Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have rootkit, how do I remove? PLEASE HELP


  • Please log in to reply

#1
blaineholloway

blaineholloway

    Member

  • Member
  • PipPip
  • 25 posts
Hello, I was just doing my normal browsing earlier on sites I've always gone on and then my User Access Control notified me that it was turned off. I tried turning it back on but it remains off as soon as I attempt to turn it back on. My Norton says that it has blocked a rootkit and all of my settings (like internet passwords and usernames) have been erased. When I try to log into MSN messenger, my email address is gone and even when I type it in again, it doesn't allow me.

Any ideas how to remove this rootkit thing? it just comes back even when Norton says it has been blocked. It was called something like brgvp.sys when Norton said it was blocked.

I still feel it is here because I cannot turn on my UAC yet..

please help

I have also noticed that when I attempt to go on sites that will help me the Internet Explorer does not allow me to go onto it. It gives this message "IE is unable to dispay the webpage". I have Google Chrome, shall I use that? IE seems easy to get rootkits and malware..

any help please is appreciated.

Ok, just tried to open Google Chrome, and it said I do not have the relevant permission to open it. This is really frustrating me now. I am the admin of the laptop and I cannot do anything because a rootkit keeps turning my UAC off.

I am worrying

It also will not allow me to download things now. You know just before things get downloaded on Vista it says "running security scan" then it is completed, well, I download things and it gets to 1% and it stops because I guess I need control from UAC to be able to do that.

I am going mental here. This has just made my laptop unuseable :(

I will pay for some help. Just please help.

Edited by blaineholloway, 27 July 2012 - 12:13 PM.

  • 0

Advertisements


#2
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
-

Edited by blaineholloway, 27 July 2012 - 11:51 AM.

  • 0

#3
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
-

Edited by blaineholloway, 27 July 2012 - 11:50 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
You might have better luck in Safe Mode with Networking
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Also check that you are not using a proxy:
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.


You may have a DNS hijack. Try changing your DNS server to 8.8.8.8 and 4.2.2.1
http://windows.micro...tcp-ip-settings



Can you get an OTL log? You may have to have a friend download it and put it on a CD or USB drive.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#5
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
It won't let me open the page you posted below the DNS hijack..

I will get back to you about the OTL log. Will go to the Internet cafe tomorrow and download it.

EDIT: I am in Safe Mode now. Everything is exactly the same with before, and as Windows has prompted me with, the cause could be default settings and/or device drivers, is that correct?

Edited by blaineholloway, 27 July 2012 - 06:33 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
The link works if you click on it but the forum shortens the text so you don't see all of it. This is the full path:

http://windows.microsoft.com/en-us/windows7/change-tcp-ip-settings

and for OTL it is:
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

Some program or driver or service is causing the problem. If you can run OTL we can make some progress. IF not try Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

msconfig

Then Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Cancel the msconfig when it comes up. IF it works now then something you have turned off was the culprit. Go back into msconfig and check maybe half of what you unchecked, Apply and reboot and see if the problem comes back. It's a bit slow but eventually you can narrow it down to a few entries.
  • 0

#7
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi,

I copied the web address in full and it still doesn't allow me to see the site. I did 'msconfig' and unchecked everything, I rebooted and everything appears the same, as in I opened IE and tried those links and still not allowed to see the page, MSN messenger doesn't work, and the user access control remains off. Everytime I reboot, when I log back in to my user account, Norton gives a message to me saying that the 'hacktool.rootkit has been blocked'. But it clearly hasn't been. I click for more details and it says this is the thing that is causing the problem: brsvxlep.sys

I will go to the Internet Cafe soon and download the OTL and other programs to my USB and try it that way. I really appreciate your help, as you can see I am a novice when it comes to computers.
  • 0

#8
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here are the logs you requested:

Extras.Txt

OTL Extras logfile created on: 28/07/2012 11:45:38 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Blaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.39% Memory free
3.98 Gb Paging File | 3.03 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 6.59 Gb Free Space | 8.87% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.59 Gb Free Space | 96.35% Space Free | Partition Type: FAT32
Drive E: | 73.21 Gb Total Space | 22.50 Gb Free Space | 30.73% Space Free | Partition Type: NTFS

Computer Name: BLAINE-PC | User Name: Blaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C43870A-E094-4AFA-93F4-565A9C55BD90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3371B3BE-4F53-40E0-9CA6-49EAAA3C4EF0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3ED58E31-38A9-485B-96CE-23195FB341CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4087031E-E250-4F26-B279-D15CE9FA9A28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B031144-5C1C-4043-A353-7578383DA5DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A08350F3-C7B9-4541-9E35-2F2DD8D9752D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F38EC275-C75F-4F03-8523-B0ED4CDBFD45}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D81EA22-A38F-48A4-B96B-C916438888B2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1E13594B-1277-4C53-8092-0BDC19023C48}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{33F50703-3634-4F42-BC9C-DD22DB202647}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{418D15BB-9094-4045-B4F3-7089DC5904D4}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderservice.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5061C825-EE73-4799-8339-1A653FAB1B3B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5A5AFA51-381B-4A4C-9174-46DFE9B99173}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{6915EDA0-4289-4A64-8888-1A305D7F482D}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderliveud.exe |
"{69D2EE6F-31C1-46F4-BAE8-852D676AD0C0}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{6E3D529F-71CB-400C-A5FB-E8CE14BEDE3D}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{7DF447F1-DF9B-4640-BA78-46F79D3D4AEE}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\xlbugreport.exe |
"{825A7100-C9EB-4186-AC2B-B1959FDD95ED}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderliveud.exe |
"{A03AE41B-B68F-405E-945A-21DA4FBD9E25}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C4E69FA8-8CDB-42B9-A8B3-7027959E2D20}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\xlbugreport.exe |
"{DAEB9E02-5F2E-468C-9382-CB34081F42CD}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderservice.exe |
"{DB36F4A5-E1D5-4794-B64A-9478611AAA81}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{FB5136F3-C621-46EC-A917-B9CB2E00DED8}" = protocol=6 | dir=out | app=system |
"TCP Query User{4EF681EC-3EA1-4489-8911-8220CAEF36E8}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{5BEB0CA3-F57D-4C8D-8CED-2E4FBA6700AD}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Email Configuration Tool
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21115EF-2B96-44F2-83CB-6347E017AC5F}" = FileOpen Client
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.1
"Yahoo! Applications" = BT Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
"迅雷看看播放器" = 迅雷看看播放器

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/12/2010 13:27:05 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/12/2010 14:21:18 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/12/2010 06:27:13 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/12/2010 15:43:34 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/12/2010 08:46:33 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/12/2010 12:51:04 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2010 07:20:27 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2010 09:42:54 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2010 13:52:44 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2010 07:06:19 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 27/07/2012 12:55:13 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 27/07/2012 14:03:59 | Computer Name = Blaine-PC | Source = DCOM | ID = 10000
Description =

Error - 27/07/2012 20:28:01 | Computer Name = Blaine-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 27/07/2012 20:28:03 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =

Error - 27/07/2012 20:28:11 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =

Error - 27/07/2012 20:28:13 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =

Error - 27/07/2012 20:28:18 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =

Error - 27/07/2012 20:28:54 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/07/2012 20:28:54 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 28/07/2012 04:10:29 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

OTL.Txt

OTL logfile created on: 28/07/2012 11:45:37 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Blaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.39% Memory free
3.98 Gb Paging File | 3.03 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 6.59 Gb Free Space | 8.87% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.59 Gb Free Space | 96.35% Space Free | Partition Type: FAT32
Drive E: | 73.21 Gb Total Space | 22.50 Gb Free Space | 30.73% Space Free | Partition Type: NTFS

Computer Name: BLAINE-PC | User Name: Blaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 10:31:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccsvchst.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 04:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/26 23:28:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2009/02/27 16:20:10 | 000,262,144 | ---- | M] () [Disabled | Stopped] -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER\release\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2008/08/07 17:54:29 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/06/19 01:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 07:16:39 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 07:16:39 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 08:19:25 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120727.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 08:19:25 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120727.033\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/18 10:26:13 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 07:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 07:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
DRV - [2012/01/17 23:46:01 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012/01/17 23:45:57 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2012/01/17 23:45:55 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2012/01/17 23:35:24 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/29 23:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/06 18:04:36 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/20 18:51:14 | 010,446,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKLM\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" = http://www.google.co...g}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3078318
IE - HKLM\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKCU\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/18 10:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/07/28 11:38:01 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://start.iplay.com/?o=shp
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://start.iplay.c...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.iplay.com/?o=shp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [TdrOxoid] C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABA7D1C-2245-478F-AC0D-26A25DC02473}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe) - C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
O24 - Desktop WallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{361e2aa7-9caa-11df-9603-001e3391517e}\Shell - "" = AutoRun
O33 - MountPoints2\{361e2aa7-9caa-11df-9603-001e3391517e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
MsConfig - StartUpReg: cfFncEnabler.exe - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: FileOpenBroker - hkey= - key= - C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HSON - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NDSTray.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg: snp2std - hkey= - key= - C:\Windows\vsnp2std.exe (Sonix)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TdrOxoid - hkey= - key= - C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: Toshiba TEMPO - hkey= - key= - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 11:44:13 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
[2012/07/28 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{403CABCB-E0F2-426D-96D8-B1B3F3831002}
[2012/07/28 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7D39817E-8327-4896-9A6E-13ED48CEFEB3}
[2012/07/28 01:29:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{32D5344F-5F51-4B65-89CD-F5807556BE2A}
[2012/07/27 19:15:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/27 11:20:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{51478703-3743-475E-9959-9B2F66B377E2}
[2012/07/27 11:20:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AE50A433-B0F6-44AE-8D1D-79EAD088DC3A}
[2012/07/26 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0DF2DAF9-5048-40EB-A197-FCDF2FE9C1F2}
[2012/07/26 23:19:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C47D8431-6F46-4459-ADC7-38DEE630BB64}
[2012/07/26 11:19:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{721E4EEF-A17B-4FD9-8848-A5E8DB9A5869}
[2012/07/26 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2437EA5F-6CB0-428E-B284-4ABB6600D7D2}
[2012/07/25 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F131194-C97B-4F9D-8AFD-AC49EAA91E41}
[2012/07/25 23:18:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5B0388A6-8CFB-409E-8B89-7218A455805A}
[2012/07/25 11:14:39 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EFAB5FAB-8F09-40A7-94A2-76BFC83FE368}
[2012/07/25 11:14:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{76BF1D83-0F0C-4507-A504-7B9116829DF4}
[2012/07/24 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A3D14C27-DE79-4131-9ACF-78B854D286F8}
[2012/07/24 23:13:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{930481DC-1BCB-4D5E-B904-E28B2D9C83B7}
[2012/07/24 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DA2E512A-6DC0-4C26-AAD8-50B15793486C}
[2012/07/24 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CE1A6B5E-A837-47E3-83EF-1DFEF5234E84}
[2012/07/23 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{21322686-A50C-47A0-99E9-D5C15AEFD913}
[2012/07/23 23:12:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CF7039B7-7E6A-44D2-87EA-2344C65F2918}
[2012/07/23 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2D26B34A-4FC3-4B00-90B3-E0C96C1D529B}
[2012/07/23 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0B90317-4A5C-42E3-AA64-61AFFBAE4527}
[2012/07/22 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{684D01E0-E71D-4542-8ACC-FB2797CEEE8C}
[2012/07/22 22:09:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F9F48ED-9C0B-445A-BC4E-3D46CEB9F523}
[2012/07/22 10:09:31 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2FE2B905-9B3A-45A1-84FA-D984A88A7881}
[2012/07/22 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{08BF2E8F-4B52-490C-B86F-595BA5EDA889}
[2012/07/21 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{38CE05A8-1433-4CD0-AD61-689F2787CEDF}
[2012/07/21 16:59:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{28BC298F-851A-4E3E-A4BE-5C8190BB3456}
[2012/07/20 23:18:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{47C95673-AB3F-416D-9B23-722845FD8D76}
[2012/07/20 23:18:10 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{40BAFCD4-EAF6-4FDE-8161-EFAF1A3C38DF}
[2012/07/20 10:45:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{56BC0AB0-68FE-468E-AB7A-4094B0D65A0C}
[2012/07/20 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{13DF71D6-A8E7-41C0-82EC-95AEEE52D71E}
[2012/07/19 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{68548B9F-17B8-443E-BDA3-A762C1875A45}
[2012/07/19 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8D6C7403-5948-441C-9311-3114F8293E80}
[2012/07/19 10:44:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3E4924C-ADCF-4651-B813-D0A903CFF077}
[2012/07/19 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0C459B2-60F0-4FCF-BAFF-788AAFDCEB4E}
[2012/07/18 22:43:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{72BF9D41-9949-4AD8-BC4B-805CC0C4F832}
[2012/07/18 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81F98A7C-41CA-423F-94FA-B60AFA27B2AB}
[2012/07/18 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2012/07/18 10:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A22A02B3-98BF-443F-8254-3CC5C4559353}
[2012/07/18 10:11:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ED056EE7-B600-466D-99D7-9C9BD31AA555}
[2012/07/17 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7642C882-603F-4510-AEBF-426C0B136452}
[2012/07/17 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EAC6A4E6-6917-4680-8BFA-10839EB0AC46}
[2012/07/17 09:26:33 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C8CA0D4-49AC-4BFD-A7A8-617DE65566FC}
[2012/07/17 09:26:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{259F1395-1FBE-4F5C-85C7-F022180A45F7}
[2012/07/16 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6134F63C-BE42-40D0-AC1A-3BC530A66FB1}
[2012/07/16 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9F66C947-6006-4C52-B20C-38BF933C0D40}
[2012/07/16 09:25:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8569DF4C-6F4F-47C9-9460-FCCDE5298EDE}
[2012/07/16 09:25:06 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{80861E90-5528-43FC-8AFB-86C05FAAAFCF}
[2012/07/15 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{35448B10-DBC9-45CA-BE44-F6DE2DB769F3}
[2012/07/15 21:24:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B79B309D-2971-4464-AC15-609BAF61E54C}
[2012/07/15 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{3619ADF9-B91D-4F07-BD4E-2A410D95EBD5}
[2012/07/15 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C22A4EE8-519A-4F7B-888E-20EF04FF30A0}
[2012/07/14 13:25:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B04078C1-F75D-437D-B934-AF37B3DA0599}
[2012/07/14 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0E59A09D-6273-4CF7-B51D-F0A8EB670B38}
[2012/07/14 01:24:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E784DEC2-0052-4809-B68A-7C9593F23490}
[2012/07/14 01:24:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B15BC22C-66F4-4A2B-AD51-1D319B0989E4}
[2012/07/13 13:24:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{799DABB7-D191-46DB-A532-25CAF1A42142}
[2012/07/13 13:23:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A0DE03D8-060F-4EA8-B58D-1596462BA090}
[2012/07/13 01:23:17 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{208F7C2B-EE9F-4075-9FF2-02C9D4997FDE}
[2012/07/13 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F6C5B564-6529-49BA-98A5-C77309CC8641}
[2012/07/12 13:22:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C3D8106A-398A-4848-86B4-B795143DA3A8}
[2012/07/12 13:22:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{88AA7A01-CC27-4172-A548-F93304186977}
[2012/07/12 01:22:19 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C5D8F0BD-41EA-4EC5-B3A6-FCF9C171C213}
[2012/07/12 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3D28E87-D58B-4BDF-BB59-5A032EF1711D}
[2012/07/11 11:46:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5FDC5B3B-6B2E-4551-B72E-5DA91ADB0EDC}
[2012/07/11 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9B4ED76B-B9FC-4989-A4D2-9201F78593C0}
[2012/07/10 23:48:30 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 23:45:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D02D9EE6-0FBA-4D28-8BB4-CEA2E7389473}
[2012/07/10 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C9912BB3-966A-47EE-B46E-EE4C320C84F2}
[2012/07/10 23:44:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/10 23:44:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/10 23:44:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/10 23:44:42 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/10 23:44:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/10 23:44:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 23:44:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/10 23:35:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3E5C3BD-EED1-433A-87C0-517999784B49}
[2012/07/10 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5C0DD0A7-8214-4E98-BC4E-05DCBC8D1641}
[2012/07/09 19:08:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0736BD0E-3609-483F-99D8-5B58909B7861}
[2012/07/09 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{97A6B70A-19CE-4CFF-A9E2-A86E62F76C7F}
[2012/07/08 23:38:29 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{1ADB49BC-9B88-4697-BDFF-01AB7BA35740}
[2012/07/08 23:38:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{4F7C4F9A-03B6-439C-9E9C-AF059EA7BCFA}
[2012/07/08 11:38:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F5B08DA2-8E60-4AD7-B885-157484943E57}
[2012/07/08 11:37:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{33B3476D-75FB-4A65-9B04-E04859E2C98A}
[2012/07/07 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{50193F45-4B9A-43E7-AA7C-302D2C4C6677}
[2012/07/07 23:37:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81373DF9-F447-4478-B31E-1062D70E46F6}
[2012/07/07 11:36:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{70C9D3EB-4990-4A6A-B27A-9F6B87AEAD3B}
[2012/07/07 11:35:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{803F15CC-8E9C-4E0A-AE65-71FA5020D532}
[2012/07/06 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2829D2CD-989A-41AD-8929-511F3B7994A3}
[2012/07/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3A5B812-0BCA-41C7-8691-F3162D0973E6}
[2012/07/06 10:25:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{805430EA-26C9-4589-A9E0-ED40B30096E2}
[2012/07/06 10:25:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E7E7CAB7-8153-4D53-AD0A-15F0E89C067B}
[2012/07/05 18:25:15 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDABB8CC-709D-4EFD-B4F8-90991B007279}
[2012/07/05 18:24:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8E8BDCDD-4CEB-49B4-9262-A34D4667D6DA}
[2012/07/04 01:01:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{736FB5C3-E222-49CF-B1F7-A1C9571E54E2}
[2012/07/04 01:01:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{FA6B7823-FBB1-4015-83A4-93AA88A35CC2}
[2012/07/03 12:03:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDB95FF0-1A20-452D-9B35-0AD42F4EA70D}
[2012/07/03 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{15D8C447-842B-458B-BCED-3BE800E444B2}
[2012/07/03 00:02:30 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{44E35712-9367-4FC9-9DD4-68107E88E780}
[2012/07/03 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B3D5F3E1-3A35-4A27-ADD7-2F6A35923344}
[2012/07/02 12:01:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8DAED965-14E6-4E95-A545-6F8635B9746C}
[2012/07/02 12:01:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{BD76DDF7-C30C-48CD-B628-80BACA525A59}
[2012/07/02 00:01:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C7E3A918-0DDF-4A34-B093-F242C0EE0B50}
[2012/07/02 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D3845F0A-A0BB-4C1A-B7BB-8CA4973F59C9}
[2012/07/01 12:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C95136A-DE3D-46D4-A1FB-ED8E3C12293E}
[2012/07/01 11:59:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0ED5AA7B-E5E5-4FB7-BB32-BD6D36E71ADA}
[2012/06/30 23:06:24 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{01A9D32C-46B9-4A12-BD16-7C9118E14560}
[2012/06/30 23:06:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9A1A0072-EDD6-41AC-B71A-3B614CE5662C}
[2012/06/30 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EC6980FE-2A6A-43A4-9AD5-378BD8B131C8}
[2012/06/30 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ABA68842-063A-4AF8-9193-2BD47E86F4DF}
[2012/06/29 22:00:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{527BF8AF-17A9-42B7-8205-1787DCDDCE84}
[2012/06/29 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AEF547DD-149C-4460-89CD-A412C7F3E5FF}
[2012/06/29 09:59:38 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E119FC5D-E4CD-470C-9B69-6B0CBDF17BFC}
[2012/06/29 09:59:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7F2F705E-1D8D-4E29-8F40-F13B05A9078F}
[2012/06/28 22:53:18 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{4A284E36-E6A1-433B-97D1-6606BE61081F}
[2009/06/01 00:29:56 | 000,210,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Blaine\uninstall_flash_player.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 11:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 11:38:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 11:37:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 11:37:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 11:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 11:37:29 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 10:37:04 | 001,012,656 | ---- | M] () -- C:\Users\Blaine\Desktop\rkill.exe
[2012/07/28 10:31:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
[2012/07/28 09:27:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 01:27:47 | 000,360,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/28 01:25:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/27 19:35:37 | 000,183,538 | ---- | M] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/26 23:28:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/26 23:28:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/23 21:22:31 | 000,621,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/23 21:22:31 | 000,114,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/19 09:55:29 | 000,219,648 | ---- | M] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 19:40:55 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/03 00:36:54 | 000,596,323 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY TEACHING.pdf
[2012/07/03 00:36:28 | 000,390,953 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY BUSINESS.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 11:42:11 | 001,012,656 | ---- | C] () -- C:\Users\Blaine\Desktop\rkill.exe
[2012/07/28 09:05:30 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/27 19:35:29 | 000,183,538 | ---- | C] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 16:41:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape50.bin
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape40.bin
[2012/02/09 21:59:35 | 000,032,768 | ---- | C] () -- C:\Windows\System32\snape20.bin
[2011/11/16 04:48:14 | 000,000,680 | ---- | C] () -- C:\Users\Blaine\AppData\Local\d3d9caps.dat
[2011/08/08 10:58:14 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2011/05/19 13:39:31 | 000,001,940 | ---- | C] () -- C:\Users\Blaine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/24 22:15:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 06:53:17 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Unl.exe
[2009/03/30 15:21:36 | 000,103,784 | ---- | C] () -- C:\Users\Blaine\GoToAssistDownloadHelper.exe
[2009/03/09 22:29:21 | 000,219,648 | ---- | C] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHZ2160BH G1
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Kingston DataTraveler G2 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 1573912576
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 73.00GB
Starting Offset: 81427169280
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 4128768
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/06/01 00:32:02 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Adobe
[2011/11/05 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Amazon
[2010/09/22 01:32:19 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Apple Computer
[2011/11/26 03:52:08 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\BitZipper
[2010/08/08 03:28:01 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Chinatelecom
[2009/03/08 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Datalayer
[2011/12/15 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Digiarty
[2011/04/16 20:47:27 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\DivX
[2009/09/16 21:44:50 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\DriverCure
[2012/01/03 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\dvdcss
[2011/11/03 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\FileOpen
[2011/04/01 13:28:34 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\GetRightToGo
[2011/11/14 12:28:11 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Google
[2009/03/08 16:25:33 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Identities
[2009/03/08 16:25:16 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\InstallShield
[2009/03/30 13:52:09 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Macromedia
[2012/01/12 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Media Center Programs
[2012/04/10 18:49:42 | 000,000,000 | --SD | M] -- C:\Users\Blaine\AppData\Roaming\Microsoft
[2009/03/30 15:10:28 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Motive
[2010/10/21 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Moyea
[2009/05/09 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\myphotobook
[2009/03/10 23:57:37 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Nokia
[2011/09/04 04:50:49 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Panasonic
[2009/03/10 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\PC Suite
[2011/11/24 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Real
[2011/09/04 04:48:03 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Skype
[2011/06/13 00:14:20 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\skypePM
[2011/09/27 14:04:39 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\SmartDraw
[2010/05/01 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Symantec
[2012/07/27 19:30:37 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Tencent
[2010/09/10 08:30:29 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\WinRAR
[2010/08/08 03:16:38 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER
[2010/08/08 02:38:41 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\ZTEEVDO

< MD5 for: ATAPI.SYS >
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 10:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Don't see a lot in your logs. There is or was an infection but the files have been removed tho Norton did not remove the registry entries which we can do. There may be something funny on your USB drive.


Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [TdrOxoid] C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe) - C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
O33 - MountPoints2\{361e2aa7-9caa-11df-9603-001e3391517e}\Shell - "" = AutoRun
O33 - MountPoints2\{361e2aa7-9caa-11df-9603-001e3391517e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\autorun.exe

:files
C:\Users\Blaine\AppData\Local\laacnlyp
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start (Since UAC is not running it may not be necessary). Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Download aswMBR.exe
http://public.avast.com/~gmerek/aswMBR.exe
to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

It's possible that Norton's firewall is causing the problem or that IE is misconfigured. Try resetting IE to the defaults:

In IE, Tools, Internet Options, Security then select Restricted Zone and then Sites. Remove any sites on the list. Then In IE, Tools, Internet Options, Advanced there should be a RESET button near the bottom of the window. Click on it then close IE and restart IE.

We can try removing Norton:
Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
In Vista and Win 7 look in C:\ProgramData\Avast Software\Avast\report\aswboot.txt C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt for a text version of the log which you can copy and paste into a reply.





Ron
  • 0

#10
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Ron, I clicked the run fix button with the code in the custom fix box and it rebooted almost immediately. No log was produced. I logged back in and again Windows is telling me that the UAC is switched off, and I can't turn it back on.

I can't access the websites you posted to download because it won't let me. I'll have to take another trip to the Internet Cafe.

As a side point, Norton just indicated that they blocked an attack from W32 Ramnit.
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Ramnit can be fatal. If you have a ramnit infection the only hope is to run a scan from a CD. (See the AVG Rescue disk at http://www.geekstogo...ystem-tutorial/ )

IF it hasn't spread too far then you may have a chance of getting rid of it but if it's spread then you may need to do a complete wipe and reinstall.
  • 0

#12
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
How would I do a complete wipe and reinstall but still saving my important files like family photos and videos? I have a 4GB USB I can save some on, but regardless of the size of my USB, won't it be dangerous to store them on a USB because the USB might be infected too?

If I buy a new laptop, and transfer the files using a USB, won't my USB be putting the virus onto the new laptop?

I don't have blank CD-Rs and my Norton back-up has very little space available (only 2GB online and 22GB in my E drive)
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I'd say it was worth buying a few CD-R blanks. The AVG Rescue Disk should allow you to scan your PC and remove most viruses. It also allows you to copy your files to a CD or a USB drive.

Since you say you have a Norton Backup perhaps the backup has not been infected and you can use it to revert back to an earlier image? (I don't know anything about the Norton Backup so can't help there.)
  • 0

#14
blaineholloway

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello, I have decided to wipe the whole laptop. However, I need to know a few things first. One is how to do it. I have backed up my files through my Norton and through Windows and it's all saved on zip files in my E drive. So if I wipe the computer, won't they go along with it? How does that work?

If I just wipe the C drive (again, how to do it?) will the problems be rectified?
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Can't really say as I have never worked with Norton Backup. I'm assuming that if you have your account info written down somewhere you can get access to your data (which is supposed to be stored on line somewhere) after you wipe the drive and reinstall Windows. I couldn't find a manual for Norton backup on their site.
http://us.norton.com/online-backup/ says

Lets you retrieve your files whenever you need them from any computer connected to the Internet.
Allows you to quickly manage backed up files, including any versions backed up in the past 90 days, through an easy-to-use, password-protected Web page.


I'd make sure I could access the password-protected web page before doing anything.

This appears to be a Toshiba PC. Don't know much about them either. Does it have a hidden partition that allows you to restore to factory? If not do you have the Windows disk(s) that you will need? Do you have the Toshiba drivers? (chipset and/or network drivers at a minimum).

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP