Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect


  • This topic is locked This topic is locked

#1
crawfordsparky

crawfordsparky

    Member

  • Member
  • PipPip
  • 41 posts
Unable To Remove Google Redirect Infection Can Anyone Help?

I Have Used "TDSSKILLER" and "GOREDFIX" but Still Getting Google Redirect! Have also Carried out Hosts File Clean up

Can Anyone advise me of my next step please


Kind Regards

Crawfordsparky

OTL logfile created on.doc

OTL logfile created on: 08/11/2010 16:02:46 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mark Cockram\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 7.82 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

Computer Name: BUSINESSCOMPUTE | User Name: Mark Cockram | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mark Cockram\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Mark Cockram\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101108.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101108.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101021.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:3.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 07:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 10:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010/10/25 17:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins

[2008/09/08 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Extensions
[2010/11/08 09:52:00 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions
[2010/07/24 08:15:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 17:20:43 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/10/22 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\[email protected]
[2010/11/03 21:23:36 | 000,010,378 | ---- | M] () -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\searchplugins\mail-online.xml
[2010/09/11 09:06:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 09:15:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/08 14:47:19 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{2C8FAD01-26BA-771C-317F-26D7F231F137}] C:\Users\Mark Cockram\AppData\Roaming\Orycu\lyvu.exe ()
O4 - HKCU..\Run: [{79BDA5E5-3FE5-82F4-4CE0-6950B368181C}] C:\Users\Mark Cockram\AppData\Roaming\Nycu\alba.exe ()
O4 - HKCU..\Run: [C:\Users\Mark Cockram\Downloads\ArbAlarm\ArbAlarm\arbAlarm.exe] C:\Users\Mark Cockram\Downloads\ArbAlarm\ArbAlarm\arbAlarm.exe ()
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 15:01:07 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Desktop\GooredFix Backups
[2010/11/08 14:47:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/08 14:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Documents\HostsXpert-1
[2010/11/08 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Local\ElevatedDiagnostics
[2010/11/08 12:23:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/11/08 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/11/08 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/08 10:43:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/08 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/08 10:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/11/08 08:54:44 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/11/08 08:54:43 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/05 09:58:31 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Nycu
[2010/11/05 09:58:31 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Ifnuho
[2010/10/26 09:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/10/25 17:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/25 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/25 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/25 17:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/22 08:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/02/15 11:14:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/08 16:05:25 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job
[2010/11/08 15:46:55 | 000,083,456 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:18 | 000,022,514 | ---- | M] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:59:54 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/08 14:59:54 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/08 14:54:53 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/11/08 14:54:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/08 14:54:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 14:54:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 14:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 14:54:28 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 14:47:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/11/08 14:03:06 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:51 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:21:11 | 004,390,912 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:21:10 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:21:10 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:04 | 000,012,781 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:17:05 | 000,023,040 | ---- | M] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 18:27:37 | 000,828,416 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/26 09:57:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 20:11:26 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mark Cockram.job
[2010/10/25 17:19:20 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/25 16:59:41 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/10/25 16:58:38 | 000,001,854 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/24 17:02:52 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/19 13:21:40 | 000,021,504 | ---- | M] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:58:55 | 000,029,696 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:58:07 | 000,202,752 | ---- | M] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam
[2010/10/16 07:42:47 | 000,375,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/11 16:06:53 | 000,584,704 | ---- | M] () -- C:\Users\Mark Cockram\Documents\gifts-2-go.msam

========== Files Created - No Company Name ==========

[2010/11/08 15:46:53 | 000,083,456 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:15 | 000,022,514 | ---- | C] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/08 12:41:49 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:20:13 | 004,390,912 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:20:13 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:20:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | C] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:02 | 000,012,781 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:11:33 | 000,023,040 | ---- | C] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 09:57:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 17:19:20 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/22 08:32:34 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/19 13:16:31 | 000,021,504 | ---- | C] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:59:45 | 000,828,416 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/19 12:47:39 | 000,029,696 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:42:59 | 000,202,752 | ---- | C] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam
[2010/05/05 08:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2009/10/20 17:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 12:01:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/02/15 11:15:44 | 000,000,033 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.log
[2009/02/15 11:14:26 | 000,087,608 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\inst.exe
[2009/02/15 11:14:26 | 000,007,887 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.cat
[2009/02/15 11:14:26 | 000,001,144 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.inf
[2009/01/22 13:36:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Converter.dll
[2008/09/23 11:36:43 | 000,000,680 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\d3d9caps.dat
[2008/09/17 14:58:18 | 000,000,272 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\wklnhst.dat
[2008/04/24 09:00:31 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agi1600.dll
[2008/04/24 09:00:30 | 001,777,664 | R--- | C] () -- C:\Windows\System32\zhp1600r.dll
[2008/04/24 09:00:29 | 000,114,688 | R--- | C] () -- C:\Windows\System32\VSHP1600.dll
[2008/03/26 18:40:40 | 000,008,192 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/10 12:49:37 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/10 12:49:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/10/10 12:49:37 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/10 12:49:34 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/10 12:46:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/10 12:45:13 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/10/10 12:45:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/10/10 12:45:13 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/10/10 12:45:13 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/07/10 14:38:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/07/10 14:34:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/07/10 14:34:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/07/10 14:34:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/07/10 14:34:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/04/13 16:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/03/18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Affilorama
[2008/09/11 15:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/12 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Desktop Spider
[2008/03/26 18:13:09 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DesktopSMS
[2010/04/01 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/01/14 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Feedreader
[2009/05/28 10:40:06 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\IBP
[2010/11/08 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Ifnuho
[2010/11/08 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Laqyca
[2009/12/23 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Living Tree Software
[2008/09/19 10:51:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2008/10/08 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Nvu
[2010/11/05 09:58:31 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Nycu
[2009/03/10 19:08:47 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Orycu
[2009/06/16 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\SmartDraw
[2009/02/12 15:25:12 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Spider
[2010/09/27 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Spotify
[2008/09/22 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Template
[2010/11/08 12:16:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Toshiba
[2010/11/08 14:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/07 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Vso
[2010/11/08 14:54:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/11/08 14:53:30 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/08 14:54:53 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job
[2010/11/08 16:05:25 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job

========== Purity Check ==========



< End of report >

Edited by crawfordsparky, 08 November 2010 - 10:09 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets try this first

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [{2C8FAD01-26BA-771C-317F-26D7F231F137}] C:\Users\Mark Cockram\AppData\Roaming\Orycu\lyvu.exe ()
    O4 - HKCU..\Run: [{79BDA5E5-3FE5-82F4-4CE0-6950B368181C}] C:\Users\Mark Cockram\AppData\Roaming\Nycu\alba.exe ()
    O4 - HKCU..\Run: [C:\Users\Mark Cockram\Downloads\ArbAlarm\ArbAlarm\arbAlarm.exe] C:\Users\Mark Cockram\Downloads\ArbAlarm\ArbAlarm\arbAlarm.exe ()
    [2010/11/08 08:54:44 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
    [2010/11/08 08:54:43 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
    [2010/11/05 09:58:31 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Nycu
    [2010/11/05 09:58:31 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Ifnuho

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Could you check for re-direct once this has run
  • 0

#3
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy, thanks for helping me out, much appreciated

Herer are the details from OTL

Talk to you shortly

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{2C8FAD01-26BA-771C-317F-26D7F231F137} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C8FAD01-26BA-771C-317F-26D7F231F137}\ not found.
C:\Users\Mark Cockram\AppData\Roaming\Orycu\lyvu.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{79BDA5E5-3FE5-82F4-4CE0-6950B368181C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79BDA5E5-3FE5-82F4-4CE0-6950B368181C}\ not found.
C:\Users\Mark Cockram\AppData\Roaming\Nycu\alba.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\C:\Users\Mark Cockram\Downloads\ArbAlarm\ArbAlarm\arbAlarm.exe not found.
File C:\Users\Mark Cockram\Downloads\ArbAlarm\ArbAlarm\arbAlarm.exe not found.
C:\Users\Public\Documents\Windows folder moved successfully.
C:\Users\Public\Documents\Server folder moved successfully.
C:\Users\Mark Cockram\AppData\Roaming\Nycu folder moved successfully.
C:\Users\Mark Cockram\AppData\Roaming\Ifnuho folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Mark Cockram\Downloads\cmd.bat deleted successfully.
c:\Users\Mark Cockram\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark Cockram
->Temp folder emptied: 3612418 bytes
->Temporary Internet Files folder emptied: 2054282 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45329250 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2465 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23206667 bytes
RecycleBin emptied: 5476150 bytes

Total Files Cleaned = 76.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mark Cockram
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.17.3 log created on 11102010_130125

Files\Folders moved on Reboot...
File\Folder C:\Users\Mark Cockram\AppData\Local\Temp\tmp918e0484\r_KillEXE.exe not found!
C:\Windows\temp\TMP0000005BA7F456FC028CF23B moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Just tried Google Search

I am Still Getting Google Redirects! After carrying out the Procedure With The Code On OTL

Can you help further

Much apprecieated


Crawfordsparky

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep sure can - I intend to see you totally clean :D That was just the first stage to kill the replicators

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Thanks again for your help much appreciated

I have carried out a Combofix Scan, and have detailed the log results below

Hope you can help

Kind regards

Crawfordsparky





ComboFix 10-11-09.03 - Mark Cockram 10/11/2010 19:21:52.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.729 [GMT 0:00]
Running from: c:\users\Mark Cockram\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Mark Cockram\AppData\Local\Temp\ppcrlui_5832_2
c:\users\Mark Cockram\AppData\Roaming\Orycu\lyvu.exe
c:\users\MARKCO~1\AppData\Local\Temp\ppcrlui_5832_2
.
---- Previous Run -------
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Mark Cockram\AppData\Local\Temp\ppcrlui_3844_2
c:\users\Mark Cockram\AppData\Roaming\inst.exe
c:\users\Mark Cockram\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\MARKCO~1\AppData\Local\Temp\ppcrlui_3844_2
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat

----- BITS: Possible infected sites -----

hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 19:38 . 2010-11-10 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-10 13:37 . 2010-11-10 13:37 -------- d-----w- c:\programdata\WindowsSearch
2010-11-10 13:06 . 2010-11-10 18:22 67584 ----a-w- c:\users\Mark Cockram\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
2010-11-10 13:01 . 2010-11-10 13:01 -------- d-----w- C:\_OTL
2010-11-10 08:20 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 07:37 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{440C6664-CCE9-4DCC-BC38-B8F4F594C77E}\mpengine.dll
2010-11-08 18:50 . 2010-07-16 14:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-11-08 18:50 . 2010-07-16 14:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-11-08 18:36 . 2010-11-08 18:36 -------- d-----w- c:\program files\Safer Networking
2010-11-08 14:47 . 2010-11-08 14:47 -------- d-----w- C:\_OTM
2010-11-08 12:25 . 2010-11-08 14:13 -------- d-----w- c:\users\Mark Cockram\AppData\Local\ElevatedDiagnostics
2010-11-08 12:20 . 2010-11-08 12:23 -------- d-----w- c:\program files\Microsoft ATS
2010-11-08 10:44 . 2010-11-08 10:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-08 10:20 . 2010-11-08 14:03 -------- d-----w- c:\users\Mark Cockram\AppData\Roaming\Uniblue
2010-11-08 10:20 . 2010-11-08 14:03 -------- d-----w- c:\program files\Uniblue
2010-10-27 07:46 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 07:45 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 07:45 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 09:57 . 2010-10-26 09:57 -------- d-----w- c:\program files\Market Samurai
2010-10-25 17:18 . 2010-10-25 17:18 -------- d-----w- c:\program files\iPod
2010-10-25 17:18 . 2010-10-25 17:19 -------- d-----w- c:\program files\iTunes
2010-10-25 17:09 . 2010-10-25 17:09 -------- d-----w- c:\program files\Bonjour
2010-10-22 08:32 . 2010-10-22 08:32 -------- d-----w- c:\programdata\McAfee
2010-10-22 08:32 . 2010-10-22 08:32 -------- d-----w- c:\programdata\McAfee Security Scan
2010-10-22 08:32 . 2010-10-24 17:02 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-15 07:21 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 07:21 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 07:20 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 07:20 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 07:19 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 07:19 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 07:19 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 07:19 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 07:19 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 10:41 . 2009-10-03 10:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-27 07:45 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 07:46 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 07:45 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 07:45 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-17 14:11 . 2010-09-15 07:04 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2008-05-26 2042880]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-10-14 67960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2010-09-29 1588184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 237632]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20101021.002\IDSvix86.sys [2010-09-15 287792]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-25 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mark Cockram.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]

2010-11-10 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-11-08 13:18]

2010-11-10 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-06-16 08:53]

2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} -
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} -
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} -
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-{2C8FAD01-26BA-771C-317F-26D7F231F137} - c:\users\Mark Cockram\AppData\Roaming\Orycu\lyvu.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 19:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-10 19:43:40
ComboFix-quarantined-files.txt 2010-11-10 19:43

Pre-Run: 10,541,461,504 bytes free
Post-Run: 10,485,506,048 bytes free

- - End Of File - - 33FECF626A692A882EAE529FE7E93107

Edited by crawfordsparky, 10 November 2010 - 02:04 PM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm and you are still being redirected ?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\Mark Cockram\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp

Folder::
c:\users\Mark Cockram\AppData\Roaming\Orycu


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#8
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Thanks for coming back to me so quickly

Since the last combofix scan, the Google redirection seems to have stopped, this did happen though yesterday for a short while, and then the redirection started again.

I hope this time it has cured the problem, if so I owe you a big thank you for spending your precious time helping me out, it really really is much appreciated

YOU ARE VERY KIND

Please let me know your thoughts about this matter

Kind Regards

Crawfordsparky

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If it has come back from a previous run we may need to look a tad deeper

Do you use a router ?
  • 0

#10
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Yes I use a wireless Router "Netgear"
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you have other computers that use the router and do not get redirects then ignore the next part.

If they are getting re-directed or there are no other computers using the system then do the following :



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).


If I could have one final OTL scan before I remove my tools and tidy up

  • Run OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, a log will open - post that

  • 0

#12
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Thanks for the information

Here Are the latest log results from OTL

Let me know your thoughts

Kind Regards


Crawfordsparky



OTL logfile created on: 10/11/2010 21:17:40 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Mark Cockram\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 9.69 Gb Free Space | 17.33% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: BUSINESSCOMPUTE | User Name: Mark Cockram | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\Mark Cockram\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - c:\Users\Mark Cockram\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools)


========== Win32 Services (SafeList) ==========

SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\MARKCO~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101110.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101110.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101021.002\IDSvix86.sys (Symantec Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:3.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 07:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 10:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010/10/25 17:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins

[2008/09/08 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Extensions
[2010/11/10 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions
[2010/07/24 08:15:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 17:20:43 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/10/22 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\[email protected]
[2010/11/03 21:23:36 | 000,010,378 | ---- | M] () -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\searchplugins\mail-online.xml
[2010/11/10 19:56:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 09:15:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/10 19:38:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 19:43:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/10 19:43:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/10 19:17:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/10 18:51:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/10 18:40:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/10 18:40:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/10 18:40:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/10 18:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/10 18:35:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/10 13:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/11/10 13:06:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/11/10 13:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/10 13:01:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/08 18:50:35 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010/11/08 18:50:35 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010/11/08 18:50:34 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/11/08 18:50:34 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/11/08 18:50:31 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/11/08 18:50:31 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/11/08 18:50:19 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/08 18:50:19 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010/11/08 18:50:18 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010/11/08 18:50:15 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\PC Tools
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/08 18:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/08 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/08 18:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/11/08 15:01:07 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Desktop\GooredFix Backups
[2010/11/08 14:47:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/08 14:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Documents\HostsXpert-1
[2010/11/08 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Local\ElevatedDiagnostics
[2010/11/08 12:23:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/11/08 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/11/08 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/08 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/08 10:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/10/26 09:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/10/25 17:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/25 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/25 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/25 17:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/22 08:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/02/15 11:14:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/10 21:25:29 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job
[2010/11/10 20:51:38 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/10 20:51:38 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/10 19:38:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/10 18:56:59 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/10 18:56:59 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/10 18:51:58 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/11/10 18:51:53 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/10 18:51:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/10 18:51:24 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 18:51:22 | 298,735,957 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/10 08:14:23 | 002,204,946 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:50:29 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/08 18:45:20 | 000,507,360 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:55 | 000,083,456 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:18 | 000,022,514 | ---- | M] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:51 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:21:11 | 004,390,912 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:21:10 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:21:10 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:04 | 000,012,781 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 20:17:05 | 000,023,040 | ---- | M] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 18:27:37 | 000,828,416 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/26 09:57:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 20:11:26 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mark Cockram.job
[2010/10/25 17:19:20 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/25 16:59:41 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/10/25 16:58:38 | 000,001,854 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/24 17:02:52 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/19 13:21:40 | 000,021,504 | ---- | M] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:58:55 | 000,029,696 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:58:07 | 000,202,752 | ---- | M] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam
[2010/10/16 07:42:47 | 000,375,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/10 18:51:22 | 298,735,957 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/10 18:40:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/10 18:40:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/10 18:40:28 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/10 18:40:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/10 18:40:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/08 18:51:42 | 002,204,946 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:50:29 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/08 18:45:36 | 000,507,360 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:53 | 000,083,456 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:15 | 000,022,514 | ---- | C] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/08 12:41:49 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:20:13 | 004,390,912 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:20:13 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:20:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | C] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:02 | 000,012,781 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:11:33 | 000,023,040 | ---- | C] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 09:57:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 17:19:20 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/22 08:32:34 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/19 13:16:31 | 000,021,504 | ---- | C] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:59:45 | 000,828,416 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/19 12:47:39 | 000,029,696 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:42:59 | 000,202,752 | ---- | C] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam
[2010/05/05 08:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2009/10/20 17:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 12:01:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/02/15 11:15:44 | 000,000,033 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.log
[2009/02/15 11:14:26 | 000,007,887 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.cat
[2009/02/15 11:14:26 | 000,001,144 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.inf
[2009/01/22 13:36:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Converter.dll
[2008/09/23 11:36:43 | 000,000,680 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\d3d9caps.dat
[2008/09/17 14:58:18 | 000,000,272 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\wklnhst.dat
[2008/04/24 09:00:31 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agi1600.dll
[2008/04/24 09:00:30 | 001,777,664 | R--- | C] () -- C:\Windows\System32\zhp1600r.dll
[2008/04/24 09:00:29 | 000,114,688 | R--- | C] () -- C:\Windows\System32\VSHP1600.dll
[2008/03/26 18:40:40 | 000,008,192 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/10 12:49:37 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/10 12:49:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/10/10 12:49:37 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/10 12:49:34 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/10 12:46:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/10 12:45:13 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/10/10 12:45:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/10/10 12:45:13 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/10/10 12:45:13 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/07/10 14:38:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/07/10 14:34:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/07/10 14:34:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/07/10 14:34:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/07/10 14:34:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/04/13 16:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/03/18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Affilorama
[2008/09/11 15:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/12 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Desktop Spider
[2008/03/26 18:13:09 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DesktopSMS
[2010/04/01 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/01/14 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Feedreader
[2009/05/28 10:40:06 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\IBP
[2010/11/10 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Laqyca
[2009/12/23 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Living Tree Software
[2008/09/19 10:51:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2008/10/08 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Nvu
[2010/11/10 13:01:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Orycu
[2009/06/16 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\SmartDraw
[2009/02/12 15:25:12 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Spider
[2010/09/27 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Spotify
[2008/09/22 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Template
[2010/11/08 12:16:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Toshiba
[2010/11/08 14:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/07 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Vso
[2010/11/10 18:51:53 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/11/10 14:57:11 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/10 18:51:58 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job
[2010/11/10 21:25:29 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/03/26 18:21:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/26 18:21:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 22.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u22-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u22-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done


Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#14
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hello Essex Boy,

Thanks for that great information much appreciated

With reference to the hidden files (Host Files Etc) being set to that, I have tried the below, but I do not have a tools menu in my "my computer" to be able to tick boxes too hide files. I am using Windows Vista Home premium, can you advise where I should look

(I Have tried this)

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do not show hidden files and folders.
* Click Yes to confirm.
* Click OK.

Kind Regards

Crawfordsparky

  • 0

#15
crawfordsparky

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Good Morning Essex Boy,

After all the work Yesterday,

I still experienced a Google redirect! I then ran "Spyware Blaster" And "Malwarebytes" and had the following log report showing 8 infections:

I then Quarantined and deleted these items

Is there anything else i should carry out?

I am not now getting any redirects!

Kind regards

Crawfordsparky


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5092

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/11/2010 00:24:24
mbam-log-2010-11-11 (00-24-24).txt

Scan type: Quick scan
Objects scanned: 142486
Time elapsed: 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Mark Cockram\downloads\MyFunCardsSetup2.3.50.45.ZUfox000(2).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Mark Cockram\downloads\MyFunCardsSetup2.3.50.45.ZUfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Mark Cockram\downloads\MyWebFaceSetup2.3.67.1.SA.HP.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Windows\winhelp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Delete on reboot.
C:\Users\Mark Cockram\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP