Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to remove Boot.Tidserv for a computer novice [Closed]


  • This topic is locked This topic is locked

#1
KHiggins

KHiggins

    Member

  • Member
  • PipPip
  • 18 posts
Hi,
Last week I had a S.M.A.R.T. data recovery virus on my computer, most of it seems to have been removed with Norton software, however I still have a boot.tidserv detected, which Norton does not seem to be able to remove. Most of the documents on my desktop ore accessible but when I go into start, only the Norton software is directly available. I unfortunately have not backed up my files for quite some time and am worried that I might loose all my data...any help would be really appreciated.
Thanks in advance
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello KHiggins and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.


  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi KHiggins,

All menus/icons are present in the start menu?

# Step 1 #

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

# Step 2 #


Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi WhiteHat,

Only the items that I have loaded since getting the virus are showing up in the start menu eg Norton

OTL logfile created on: 02/07/2012 21:47:53 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Katie Higgins\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1013.96 Mb Total Physical Memory | 532.95 Mb Available Physical Memory | 52.56% Memory free
2.39 Gb Paging File | 1.90 Gb Available in Paging File | 79.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 0.37 Gb Free Space | 0.50% Space Free | Partition Type: NTFS

Computer Name: KATIEHIGGINS | User Name: Katie Higgins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 22:47:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie Higgins\Desktop\OTL.exe
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
PRC - [2011/09/14 12:54:56 | 000,037,728 | -H-- | M] (Mindjet) -- C:\Program Files\Mindjet\MindManager 10\MmReminderService.exe
PRC - [2010/03/27 12:11:37 | 000,202,256 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/31 18:29:06 | 000,196,608 | RH-- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/25 13:47:12 | 000,356,352 | -H-- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006/08/02 01:38:30 | 000,802,816 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 01:32:44 | 000,696,320 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 01:27:54 | 000,479,232 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/06/29 08:41:22 | 000,184,320 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2006/05/19 20:13:38 | 000,798,720 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/05/16 23:15:10 | 000,071,288 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2006/03/02 23:50:52 | 000,151,552 | -H-- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 12:11:38 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/08/03 14:26:02 | 000,040,960 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/05/12 10:31:38 | 000,118,784 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | -H-- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2001/11/12 13:31:48 | 000,020,480 | -H-- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 12:54:12 | 000,150,856 | -H-- | M] () -- C:\Program Files\Mindjet\MindManager 10\zlib.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | -H-- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 19:14:43 | 001,291,776 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006/08/02 01:26:20 | 000,118,784 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 01:24:54 | 000,348,160 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 14:07:08 | 001,167,360 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/01/04 18:14:36 | 000,049,152 | -H-- | M] () -- C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/23 14:55:38 | 000,118,784 | -H-- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2004/08/10 13:00:00 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 13:00:00 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/20 17:04:00 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\QuestScan\questscan183.exe C:\Program Files\QuestScan\questscan.dll ludiyodum lenopabex -- (QuestScan Service)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2010/01/15 13:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/02/07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/18 00:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2001/11/12 13:31:48 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/23 16:44:25 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/22 15:43:50 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120629.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/06/22 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120702.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/22 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/22 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/22 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120702.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/19 00:03:24 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symtdi.sys -- (SYMTDI)
DRV - [2012/03/29 07:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymEFA.sys -- (SymEFA)
DRV - [2012/03/29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymDS.sys -- (SymDS)
DRV - [2012/03/29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.sys -- (SymIRON)
DRV - [2012/03/29 07:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 07:03:27 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/29 23:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/05/20 17:38:50 | 000,089,856 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/05/20 17:38:50 | 000,073,344 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/05/20 17:38:50 | 000,064,512 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/05/20 17:38:50 | 000,026,624 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/05/20 17:38:44 | 000,011,136 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/05/20 17:38:36 | 000,102,784 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/05/20 16:27:24 | 000,030,576 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/08/05 22:48:42 | 000,054,752 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/08/02 02:27:48 | 000,012,544 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/05/30 16:42:52 | 000,045,696 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 15:13:52 | 004,271,616 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/02 01:46:28 | 000,471,264 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/22 07:56:24 | 001,522,688 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/13 17:08:44 | 001,124,097 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/30 18:12:00 | 000,162,560 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 10:45:16 | 000,007,040 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/10/20 14:03:42 | 000,006,144 | -H-- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 14:47:10 | 000,009,344 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 22:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2000/03/29 17:11:20 | 000,008,096 | -H-- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\windows\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce5cea
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce5cea
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...box_im2_test_v2
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = staff.proxy.ul.ie:80


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Katie Higgins\Desktop\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/27 12:12:40 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/06/23 16:50:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/07/02 20:56:53 | 000,000,000 | ---D | M]

[2012/06/23 19:23:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/06 10:46:55 | 000,000,000 | -H-D | M] (QuestScan) -- C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}

O1 HOSTS File: ([2004/08/10 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [hIxvqiEONcrb.exe] C:\Documents and Settings\All Users\Application Data\hIxvqiEONcrb.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005..\Run: [Picasa Media Detector] C:\Documents and Settings\Katie Higgins\Desktop\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O8 - Extra context menu item: &Search - http://tbedits.telev...EC&n=2011090605 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFE22642-F1FD-4B1B-BEFE-85F0689BFE5B}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1787001158-1526232164-327768440-1005 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 15:00:59 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f6ef2aa-9be6-11de-a2c9-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6ef2aa-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f6ef2aa-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0f6ef2ad-9be6-11de-a2c9-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6ef2ad-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f6ef2ad-9be6-11de-a2c9-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2d3834de-0987-11e1-a686-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3834de-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d3834de-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2d3834e0-0987-11e1-a686-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3834e0-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d3834e0-0987-11e1-a686-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{43b9aa36-fd7f-11df-a536-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{43b9aa36-fd7f-11df-a536-0018de7d0ddd}\Shell\open\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{473424b5-c6c8-11dd-a1b0-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{473424b5-c6c8-11dd-a1b0-0018de7d0ddd}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{504d8cdc-69ae-11df-a412-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{504d8cdc-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{504d8cdc-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{504d8cdf-69ae-11df-a412-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{504d8cdf-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{504d8cdf-69ae-11df-a412-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6f109fe6-5794-11df-a3f0-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{6f109fe6-5794-11df-a3f0-0018de7d0ddd}\Shell\open\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{765bc1e8-400c-11e0-a58c-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{765bc1e8-400c-11e0-a58c-0018de7d0ddd}\Shell\open\command - "" = E:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{77391d5e-0a50-11e1-a687-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{77391d5e-0a50-11e1-a687-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77391d5e-0a50-11e1-a687-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{885d5862-de6e-11de-a322-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{885d5862-de6e-11de-a322-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{885d5862-de6e-11de-a322-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9e1106e8-4095-11df-a3bd-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{9e1106e8-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e1106e8-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9e1106eb-4095-11df-a3bd-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{9e1106eb-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e1106eb-4095-11df-a3bd-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e5477f92-c5a8-11df-a4c0-0018de7d0ddd}\Shell\AutoRun\command - "" = F:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{e5477f92-c5a8-11df-a4c0-0018de7d0ddd}\Shell\open\command - "" = F:\HONEY\MOON\DRG.exe
O33 - MountPoints2\{ea1dd378-77ad-11df-a429-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{ea1dd378-77ad-11df-a429-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea1dd378-77ad-11df-a429-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f4bffb8c-de68-11de-a321-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bffb8c-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bffb8c-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f4bffb8f-de68-11de-a321-0018de7d0ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bffb8f-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bffb8f-de68-11de-a321-0018de7d0ddd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 19:26:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Katie Higgins\My Documents\Dropbox
[2012/06/26 19:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\Application Data\Dropbox
[2012/06/25 22:47:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katie Higgins\Desktop\OTL.exe
[2012/06/23 22:50:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/06/23 22:50:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/06/23 19:24:19 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NBRTWizard
[2012/06/23 19:24:19 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NBRTWizard\0405000.022
[2012/06/23 19:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2012/06/23 19:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/06/23 19:05:19 | 000,829,648 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NBRT-Retail-Downloader.exe
[2012/06/23 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\NPE
[2012/06/23 17:38:44 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NPE.exe
[2012/06/23 17:37:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/23 17:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/06/23 16:44:26 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL
[2012/06/23 16:44:25 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/06/23 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/23 16:42:22 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\symtdi.sys
[2012/06/23 16:42:22 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\symtdiv.sys
[2012/06/23 16:42:21 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\symnets.sys
[2012/06/23 16:42:20 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\SymEFA.sys
[2012/06/23 16:42:19 | 000,574,072 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\srtsp.sys
[2012/06/23 16:42:19 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\SymDS.sys
[2012/06/23 16:42:19 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\srtspx.sys
[2012/06/23 16:42:18 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\Ironx86.sys
[2012/06/23 16:42:17 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1307010.005\ccSetx86.sys
[2012/06/23 16:41:17 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2012/06/23 16:41:17 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1307010.005
[2012/06/23 16:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/06/23 16:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/06/23 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/06/23 16:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/06/23 16:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/06/23 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/06/23 16:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\Start Menu\Programs\Norton
[2012/06/23 16:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/06/23 16:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/06/23 14:48:44 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/06/23 14:35:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Katie Higgins\Recent
[2012/06/23 14:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie Higgins\My Documents\Symantec
[2012/06/23 12:54:25 | 000,000,000 | -HSD | C] -- C:\windows\CSC
[2012/06/13 08:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Katie Higgins\My Documents\Nicola
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/02 21:23:26 | 000,000,256 | -H-- | M] () -- C:\windows\tasks\Epson Printer Software Downloader.job
[2012/07/02 20:54:25 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1787001158-1526232164-327768440-1005.job
[2012/07/02 20:54:17 | 000,001,158 | -H-- | M] () -- C:\windows\System32\wpa.dbl
[2012/07/02 20:54:15 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/25 22:47:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie Higgins\Desktop\OTL.exe
[2012/06/23 19:50:26 | 000,008,942 | ---- | M] () -- C:\windows\System32\drivers\NIS\1307010.005\VT20120410.034
[2012/06/23 19:28:28 | 001,095,523 | ---- | M] () -- C:\windows\System32\drivers\NIS\1307010.005\Cat.DB
[2012/06/23 19:27:10 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/06/23 19:06:01 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Katie Higgins\Desktop\Norton Installation Files.lnk
[2012/06/23 19:05:22 | 000,829,648 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NBRT-Retail-Downloader.exe
[2012/06/23 18:00:04 | 000,000,302 | -H-- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1787001158-1526232164-327768440-1005.job
[2012/06/23 17:38:45 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Katie Higgins\Desktop\NPE.exe
[2012/06/23 17:15:02 | 000,000,129 | ---- | M] () -- C:\windows\System32\MRT.INI
[2012/06/23 16:44:25 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/06/23 16:44:25 | 000,007,468 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/06/23 16:44:25 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/06/23 16:44:24 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL
[2012/06/23 16:43:43 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/06/18 21:48:21 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\fyUg1n1mhcmKGF
[2012/06/18 21:48:15 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGFr
[2012/06/18 21:48:15 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGF
[2012/06/12 22:45:44 | 000,444,758 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/12 22:45:44 | 000,072,634 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/06 22:38:36 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 19:51:10 | 000,008,942 | ---- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\VT20120410.034
[2012/06/23 19:27:10 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/06/23 19:24:19 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NBRTWizard\0405000.022\isolate.ini
[2012/06/23 17:15:02 | 000,000,129 | ---- | C] () -- C:\windows\System32\MRT.INI
[2012/06/23 16:44:35 | 001,095,523 | ---- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\Cat.DB
[2012/06/23 16:44:26 | 000,007,468 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/06/23 16:44:25 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/06/23 16:43:43 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/06/23 16:41:29 | 000,003,434 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymEFA.inf
[2012/06/23 16:41:29 | 000,002,852 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymDS.inf
[2012/06/23 16:41:29 | 000,001,469 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymNetV.inf
[2012/06/23 16:41:29 | 000,001,441 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymNet.inf
[2012/06/23 16:41:29 | 000,001,388 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtspx.inf
[2012/06/23 16:41:28 | 000,001,388 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtsp.inf
[2012/06/23 16:41:28 | 000,000,827 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\ccSetx86.inf
[2012/06/23 16:41:28 | 000,000,742 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\Iron.inf
[2012/06/23 16:41:24 | 000,004,782 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymVTcer.dat
[2012/06/23 16:41:19 | 000,007,877 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\symnetv.cat
[2012/06/23 16:41:19 | 000,007,458 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymNet.cat
[2012/06/23 16:41:18 | 000,007,492 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymDS.cat
[2012/06/23 16:41:18 | 000,007,456 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\SymEFA.cat
[2012/06/23 16:41:18 | 000,007,454 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtspx.cat
[2012/06/23 16:41:18 | 000,007,450 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\srtsp.cat
[2012/06/23 16:41:18 | 000,007,450 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\iron.cat
[2012/06/23 16:41:17 | 000,007,468 | R--- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\ccsetx86.cat
[2012/06/23 16:41:17 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1307010.005\isolate.ini
[2012/06/23 16:28:13 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Katie Higgins\Desktop\Norton Installation Files.lnk
[2012/06/23 15:06:15 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Katie Higgins\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2012/06/18 21:48:15 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGFr
[2012/06/18 21:48:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-fyUg1n1mhcmKGF
[2012/06/18 21:48:09 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\fyUg1n1mhcmKGF
[2011/09/06 10:44:31 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\4170748d032383168d51801edfb0776a_c
[2011/09/06 10:35:41 | 000,161,736 | -H-- | C] () -- C:\Program Files\64res.dll
[2011/01/26 02:26:39 | 000,375,104 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/10 20:21:12 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/07/19 22:36:49 | 000,000,000 | -H-- | C] () -- C:\windows\EEventManager.INI
[2010/07/18 21:18:14 | 000,111,932 | -H-- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2010/07/18 21:18:14 | 000,031,053 | -H-- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2010/07/18 21:18:14 | 000,027,417 | -H-- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2010/07/18 21:18:14 | 000,026,154 | -H-- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2010/07/18 21:18:14 | 000,024,903 | -H-- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2010/07/18 21:18:14 | 000,021,390 | -H-- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2010/07/18 21:18:14 | 000,020,148 | -H-- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2010/07/18 21:18:14 | 000,011,811 | -H-- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2010/07/18 21:18:14 | 000,004,943 | -H-- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2010/07/18 21:18:14 | 000,001,146 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2010/07/18 21:18:14 | 000,001,139 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2010/07/18 21:18:14 | 000,001,139 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2010/07/18 21:18:14 | 000,001,136 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2010/07/18 21:18:14 | 000,001,129 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2010/07/18 21:18:14 | 000,001,129 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2010/07/18 21:18:14 | 000,001,120 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2010/07/18 21:18:14 | 000,001,107 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2010/07/18 21:18:14 | 000,001,104 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2010/07/18 21:18:14 | 000,000,097 | -H-- | C] () -- C:\windows\System32\PICSDK.ini
[2008/10/04 19:34:54 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Katie Higgins\Application Data\wklnhst.dat
[2007/04/15 15:57:15 | 000,062,976 | -H-- | C] () -- C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/25 16:02:10 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Katie Higgins\Local Settings\Application Data\fusioncache.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: HTS541080G9SA00
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 75.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 80023749120
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2006/09/13 15:00:59 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2006/09/13 15:00:59 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2007/04/12 14:21:50 | 000,753,664 | -HS- | M] () -- C:\ehthumbs.db
[2006/09/13 15:00:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/09/13 15:00:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/07/02 20:54:06 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/05/02 10:45:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/02 19:50:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/04 19:35:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/05 11:30:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/05 18:38:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/05 19:34:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/31 10:02:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/31 10:43:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/06/01 20:19:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/06/01 21:06:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/15 22:45:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/18 17:56:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/20 17:54:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/06/21 17:59:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/06/21 21:59:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/07/06 19:32:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/08/24 17:52:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/25 21:00:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/26 15:48:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/26 16:21:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/05/02 10:45:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/02 19:50:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/04 19:35:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/05 11:30:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/05 18:38:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/05 19:34:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/31 10:02:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/31 10:43:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/06/01 20:19:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/01 21:06:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/06/15 22:45:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/18 17:56:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/06/20 17:54:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/06/21 17:59:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/21 21:59:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/07/06 19:32:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2006/09/21 01:13:44 | 000,000,335 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/06/23 16:44:25 | 000,007,468 | ---- | M] () -- C:\windows\system32\drivers\SYMEVENT.CAT
[2012/06/23 16:44:25 | 000,000,806 | ---- | M] () -- C:\windows\system32\drivers\SYMEVENT.INF
[2012/06/23 16:44:25 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\windows\system32\drivers\SYMEVENT.SYS

< %PROGRAMFILES%\*.* >
[2011/09/06 10:29:33 | 000,161,736 | -H-- | M] () -- C:\Program Files\64res.dll

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 13:39:27 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 13:39:27 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 13:39:27 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/04/16 12:43:25 | 000,634,656 | -H-- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 13:39:27 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 13:39:27 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 13:39:27 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/04/16 12:43:25 | 000,634,656 | -H-- | M] (Microsoft Corporation)

< End of report >
  • 0

#5
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL Extras logfile created on: 02/07/2012 21:47:53 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Katie Higgins\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1013.96 Mb Total Physical Memory | 532.95 Mb Available Physical Memory | 52.56% Memory free
2.39 Gb Paging File | 1.90 Gb Available in Paging File | 79.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 0.37 Gb Free Space | 0.50% Space Free | Partition Type: NTFS

Computer Name: KATIEHIGGINS | User Name: Katie Higgins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1787001158-1526232164-327768440-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:BorgListener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Documents and Settings\Katie Higgins\Desktop\eMule0.48a\eMule0.48a\emule.exe" = C:\Documents and Settings\Katie Higgins\Desktop\eMule0.48a\eMule0.48a\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\Program Files\SPSSInc\PASWStatistics17\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics17\paswstat.exe:*:Disabled:Statistics17:exe
"C:\Program Files\SPSSInc\PASWStatistics17\statistics.exe" = C:\Program Files\SPSSInc\PASWStatistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe
"C:\Program Files\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor
"C:\Program Files\SPSSInc\PASWStatistics17\statistics.com" = C:\Program Files\SPSSInc\PASWStatistics17\statistics.com:*:Disabled:Statistics17:deprecated com
"C:\Program Files\SPSSInc\PASWStatistics17\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics17\paswstat.com:*:Disabled:Statistics17:com
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Katie Higgins\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Katie Higgins\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4E973CA9-5674-4FB4-8D83-3D8C5EB44AB3}" = Mindjet MindManager 2012
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"EPSON Printer and Utilities" = EPSON Printer Software
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"msdcs" = case study cd-rom
"MWASPI" = MicroStaff WINASPI
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF-XChange 3_is1" = PDF-XChange 3
"PhotoMail" = PhotoMail Maker
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Universal Media Player" = Universal Media Player
"VLC media player" = VLC media player 0.9.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"X10Hardware" = X10 Hardware™

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/06/2012 12:47:00 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 23/06/2012 13:04:48 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 23/06/2012 13:05:37 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 23/06/2012 18:04:39 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 25/06/2012 16:52:29 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 26/06/2012 13:14:05 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 26/06/2012 13:14:32 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 26/06/2012 14:55:22 | Computer Name = KATIEHIGGINS | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 02/07/2012 15:54:27 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 02/07/2012 15:54:57 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

[ Application Events ]
Error - 23/06/2012 12:47:00 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 23/06/2012 13:04:48 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 23/06/2012 13:05:37 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 23/06/2012 18:04:39 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 25/06/2012 16:52:29 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 26/06/2012 13:14:05 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 26/06/2012 13:14:32 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 26/06/2012 14:55:22 | Computer Name = KATIEHIGGINS | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 02/07/2012 15:54:27 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 02/07/2012 15:54:57 | Computer Name = KATIEHIGGINS | Source = Media Center Scheduler | ID = 0
Description =

[ System Events ]
Error - 23/06/2012 10:14:31 | Computer Name = KATIEHIGGINS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/06/2012 10:16:21 | Computer Name = KATIEHIGGINS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/06/2012 12:37:24 | Computer Name = KATIEHIGGINS | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 25/06/2012 16:53:23 | Computer Name = KATIEHIGGINS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 25/06/2012 16:54:08 | Computer Name = KATIEHIGGINS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AFE22642-F1FD-4B1B-BEF.
The
master browser is stopping or an election is being forced.

Error - 25/06/2012 17:25:26 | Computer Name = KATIEHIGGINS | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.2. The machine with the IP address 192.168.1.6 did not
allow the name to be claimed by this machine.

Error - 26/06/2012 14:15:29 | Computer Name = KATIEHIGGINS | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 26/06/2012 15:06:54 | Computer Name = KATIEHIGGINS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AFE22642-F1FD-4B1B-BEF.
The
master browser is stopping or an election is being forced.

Error - 26/06/2012 17:35:21 | Computer Name = KATIEHIGGINS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AFE22642-F1FD-4B1B-BEF.
The
master browser is stopping or an election is being forced.

Error - 02/07/2012 15:56:40 | Computer Name = KATIEHIGGINS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#6
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 22:16:43
-----------------------------
22:16:43.799 OS Version: Windows 5.1.2600 Service Pack 2
22:16:43.799 Number of processors: 1 586 0xE08
22:16:43.799 ComputerName: KATIEHIGGINS UserName:
22:16:50.424 Initialize success
22:17:06.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:17:06.252 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
22:17:06.268 Disk 0 MBR read successfully
22:17:06.284 Disk 0 MBR scan
22:17:06.284 Disk 0 Windows XP default MBR code
22:17:06.284 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
22:17:06.315 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
22:17:06.315 Disk 0 Partition 2 **SUSPICIOUS**
22:17:06.331 Disk 0 scanning sectors +156301472
22:17:06.643 Disk 0 scanning C:\windows\system32\drivers
22:17:15.549 Service scanning
22:17:46.643 Modules scanning
22:18:39.502 Disk 0 trace - called modules:
22:18:39.534 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:18:39.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87256ab8]
22:18:39.565 3 CLASSPNP.SYS[f771f05b] -> nt!IofCallDriver -> \Device\0000008a[0x87320f18]
22:18:39.581 5 ACPI.sys[f7675620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x872f7030]
22:18:39.581 Scan finished successfully
22:18:59.096 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat"
22:18:59.127 The log file has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.txt"


Thanks
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

  • Click Start, click All programs and Accessories
  • Right click Command Prompt and select Run as Administrator or press the Windows + R to open run and type CMD.exe > [ENTER]
  • Type:
    C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.exe -ap 1
  • Press [ENTER]
  • Type "Exit" (Without the quotes) and restart your computer
  • Run aswMBR again and post the log

  • 0

#8
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi, Unfortunately I can't access anything from my start button at the moment, I tried changing the settings to administrator through task manager but not sure if it worked...I've run aswMBR again...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 21:49:30
-----------------------------
21:49:30.796 OS Version: Windows 5.1.2600 Service Pack 2
21:49:30.796 Number of processors: 1 586 0xE08
21:49:30.796 ComputerName: KATIEHIGGINS UserName:
21:49:32.015 Initialize success
21:49:44.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:49:44.468 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
21:49:44.500 Disk 0 MBR read successfully
21:49:44.515 Disk 0 MBR scan
21:49:44.515 Disk 0 Windows XP default MBR code
21:49:44.515 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
21:49:44.546 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
21:49:44.546 Disk 0 Partition 2 **SUSPICIOUS**
21:49:44.562 Disk 0 scanning sectors +156301472
21:49:44.765 Disk 0 scanning C:\windows\system32\drivers
21:49:55.218 Service scanning
21:50:27.062 Modules scanning
21:50:55.500 Disk 0 trace - called modules:
21:50:55.546 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:50:55.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87256ab8]
21:50:55.671 3 CLASSPNP.SYS[f771f05b] -> nt!IofCallDriver -> \Device\0000008a[0x87320f18]
21:50:55.687 5 ACPI.sys[f7675620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x872f7030]
21:50:55.687 Scan finished successfully
21:51:06.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat"
21:51:07.000 The log file has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.txt2.txt"
  • 0

#9
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
When I went into run new task and type in C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.exe -ap 1 a dialogue box with "Warning! Activating the wrong partition could make your system unbootable. Are you sure you want to make partition numer [1] active?" I just exited because I wasn't sure if I should click ok...
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
You should click Ok.

Your computer have a malicious partition and to delete this partition we need to set the Windows XP partition as the active.

21:49:44.515 Disk 0 Windows XP default MBR code
21:49:44.515 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
21:49:44.546 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
21:49:44.546 Disk 0 Partition 2 **SUSPICIOUS**

This partition is set as active and the command -ap 1 will set the windows XP partition as the active.
  • 0

Advertisements


#11
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
New log...

Edited by KHiggins, 11 July 2012 - 02:28 PM.

  • 0

#12
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 21:23:10
-----------------------------
21:23:10.703 OS Version: Windows 5.1.2600 Service Pack 2
21:23:10.703 Number of processors: 1 586 0xE08
21:23:10.703 ComputerName: KATIEHIGGINS UserName:
21:23:12.750 Initialize success
21:23:20.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:23:20.093 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
21:23:20.125 Disk 0 MBR read successfully
21:23:20.125 Disk 0 MBR scan
21:23:20.125 Disk 0 Windows XP default MBR code
21:23:20.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
21:23:20.156 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
21:23:20.156 Disk 0 scanning sectors +156301472
21:23:20.437 Disk 0 scanning C:\windows\system32\drivers
21:23:30.015 Service scanning
21:24:05.953 Modules scanning
21:24:25.359 Disk 0 trace - called modules:
21:24:25.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:24:25.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872b3ab8]
21:24:25.406 3 CLASSPNP.SYS[f771f05b] -> nt!IofCallDriver -> \Device\0000008a[0x8731e030]
21:24:25.421 5 ACPI.sys[f7675620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8734f030]
21:24:25.437 Scan finished successfully
21:28:54.244 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat"
21:28:54.291 The log file has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\aswMBR2.txt"
  • 0

#13
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Go go Start > Run and type "compmgmt.msc" > [ENTER]

Under the Storage, select the option Disk management.

Posted Image

Right click under the partition with 2 MB and select Delect partition or Delete Logical Drive.

Posted Image

Click 'Yes' when prompted.

Next, run aswMBR.exe again and post the log generated.
  • 0

#14
KHiggins

KHiggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 22:16:43
-----------------------------
22:16:43.799 OS Version: Windows 5.1.2600 Service Pack 2
22:16:43.799 Number of processors: 1 586 0xE08
22:16:43.799 ComputerName: KATIEHIGGINS UserName:
22:16:50.424 Initialize success
22:17:06.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:17:06.252 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
22:17:06.268 Disk 0 MBR read successfully
22:17:06.284 Disk 0 MBR scan
22:17:06.284 Disk 0 Windows XP default MBR code
22:17:06.284 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
22:17:06.315 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
22:17:06.315 Disk 0 Partition 2 **SUSPICIOUS**
22:17:06.331 Disk 0 scanning sectors +156301472
22:17:06.643 Disk 0 scanning C:\windows\system32\drivers
22:17:15.549 Service scanning
22:17:46.643 Modules scanning
22:18:39.502 Disk 0 trace - called modules:
22:18:39.534 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:18:39.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87256ab8]
22:18:39.565 3 CLASSPNP.SYS[f771f05b] -> nt!IofCallDriver -> \Device\0000008a[0x87320f18]
22:18:39.581 5 ACPI.sys[f7675620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x872f7030]
22:18:39.581 Scan finished successfully
22:18:59.096 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat"
22:18:59.127 The log file has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 22:33:29
-----------------------------
22:33:29.203 OS Version: Windows 5.1.2600 Service Pack 2
22:33:29.203 Number of processors: 1 586 0xE08
22:33:29.203 ComputerName: KATIEHIGGINS UserName:
22:33:31.031 Initialize success
22:33:35.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:33:35.875 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
22:33:35.906 Disk 0 MBR read successfully
22:33:35.906 Disk 0 MBR scan
22:33:35.906 Disk 0 Windows XP default MBR code
22:33:35.922 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
22:33:35.922 Disk 0 scanning sectors +156296385
22:33:36.078 Disk 0 scanning C:\windows\system32\drivers
22:33:47.750 Service scanning
22:34:16.547 Modules scanning
22:34:34.781 Disk 0 trace - called modules:
22:34:34.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:34:34.844 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87284ab8]
22:34:34.844 3 CLASSPNP.SYS[f771f05b] -> nt!IofCallDriver -> \Device\0000008a[0x8735cf18]
22:34:34.860 5 ACPI.sys[f7675620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8731e030]
22:34:34.891 Scan finished successfully
22:35:06.985 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\MBR.dat"
22:35:07.031 The log file has been saved successfully to "C:\Documents and Settings\Katie Higgins\Desktop\aswMBR.txt"
  • 0

#15
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

The malicious partition was deleted successfully. How is your computer?

# Step 1 #
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

# Step 2 #
Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP