Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by crawfordsparky , Nov 08 2010 09:52 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 11 November 2010 - 08:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MyFunCardsSetup2.3.50.45 did you download and install this programme ?

For the folders hide go to control panel > Folders and work from there

Do you still get a redirect ? If so to what site
  • 0

Advertisements

#17
crawfordsparky
Posted 11 November 2010 - 01:15 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Thanks for coming back to me so quickly

I do not recognise the file: MyFunCardsSetup 2.3.50.45, it certainly has not been downloaded by me recently, this may have been installed by another member of the family some time ago

I am not getting any Google Redirects since I used Malwarebytes to removed these files

Let me know your thoughts

Kind Regards

Crawfordsparky
  • 0

#18
Essexboy
Posted 11 November 2010 - 01:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could run a quick OTL scan I will confirm that they have gone for sure - I should imagine that they looked like a good game, but, trust me they are not

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop
    %systemroot%\*. /mp /s



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#19
crawfordsparky
Posted 11 November 2010 - 02:39 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Here are the results from the OTL Scan

Let me know your thoughts

Kind Regards

Crawfordsparky



OTL logfile created on: 11/11/2010 20:15:23 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mark Cockram\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 16.90 Gb Free Space | 30.24% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: BUSINESSCOMPUTE | User Name: Mark Cockram | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 20:13:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Cockram\Downloads\OTL.exe
PRC - [2010/11/01 07:29:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/09/15 13:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/09/03 10:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/27 06:36:38 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/07/20 19:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/19 14:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 15:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/04/03 15:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 09:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 12:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/09 21:59:00 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 00:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 20:13:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Cockram\Downloads\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)
SRV - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/17 12:11:40 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/03/26 18:45:42 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/13 23:11:00 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 19:40:00 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 00:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/29 08:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101111.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 08:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101111.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 18:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101021.002\IDSvix86.sys -- (IDSvix86)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/06 21:05:25 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/27 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 08:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/09/13 07:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/09/05 09:36:26 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/27 07:32:30 | 000,188,336 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/30 05:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/06 14:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
DRV - [2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/24 12:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 14:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/18 14:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 21:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/07/28 15:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:3.3.8
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 07:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 10:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010/10/25 17:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins

[2008/09/08 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Extensions
[2010/11/11 20:03:12 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions
[2010/07/24 08:15:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 17:20:43 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/10/22 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\[email protected]
[2010/11/11 08:00:44 | 000,010,378 | ---- | M] () -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\searchplugins\mail-online.xml
[2010/11/10 22:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 22:37:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/10 22:37:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/10 21:51:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe File not found
O4 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1750268131-4172423459-1269277827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 00:11:35 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Malwarebytes
[2010/11/11 00:11:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/11 00:11:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/11 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 00:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/11 00:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/11/10 23:07:03 | 000,229,376 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragS.exe
[2010/11/10 23:07:03 | 000,221,184 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDC.exe
[2010/11/10 23:07:03 | 000,212,992 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefrag.dll
[2010/11/10 23:07:03 | 000,107,008 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragBT.exe
[2010/11/10 23:07:02 | 001,110,016 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranFD.exe
[2010/11/10 23:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2010/11/10 22:37:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/10 22:37:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/10 22:37:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/10 22:06:28 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2010/11/10 22:00:08 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/10 19:55:48 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2010/11/10 19:43:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/10 19:43:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/10 18:51:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/10 18:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/10 13:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/11/10 13:06:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/11/10 13:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/08 18:50:35 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010/11/08 18:50:35 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010/11/08 18:50:34 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/11/08 18:50:34 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/11/08 18:50:31 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/11/08 18:50:31 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/11/08 18:50:19 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/08 18:50:19 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010/11/08 18:50:18 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010/11/08 18:50:15 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\PC Tools
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/08 18:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/08 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/08 18:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/11/08 15:01:07 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Desktop\GooredFix Backups
[2010/11/08 14:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Documents\HostsXpert-1
[2010/11/08 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Local\ElevatedDiagnostics
[2010/11/08 12:23:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/11/08 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/11/08 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/08 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/08 10:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/10/27 07:46:00 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 07:45:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 07:45:57 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/26 09:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/10/25 17:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/25 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/25 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/25 17:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/22 08:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/10/15 07:21:42 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/15 07:21:42 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/15 07:20:53 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/15 07:19:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/15 07:18:51 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/15 07:18:48 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/15 07:18:43 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/15 07:18:42 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/15 07:18:32 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/15 07:18:25 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/15 07:18:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/15 07:18:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/15 07:18:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/02/15 11:14:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/11 20:20:04 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job
[2010/11/11 18:34:25 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/11 18:34:25 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/11 18:30:28 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/11/11 18:30:22 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/11 18:29:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 18:29:46 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 18:29:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 18:29:26 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 00:11:28 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 00:07:22 | 000,000,817 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\SpywareBlaster.lnk
[2010/11/10 23:07:04 | 000,000,807 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\Puran Defrag.lnk
[2010/11/10 22:37:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/10 22:37:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/10 22:37:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/10 22:37:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/10 22:08:19 | 000,375,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/10 22:07:18 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2010/11/10 21:51:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/11/10 18:51:22 | 298,735,957 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/10 08:14:23 | 002,204,946 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:50:29 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/08 18:45:20 | 000,507,360 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:55 | 000,083,456 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:18 | 000,022,514 | ---- | M] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:51 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:21:11 | 004,390,912 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:21:10 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:21:10 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:04 | 000,012,781 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:17:05 | 000,023,040 | ---- | M] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 18:27:37 | 000,828,416 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/26 09:57:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 20:11:26 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mark Cockram.job
[2010/10/25 17:19:20 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/25 16:59:41 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/10/25 16:58:38 | 000,001,854 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/24 17:02:52 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/19 13:21:40 | 000,021,504 | ---- | M] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:58:55 | 000,029,696 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/17 11:58:07 | 000,202,752 | ---- | M] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam

========== Files Created - No Company Name ==========

[2010/11/11 00:11:28 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 00:07:22 | 000,000,817 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\SpywareBlaster.lnk
[2010/11/10 23:07:04 | 000,000,807 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\Puran Defrag.lnk
[2010/11/10 18:51:22 | 298,735,957 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/08 18:51:42 | 002,204,946 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:50:29 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/08 18:45:36 | 000,507,360 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:53 | 000,083,456 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:15 | 000,022,514 | ---- | C] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/08 12:41:49 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:20:13 | 004,390,912 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:20:13 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:20:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | C] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:02 | 000,012,781 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:11:33 | 000,023,040 | ---- | C] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 09:57:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 17:19:20 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/22 08:32:34 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/19 13:16:31 | 000,021,504 | ---- | C] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:59:45 | 000,828,416 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/19 12:47:39 | 000,029,696 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:42:59 | 000,202,752 | ---- | C] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam
[2010/05/05 08:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2009/10/20 17:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 12:01:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/02/15 11:15:44 | 000,000,033 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.log
[2009/02/15 11:14:26 | 000,007,887 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.cat
[2009/02/15 11:14:26 | 000,001,144 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.inf
[2009/01/22 13:36:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Converter.dll
[2008/09/23 11:36:43 | 000,000,680 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\d3d9caps.dat
[2008/09/17 14:58:18 | 000,000,272 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\wklnhst.dat
[2008/04/24 09:00:31 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agi1600.dll
[2008/04/24 09:00:30 | 001,777,664 | R--- | C] () -- C:\Windows\System32\zhp1600r.dll
[2008/04/24 09:00:29 | 000,114,688 | R--- | C] () -- C:\Windows\System32\VSHP1600.dll
[2008/03/26 18:40:40 | 000,008,192 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/10 12:49:37 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/10 12:49:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/10/10 12:49:37 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/10 12:49:34 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/10 12:46:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/10 12:45:13 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/10/10 12:45:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/10/10 12:45:13 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/10/10 12:45:13 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/07/10 14:38:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/07/10 14:34:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/07/10 14:34:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/07/10 14:34:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/07/10 14:34:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/04/13 16:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/03/26 18:21:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/26 18:21:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 224 bytes -> C:\Windows\System32\msln.exe:065033f1b1dab9e6d34ae078dca30664
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#20
Essexboy
Posted 11 November 2010 - 02:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep MBAM got it all - nothing for me to do ;)

Run OTL and hit the cleanup button and it will disappear

Let the other users know that anything with myweb in it is not good :D
  • 0

#21
crawfordsparky
Posted 11 November 2010 - 03:13 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,

Many thanks for your help much appreciated ;)

All seems to be good now, would I need to delete this thread or leave for others to view?

Once again thank you so much for being so helpful your a star ;)

Let me know your thoughts

Kind Regards

Crawfordsparky :D
  • 0

#22
Essexboy
Posted 11 November 2010 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No we leave all threads for posterity - although I will close it in 24 hours if you are happy :D
  • 0

#23
crawfordsparky
Posted 11 November 2010 - 03:19 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Essex Boy,


Will confirm in 24hrs that all is well


Kind regards

Crawfordsparky
  • 0

#24
Essexboy
Posted 12 November 2010 - 03:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#25
Essexboy
Posted 13 November 2010 - 10:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I think I see it - there is a Java active x that was not removed

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#26
crawfordsparky
Posted 13 November 2010 - 11:28 AM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks for your help

OTL Log Detailed Below

Let Me Know Your Thoughts

Kind Regards

Crawfordsparky

OTL logfile created on: 13/11/2010 17:02:48 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mark Cockram\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 16.23 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: BUSINESSCOMPUTE | User Name: Mark Cockram | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/13 17:02:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Cockram\Downloads\OTL(2).exe
PRC - [2010/11/01 07:29:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/09/15 13:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/04/11 06:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/09/03 10:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/27 06:36:38 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/07/20 19:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/19 14:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 15:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/04/03 15:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 09:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 12:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/09 21:59:00 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 00:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/13 17:02:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Cockram\Downloads\OTL(2).exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)
SRV - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/17 12:11:40 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/03/26 18:45:42 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/13 23:11:00 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 19:40:00 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 00:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/29 08:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101112.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 08:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101112.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 18:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101029.001\IDSvix86.sys -- (IDSvix86)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/06 21:05:25 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/27 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 08:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/09/13 07:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/09/05 09:36:26 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/27 07:32:30 | 000,188,336 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/30 05:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/06 14:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
DRV - [2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/24 12:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 14:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/18 14:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 21:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/07/28 15:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:3.3.8
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 07:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 10:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010/10/25 17:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins

[2008/09/08 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Extensions
[2010/11/13 07:53:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions
[2010/07/24 08:15:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 17:20:43 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/10/22 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\[email protected]
[2010/11/11 08:00:44 | 000,010,378 | ---- | M] () -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\searchplugins\mail-online.xml
[2010/11/10 22:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 22:37:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/10 22:37:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/13 16:55:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe File not found
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 16:55:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 00:11:35 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Malwarebytes
[2010/11/11 00:11:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/11 00:11:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/11 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 00:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/11 00:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/11/10 23:07:03 | 000,229,376 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragS.exe
[2010/11/10 23:07:03 | 000,221,184 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDC.exe
[2010/11/10 23:07:03 | 000,212,992 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefrag.dll
[2010/11/10 23:07:03 | 000,107,008 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragBT.exe
[2010/11/10 23:07:02 | 001,110,016 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranFD.exe
[2010/11/10 23:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2010/11/10 22:06:28 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2010/11/10 22:00:08 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/10 19:43:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/10 19:43:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/10 18:51:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/10 18:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/10 13:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/11/10 13:06:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/11/10 13:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/08 18:50:35 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010/11/08 18:50:35 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010/11/08 18:50:34 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/11/08 18:50:34 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/11/08 18:50:31 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/11/08 18:50:31 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/11/08 18:50:19 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/08 18:50:19 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010/11/08 18:50:18 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010/11/08 18:50:15 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\PC Tools
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/08 18:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/08 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/08 18:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/11/08 15:01:07 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Desktop\GooredFix Backups
[2010/11/08 14:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Documents\HostsXpert-1
[2010/11/08 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Local\ElevatedDiagnostics
[2010/11/08 12:23:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/11/08 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/11/08 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/08 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/08 10:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/10/26 09:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/10/25 17:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/25 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/25 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/25 17:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/02/15 11:14:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/13 17:15:10 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job
[2010/11/13 17:04:40 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/13 17:04:40 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/13 16:58:30 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/11/13 16:58:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/13 16:58:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 16:58:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 16:58:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/13 16:58:07 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/13 16:55:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/11/13 11:36:10 | 000,010,618 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Click Here.docx
[2010/11/11 20:56:07 | 000,375,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/11 00:11:28 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 00:07:22 | 000,000,817 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\SpywareBlaster.lnk
[2010/11/10 23:07:04 | 000,000,807 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\Puran Defrag.lnk
[2010/11/10 22:07:18 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2010/11/10 18:51:22 | 298,735,957 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/10 08:14:23 | 002,204,946 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:50:29 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/08 18:45:20 | 000,507,360 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:55 | 000,083,456 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:18 | 000,022,514 | ---- | M] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:51 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:21:11 | 004,390,912 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:21:10 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:21:10 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:04 | 000,012,781 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:17:05 | 000,023,040 | ---- | M] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 18:27:37 | 000,828,416 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/26 09:57:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 20:11:26 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mark Cockram.job
[2010/10/25 17:19:20 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/25 16:59:41 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/10/25 16:58:38 | 000,001,854 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/19 13:21:40 | 000,021,504 | ---- | M] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:58:55 | 000,029,696 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:58:07 | 000,202,752 | ---- | M] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam

========== Files Created - No Company Name ==========

[2010/11/12 17:13:40 | 000,010,618 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Click Here.docx
[2010/11/11 00:11:28 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 00:07:22 | 000,000,817 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\SpywareBlaster.lnk
[2010/11/10 23:07:04 | 000,000,807 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\Puran Defrag.lnk
[2010/11/10 18:51:22 | 298,735,957 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/08 18:51:42 | 002,204,946 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:50:29 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/08 18:45:36 | 000,507,360 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:53 | 000,083,456 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:15 | 000,022,514 | ---- | C] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/08 12:41:49 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:20:13 | 004,390,912 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:20:13 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:20:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | C] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:02 | 000,012,781 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:11:33 | 000,023,040 | ---- | C] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 09:57:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 17:19:20 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/19 13:16:31 | 000,021,504 | ---- | C] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:59:45 | 000,828,416 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/19 12:47:39 | 000,029,696 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:42:59 | 000,202,752 | ---- | C] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam
[2010/05/05 08:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2009/10/20 17:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 12:01:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/02/15 11:15:44 | 000,000,033 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.log
[2009/02/15 11:14:26 | 000,007,887 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.cat
[2009/02/15 11:14:26 | 000,001,144 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.inf
[2009/01/22 13:36:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Converter.dll
[2008/09/23 11:36:43 | 000,000,680 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\d3d9caps.dat
[2008/09/17 14:58:18 | 000,000,272 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\wklnhst.dat
[2008/04/24 09:00:31 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agi1600.dll
[2008/04/24 09:00:30 | 001,777,664 | R--- | C] () -- C:\Windows\System32\zhp1600r.dll
[2008/04/24 09:00:29 | 000,114,688 | R--- | C] () -- C:\Windows\System32\VSHP1600.dll
[2008/03/26 18:40:40 | 000,008,192 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/10 12:49:37 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/10 12:49:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/10/10 12:49:37 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/10 12:49:34 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/10 12:46:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/10 12:45:13 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/10/10 12:45:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/10/10 12:45:13 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/10/10 12:45:13 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/07/10 14:38:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/07/10 14:34:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/07/10 14:34:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/07/10 14:34:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/07/10 14:34:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/04/13 16:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/03/18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Affilorama
[2008/09/11 15:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/12 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Desktop Spider
[2008/03/26 18:13:09 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DesktopSMS
[2010/04/01 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/01/14 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Feedreader
[2010/11/13 10:19:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\IBP
[2010/11/10 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Laqyca
[2009/12/23 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Living Tree Software
[2008/09/19 10:51:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2008/10/08 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Nvu
[2010/11/10 13:01:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Orycu
[2009/06/16 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\SmartDraw
[2009/02/12 15:25:12 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Spider
[2008/09/22 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Template
[2010/11/08 12:16:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Toshiba
[2010/11/08 14:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/07 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Vso
[2010/11/13 16:58:27 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/11/13 16:57:10 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/13 16:58:30 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job
[2010/11/13 17:15:10 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 224 bytes -> C:\Windows\System32\msln.exe:065033f1b1dab9e6d34ae078dca30664
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#27
crawfordsparky
Posted 13 November 2010 - 11:31 AM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy'

Just Had The Same Trojan.ByteVerify Come Up Again

Soory To Trouble You Again

Kind Regards

Crawfordsparky :D
  • 0

#28
Essexboy
Posted 13 November 2010 - 12:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run MBAM then run Javara to remove all older versions. This malware only works with the older versions of Java

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

THEN

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

  • 0

#29
crawfordsparky
Posted 13 November 2010 - 01:20 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks for your help

Have downloaded and tried all the items, but no change, my Firewall is still showing Trojan.byteverify

Here is the log from Malwarebyte showing no infections

Let me know your thoughts

Kind regards

Crawfordeparky
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5108

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13/11/2010 18:49:49
mbam-log-2010-11-13 (18-49-49).txt

Scan type: Quick scan
Objects scanned: 142797
Time elapsed: 12 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#30
Essexboy
Posted 13 November 2010 - 02:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it an outbound or inbound connection ?

Could you get a screenshot of the warning ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP