_veil.rar.torrent

[2009/08/30 16:16:05 | 03,741,796 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\AmishPorn.wmv

[2009/08/27 15:44:19 | 00,031,096 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\K-tel_records.4743782.TPB.torrent

[2009/08/27 14:40:37 | 00,008,082 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Roy_Ayers_-_millenium_collection_best_of[www.btmon.com].torrent

[2009/08/27 14:24:20 | 00,027,609 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\SUN_DISCOGRAPHY.torrent

[2009/08/27 14:12:56 | 00,013,395 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Extratorrent_com_Brittney_Skye_-_American_Ass_-_Hot_Blond_Anal.torrent

[2009/08/27 14:09:54 | 00,011,154 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Brittney_Skye_-_Total_Babe_4.avi.torrent

[2009/08/24 01:20:32 | 00,011,609 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\True.Blood.S02E10.HDTV.XviD-NoTV.avi.5067580.TPB.torrent

[2009/08/24 01:16:36 | 00,022,336 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\True.Blood.S02E10.HDTV.XviD-NoTV.avi.5067596.TPB.torrent

[2009/08/23 22:48:45 | 00,022,376 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\True.Blood.S02E09.HDTV.XviD-NoTV.avi.5057215.TPB.torrent

[2009/08/23 03:52:00 | 00,011,074 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Brittney_Skye_&amp

[2009/08/23 03:51:27 | 00,012,196 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Brittney_Skye_-_Collection_1-[rarbg.com].torrent

[2009/08/23 03:39:46 | 00,013,957 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Jodie+Moore+-+Blonde+babysitter+(Excellent).mpg.torrent

[2009/08/23 03:39:29 | 00,055,289 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\[xxx]_Private_-_The_private_life_of_Jodie_Moore_avi.3327883.TPB.torrent

[2009/08/23 03:24:19 | 00,043,042 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Can_He_Score_-_TORI_BLACK-[rarbg.com].torrent

[2009/08/23 03:22:04 | 00,016,203 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\My_Sisters_Hot_Friend_-_Tori_Black-[rarbg.com].torrent

[2009/08/23 00:36:55 | 00,040,826 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18-Haila_Hill-[rarbg.com].torrent

[2009/08/23 00:35:48 | 00,038,241 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18.com.Madison.The.Best.censored.XXX-[rarbg.com].torrent

[2009/08/23 00:32:37 | 00,012,280 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard18.com_-_Deena-[rarbg.com].torrent

[2009/08/23 00:30:27 | 00,014,839 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard18.com_-_Halia-[rarbg.com].torrent

[2009/08/23 00:29:36 | 00,020,090 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard18.com_-_Madison2-[rarbg.com].torrent

[2009/08/23 00:23:46 | 00,015,867 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censoreded_Hard_18_Amia_-_The_“Petite_Bombshell”_censored-[rarbg.com].torrent

[2009/08/23 00:23:08 | 00,017,733 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18_-_Angelica_Heart-[rarbg.com].torrent

[2009/08/23 00:21:00 | 00,029,937 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededhard_18_-_Amai-[rarbg.com].torrent

[2009/08/23 00:19:30 | 00,035,026 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\censorededHard18_-_Aletta_Ocean-[rarbg.com].torrent

[2009/08/23 00:15:17 | 00,020,391 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Ivana_Fukalot_-_03-11-06-[rarbg.com].torrent

[2009/08/23 00:12:28 | 00,011,476 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Ivana_Fukalot_-_4_bathroom_censored-[rarbg.com].torrent

[2009/08/22 22:42:48 | 00,024,646 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Extratorrent_com_Temptation_-_Cute_Blonde_Teen_does_Anal_-_TryTeens.com.torrent

[2009/08/22 22:36:04 | 00,013,435 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\TryTeens+-+Autumn+(18+yo+brunette,+busty)+-+anal.torrent

[2009/08/22 22:21:24 | 00,010,931 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Monsters_Of_Cock_-_Autumn_rocks_Miami-[rarbg.com].torrent

[2009/08/22 20:38:06 | 00,016,681 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Mutant.Chronicles.2008.DVDRip.XviD-PLUBE.4289209.TPB.torrent

[2009/08/22 20:35:51 | 00,056,499 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Mutant.Chronicles.2008.DVDRip.Corrected.PSK.avi.4286067.TPB.torrent

[2009/08/22 20:28:45 | 00,014,747 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\I_Love_You__Man_[2009]_dvd_rip_nlx.5022539.TPB.torrent

[2009/08/21 15:07:19 | 02,118,227 | ---- | M] () -- C:\Documents and Settings\Fraser\Desktop\shanedeal.JPG

[2009/08/20 13:17:19 | 00,634,305 | ---- | M] () -- C:\Documents and Settings\Fraser\Desktop\Forms.zip

[2009/08/20 13:05:25 | 00,053,651 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\ashley3.jpg

[2009/08/20 12:59:01 | 00,078,508 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\thong19.jpg

[2009/08/20 12:56:22 | 00,021,675 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\thursday.jpg

[2009/08/18 20:37:14 | 00,020,437 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\The_Hurt_Locker_DVD_eng_2008_xivid_[switch]-[ExtraTorrent].5028744.TPB.torrent

[2009/08/18 20:34:31 | 00,014,638 | ---- | M] () -- C:\Documents and Settings\Fraser\My Documents\Knowing.5030323.TPB.torrent

========== LOP Check ==========

[2009/09/05 00:09:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/07/22 14:05:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/02/08 00:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm

[2003/02/19 17:40:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/07/22 14:06:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Fraser\Application Data

[2009/09/04 22:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fraser\Application Data\BitTorrent

[2009/09/06 10:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fraser\Application Data\DNA

[2009/03/23 21:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fraser\Application Data\OpenOffice.org

[2009/09/04 20:06:51 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/02/08 00:09:06 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

[2001/08/18 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/09/06 07:57:24 | 00,000,532 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Fraser.job

[2009/09/06 09:53:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/09/06 10:58:00 | 00,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job

[2009/09/06 11:00:00 | 00,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009/09/06 11:00:00 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 9/6/2009 10:59:56 AM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Fraser\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.46% Memory free

3.35 Gb Paging File | 2.76 Gb Available in Paging File | 82.36% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.16 Gb Total Space | 11.87 Gb Free Space | 35.80% Space Free | Partition Type: NTFS

Drive D: | 74.53 Gb Total Space | 13.62 Gb Free Space | 18.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IBM-AF3F5BC72E6

Current User Name: Fraser

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore

"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility

"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1

"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes

"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update

"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector

"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes

"{AB45BBE5-5F76-4753-8DC5-A0F118DEEDF7}" = IBM 11a/b/g Wireless LAN Mini PCI Adapter Software

"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0

"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support

"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer

"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart

"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon

"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = SymNet

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI

"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features

"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers

"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem

"EasyEject Utility" = IBM ThinkPad EasyEject Utility

"ERUNT_is1" = ERUNT 1.1j

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features

"Power Management Driver" = IBM ThinkPad Power Management Driver

"Presentation Director" = IBM ThinkPad Presentation Director

"PROSet" = Intel® PRO Network Adapters and Drivers

"Shareaza_is1" = Shareaza 2.4.0.0

"SopCast" = SopCast 3.0.3

"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)

"ThinkPad Configuration" = IBM ThinkPad Configuration

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"ThinkPadSoftwareInstaller" = ThinkPad Software Installer

"TrackPoint" = IBM TrackPoint Support

"VLC media player" = VLC media player 0.9.8a

"VobSub" = VobSub v2.23 (Remove Only)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/3/2009 9:41:16 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module unknown, version 0.0.0.0, fault address 0x002f00bd.

Error - 5/4/2009 4:26:40 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module mshtml.dll, version 7.0.6000.16825, fault address 0x0003e1d2.

Error - 5/5/2009 1:20:43 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2009 7:26:29 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module flash10a.ocx, version 10.0.12.36, fault address 0x002c811a.

Error - 5/7/2009 4:53:24 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module unknown, version 0.0.0.0, fault address 0x002f003a.

Error - 5/8/2009 11:13:49 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module flash10a.ocx, version 10.0.12.36, fault address 0x000debe8.

Error - 5/9/2009 7:13:01 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module flash10a.ocx, version 10.0.12.36, fault address 0x002c820c.

Error - 5/12/2009 11:12:50 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module mshtml.dll, version 7.0.6000.16825, fault address 0x0003e1d2.

Error - 5/13/2009 3:06:06 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module flash10a.ocx, version 10.0.12.36, fault address 0x00145033.

Error - 5/14/2009 7:53:14 PM | Computer Name = IBM-AF3F5BC72E6 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting

module mscoree.dll, version 2.0.50727.253, fault address 0x00030292.

[ System Events ]

Error - 9/5/2009 12:12:15 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7001

Description = The SAVScan service depends on the SAVRT service which failed to start

because of the following error: %%31

Error - 9/5/2009 12:12:15 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD ANC avgio avipbb Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL

Smapint

ssmdrv

SYMTDI

Tcpip

TDSMAPI

TPHKDRV

TPPWR

TSMAPIP

Error - 9/5/2009 12:14:34 AM | Computer Name = IBM-AF3F5BC72E6 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/5/2009 12:19:39 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7000

Description = The Lavasoft Ad-Aware Service service failed to start due to the following

error: %%3

Error - 9/5/2009 12:19:49 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

Error - 9/5/2009 12:19:50 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

Error - 9/6/2009 8:07:05 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7034

Description = The IBM Rapid Restore Ultra Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 9/6/2009 9:53:34 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7000

Description = The Lavasoft Ad-Aware Service service failed to start due to the following

error: %%3

Error - 9/6/2009 9:53:45 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

Error - 9/6/2009 9:53:47 AM | Computer Name = IBM-AF3F5BC72E6 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

< End of report >

****the security check thing is taking forever so I don't think it will work...also this is kind of embarassing so laugh it up

Current User Name: Fraser

Logged in as Administrator.

[Maurice Naggar]

<lol> Fraser !

Help me to help you. The log shows 2 antivirus apps. Avira & Norton/Symantec.

Having 2 AV apps leads to serious conflicts.

Was the Symantec a free trial, came with the system, or is your license to it expired? We need to sort that out. Remove Norton Symantec if you do not have a current license.

Please advise.

[fatman]

I have Avira from 2 days ago. Norton came w/ the laptop and the license has expired also. I'm not entirely sure how to remove it from the computer or even if I should. The reason is this laptop comes w/ windowsXP and Norton and all the other IBM crap ...I've done a master reboot before, so I was wondering if I removed something so hardwired in the system if it would potnetially screw up a future master reboot?

<lol> Fraser !

Help me to help you. The log shows 2 antivirus apps. Avira & Norton/Symantec.

Having 2 AV apps leads to serious conflicts.

Was the Symantec a free trial, came with the system, or is your license to it expired? We need to sort that out. Remove Norton Symantec if you do not have a current license.

Please advise.

[fatman]

nevermind, I'm getting rid of it now in control panel remove programs...

(norton antivirus2004)

so after that's done what's next?

[Maurice Naggar]

The system having been without a current up-todate antivirus AND it being shock full of torrent downloads, and with more than one infector, the safest and fastest thing is to pave/wipe/ and do a clean Windows install.

see Malware Removal: When to Flatten and Reinstall

To remove Norton/Symantec, get & use the Norton/Symantec Removal Tool

http://service1.symantec.com/Support/tsgen...005033108162039

Also see & heed 5 steps to help protect your new computer before you go online

Best luck to you.