Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by crawfordsparky , Nov 08 2010 09:52 AM

  • This topic is locked This topic is locked

#31
crawfordsparky
Posted 13 November 2010 - 02:52 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks For Coming Back To Me

The Messages I am Recieving are as Follows:



First Message:(Symantec) "Reported by Norton Anti Virus" Auto protect as detected Trojan.byteverify Has a Security Risk

Second Message:(Symantec )"Reported by Norton Anti Virus" Auto Protect Activity is Complete, You Computer is Secure

These 2 Messages Come Up Continually every 1-2 Minutes

Can not Seem To Tell if This Is Inbound Or Outbound Connection


Let Me Know Your Thoughts

Kind Regards

Crawfordsparky
  • 0

Advertisements

#32
Essexboy
Posted 13 November 2010 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Weird as Norton is supposed to remove this completely

OK drastic measures time

Do you still have the Java 1.6.0_22 install file on your desktop ?

If so download and install Revo Uninstaller

Run Revo and select Uninstall Java

Revo will allow the the inbuilt installer to remove the programme

Then it will search for all remaining elements of Java

Select and remove these

Reboot your system and ensure that you are not getting any more alerts

If you are then come back and I will do a seek and destroy

If not then re-install the lates Java
  • 0

#33
crawfordsparky
Posted 14 November 2010 - 06:33 AM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks for The Information

I Have Carried Out All The Requirements as Per Your Previous Post, But I am Still Getting The Same Alerts!!

I Have download and installed Revo Uninstaller

I Have Ran Revo and select Uninstall Java

I Have Removed all remaining elements of Java

Rebooted system

Re-install the latest Java

Let me Know Your Thoughts

Kind Regards

Crawfordsparky
  • 0

#34
Essexboy
Posted 14 November 2010 - 09:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you update Norton and run a full system scan - as this is a tad curious. Byte verify is in the java cache and will not affect any of the latest Javas - Uninstalling and re-installing should have killed it, also none of my other scans found this

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#35
crawfordsparky
Posted 14 November 2010 - 11:19 AM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks for coming back to me

I have updated Norton Anti Virus, And run a Full Scan (No Virus Detected)

I then Ran MalwareByte (No Virus Detected)

I then ran Spy blaster (No Virus Detected)

I Have UninStalled Java Again and cleaned all java files

During all These Scans The Alerts Have been continual

Today I have Had Over 100 Alerts fron Symantec re Trojon.byteverify

I have not as yet Reinstalled Java


Let Me Know Your Thoughts

Thank you once again for Helping

Kind Regards

Crawfordsparky
  • 0

#36
Essexboy
Posted 14 November 2010 - 11:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go on a search and destroy mission

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: 
    :folderfind 
*Java*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#37
crawfordsparky
Posted 14 November 2010 - 12:05 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks For Your Help

Here Are The Log Results:

SystemLook 04.09.10 by jpshortstuff
Log created at 17:58 on 14/11/2010 by Mark Cockram
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Java* "
C:\Program Files\Adobe\Reader 9.0\Reader\Javascripts d------ [10:44 08/11/2010]
C:\Program Files\Common Files\Java d------ [15:22 13/04/2007]
C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.resources d------ [18:59 26/04/2010]
C:\ProgramData\Sun\Java d------ [09:15 23/04/2010]
C:\ProgramData\Sun\Java\Java Update d------ [09:15 23/04/2010]
C:\Users\All Users\Sun\Java d------ [09:15 23/04/2010]
C:\Users\All Users\Sun\Java\Java Update d------ [09:15 23/04/2010]
C:\Users\Mark Cockram\AppData\Local\Temp\Temp1_JavaRa.zip d------ [19:10 13/11/2010]
C:\Users\Mark Cockram\AppData\Local\VirtualStore\Windows\Sun\Java d------ [10:49 04/01/2009]
C:\Users\Mark Cockram\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Java™ 6 Update 22-14112010-110925 d------ [11:09 14/11/2010]
C:\Users\Mark Cockram\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Java™ SE Runtime Environment 6-14112010-111400 d------ [11:14 14/11/2010]
C:\Users\Mark Cockram\AppData\LocalLow\Sun\Java d------ [13:30 02/11/2008]
C:\Users\Mark Cockram\AppData\Roaming\Adobe\Acrobat\7.0\JavaScripts d------ [18:12 26/03/2008]
C:\Users\Mark Cockram\AppData\Roaming\Adobe\Acrobat\9.0\JavaScripts d------ [12:12 17/09/2008]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java d------ [09:04 06/04/2009]

-= EOF =-
  • 0

#38
Essexboy
Posted 14 November 2010 - 01:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok lots remain I see - this may be the culprit C:\Program Files\Adobe\Reader 9.0\Reader\Javascripts d------ [10:44 08/11/2010]


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    C:\Program Files\Adobe\Reader 9.0\Reader\Javascripts*
    C:\Program Files\Common Files\Java*
    C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.resources
    C:\ProgramData\Sun
    C:\Users\All Users\Sun
    C:\Users\Mark Cockram\AppData\Local\Temp\Temp1_JavaRa.zip
    C:\Users\Mark Cockram\AppData\Local\VirtualStore\Windows\Sun
    C:\Users\Mark Cockram\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Java™ 6 Update 22-14112010-110925
    C:\Users\Mark Cockram\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Java™ SE Runtime Environment 6-14112010-111400
    C:\Users\Mark Cockram\AppData\LocalLow\Sun\Java*
    C:\Users\Mark Cockram\AppData\Roaming\Adobe\Acrobat\9.0\JavaScripts
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#39
crawfordsparky
Posted 14 November 2010 - 01:43 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks for your help

Here are the Log Results from OTL Quick Scan:

Let me know your thoughts

Kind regards

Crawfordsparky

OTL logfile created on: 14/11/2010 19:26:09 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = c:\users\mark cockram\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 13.14 Gb Free Space | 23.51% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: BUSINESSCOMPUTE | User Name: Mark Cockram | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/13 16:54:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Mark Cockram\Downloads\OTL.exe
PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/09/16 11:26:00 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/09/15 13:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/09/03 10:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/27 06:36:38 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/07/20 19:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/19 14:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 15:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/04/03 15:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 09:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 12:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/09 21:59:00 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 00:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/13 16:54:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Mark Cockram\Downloads\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)
SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/17 12:11:40 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 11:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/03/26 18:45:42 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/13 23:11:00 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 19:40:00 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 21:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 00:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/29 08:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101114.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 08:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101114.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 18:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101029.001\IDSvix86.sys -- (IDSvix86)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/06 21:05:25 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/27 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 08:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/09/13 07:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/09/05 09:36:26 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/27 07:32:30 | 000,188,336 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/30 05:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/06 14:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
DRV - [2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/24 12:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 14:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/18 14:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 21:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/07/28 15:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:3.3.8
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 07:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 10:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010/10/25 17:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins

[2008/09/08 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Extensions
[2010/11/14 16:37:18 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions
[2010/07/24 08:15:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 17:20:43 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/10/22 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\extensions\[email protected]
[2010/11/11 08:00:44 | 000,010,378 | ---- | M] () -- C:\Users\Mark Cockram\AppData\Roaming\Mozilla\Firefox\Profiles\oelezenx.default\searchplugins\mail-online.xml
[2010/11/14 16:16:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 11:58:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/14 19:19:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe File not found
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark Cockram\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 10:55:30 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Local\VS Revo Group
[2010/11/14 10:55:21 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/11/14 10:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/11/13 18:58:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/11/13 18:58:37 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/11/13 18:58:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/11/13 18:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/11/13 16:55:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 00:11:35 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Malwarebytes
[2010/11/11 00:11:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/11 00:11:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/11 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 00:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/11 00:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/11/10 23:07:03 | 000,229,376 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragS.exe
[2010/11/10 23:07:03 | 000,221,184 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDC.exe
[2010/11/10 23:07:03 | 000,212,992 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefrag.dll
[2010/11/10 23:07:03 | 000,107,008 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragBT.exe
[2010/11/10 23:07:02 | 001,110,016 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranFD.exe
[2010/11/10 23:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2010/11/10 22:06:28 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2010/11/10 22:00:08 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/10 19:43:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/10 19:43:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/10 18:51:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/10 18:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/10 13:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/11/10 13:06:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/11/10 13:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/08 18:50:35 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010/11/08 18:50:35 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010/11/08 18:50:34 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/11/08 18:50:34 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/11/08 18:50:31 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/11/08 18:50:31 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/11/08 18:50:19 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/08 18:50:19 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010/11/08 18:50:18 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010/11/08 18:50:15 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\PC Tools
[2010/11/08 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/08 18:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/08 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/08 18:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/11/08 15:01:07 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Desktop\GooredFix Backups
[2010/11/08 14:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\Documents\HostsXpert-1
[2010/11/08 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Local\ElevatedDiagnostics
[2010/11/08 12:23:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/11/08 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/11/08 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/08 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/08 10:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/10/26 09:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/10/25 17:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/25 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/25 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/25 17:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/22 08:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/02/15 11:14:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/14 19:35:22 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job
[2010/11/14 19:29:26 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/14 19:29:26 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/14 19:23:09 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/11/14 19:23:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/14 19:23:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 19:22:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 19:22:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 19:22:45 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 19:19:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/11/14 19:15:36 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2010/11/14 17:57:50 | 000,000,954 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\SystemLook(2) - Shortcut.lnk
[2010/11/14 10:55:22 | 000,000,990 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2010/11/14 10:55:22 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/11/13 11:36:10 | 000,010,618 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Click Here.docx
[2010/11/11 20:56:07 | 000,375,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/11 00:11:28 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 00:07:22 | 000,000,817 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\SpywareBlaster.lnk
[2010/11/10 23:07:04 | 000,000,807 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\Puran Defrag.lnk
[2010/11/10 22:07:18 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2010/11/10 18:51:22 | 298,735,957 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/10 08:14:23 | 002,204,946 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:45:20 | 000,507,360 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:55 | 000,083,456 | ---- | M] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:18 | 000,022,514 | ---- | M] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:51 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:21:11 | 004,390,912 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:21:10 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:21:10 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:04 | 000,012,781 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:17:05 | 000,023,040 | ---- | M] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 18:27:37 | 000,828,416 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/26 09:57:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 20:11:26 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mark Cockram.job
[2010/10/25 17:19:20 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/25 16:59:41 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/10/25 16:58:38 | 000,001,854 | ---- | M] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/19 13:21:40 | 000,021,504 | ---- | M] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:58:55 | 000,029,696 | ---- | M] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:58:07 | 000,202,752 | ---- | M] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam

========== Files Created - No Company Name ==========

[2010/11/14 17:57:50 | 000,000,954 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\SystemLook(2) - Shortcut.lnk
[2010/11/14 10:55:22 | 000,000,990 | ---- | C] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2010/11/14 10:55:22 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/11/13 19:00:47 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2010/11/13 18:58:37 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/11/12 17:13:40 | 000,010,618 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Click Here.docx
[2010/11/11 00:11:28 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 00:07:22 | 000,000,817 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\SpywareBlaster.lnk
[2010/11/10 23:07:04 | 000,000,807 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\Puran Defrag.lnk
[2010/11/10 18:51:22 | 298,735,957 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/08 18:51:42 | 002,204,946 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/11/08 18:45:36 | 000,507,360 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\sdsetup.exe
[2010/11/08 15:46:53 | 000,083,456 | ---- | C] () -- C:\Users\Mark Cockram\Desktop\OTL logfile created on.doc
[2010/11/08 15:45:15 | 000,022,514 | ---- | C] () -- C:\Users\Mark Cockram\Documents\OTL logfile created on.docx
[2010/11/08 14:03:06 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2010/11/08 13:45:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/08 12:41:49 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/11/08 12:20:13 | 004,390,912 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/11/08 12:20:13 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/11/08 12:20:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/11/08 10:44:40 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:20:40 | 000,000,898 | ---- | C] () -- C:\Users\Mark Cockram\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2010/11/08 10:14:02 | 000,012,781 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Champagne Description.docx
[2010/11/07 20:11:33 | 000,023,040 | ---- | C] () -- C:\Users\Mark Cockram\Documents\sunday memories TC homework.doc
[2010/10/26 09:57:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/10/25 17:19:20 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/25 17:14:28 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/19 13:16:31 | 000,021,504 | ---- | C] () -- C:\Users\Mark Cockram\Documents\gift.asam
[2010/10/19 12:59:45 | 000,828,416 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift.msam
[2010/10/19 12:47:39 | 000,029,696 | ---- | C] () -- C:\Users\Mark Cockram\Documents\Finest Gift Store.msam
[2010/10/17 11:42:59 | 000,202,752 | ---- | C] () -- C:\Users\Mark Cockram\Documents\buy gifts.msam
[2010/05/05 08:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2009/10/20 17:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 12:01:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/02/15 11:15:44 | 000,000,033 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.log
[2009/02/15 11:14:26 | 000,007,887 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.cat
[2009/02/15 11:14:26 | 000,001,144 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\pcouffin.inf
[2009/01/22 13:36:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Converter.dll
[2008/09/23 11:36:43 | 000,000,680 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\d3d9caps.dat
[2008/09/17 14:58:18 | 000,000,272 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Roaming\wklnhst.dat
[2008/04/24 09:00:31 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agi1600.dll
[2008/04/24 09:00:30 | 001,777,664 | R--- | C] () -- C:\Windows\System32\zhp1600r.dll
[2008/04/24 09:00:29 | 000,114,688 | R--- | C] () -- C:\Windows\System32\VSHP1600.dll
[2008/03/26 18:40:40 | 000,008,192 | ---- | C] () -- C:\Users\Mark Cockram\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/10 12:49:37 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/10 12:49:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/10/10 12:49:37 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/10 12:49:34 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/10 12:46:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/10 12:45:13 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/10/10 12:45:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/10/10 12:45:13 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/10/10 12:45:13 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/07/10 14:38:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/07/10 14:34:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/07/10 14:34:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/07/10 14:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/07/10 14:34:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/07/10 14:34:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/04/13 16:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/03/18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Affilorama
[2008/09/11 15:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/12 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Desktop Spider
[2008/03/26 18:13:09 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DesktopSMS
[2010/04/01 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/01/14 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Feedreader
[2010/11/13 10:19:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\IBP
[2010/11/10 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Laqyca
[2009/12/23 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Living Tree Software
[2008/09/19 10:51:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2008/10/08 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Nvu
[2010/11/10 13:01:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Orycu
[2009/06/16 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\SmartDraw
[2009/02/12 15:25:12 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Spider
[2008/09/22 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Template
[2010/11/08 12:16:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Toshiba
[2010/11/08 14:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Uniblue
[2010/11/07 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Mark Cockram\AppData\Roaming\Vso
[2010/11/14 19:23:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/11/14 19:15:36 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2010/11/14 19:20:47 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/14 19:23:09 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job
[2010/11/14 19:35:22 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5376519B-D2F3-40F8-9047-FB66902F06E0}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 224 bytes -> C:\Windows\System32\msln.exe:065033f1b1dab9e6d34ae078dca30664
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#40
crawfordsparky
Posted 14 November 2010 - 02:47 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Further to my last post and the log from OTL

I am still getting the same alerts

Look forward to hearing from you

Kind regards

Crawfordsparky
  • 0

Advertisements

#41
Essexboy
Posted 14 November 2010 - 03:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go to this location and post the last log file from there

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs


  • 0

#42
crawfordsparky
Posted 14 November 2010 - 03:44 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks for coming back to me

Not sure how to go about your last task

Can you advise please

Kind regards

Crawfordsparky
  • 0

#43
Essexboy
Posted 14 November 2010 - 03:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
|That is where the logs for Norton are kept - this will then tell me what file is giving the alert

Using windows explorer navigate to the folder
Documents and settings

And then click each folder name as described until you get to the logs
  • 0

#44
crawfordsparky
Posted 14 November 2010 - 04:08 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks For Your Help

I Can Not Seem To Get Past Windows Explorer C:\Documents and Settings, there is no apparent Document to open "all users"

Can you advise what I am doing wrong please

Thank you for your patience

Kind regards

Crawfordsparky
  • 0

#45
crawfordsparky
Posted 14 November 2010 - 04:13 PM

crawfordsparky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi EssexBoy,

Thanks For Your Help

I Can Not Seem To Get Past Windows Explorer C:\Documents and Settings, there is no apparent Document to open "all users"

Can you advise what I am doing wrong please

Thank you for your patience

Kind regards

Crawfordsparky
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP